Senior Privacy Specialist

Alation is seeking a detail-oriented and experienced senior privacy professional who will play a pivotal role in ensuring the companys privacy strategy is robust, compliant, and aligned with industry best practices. This role will drive the implementation of ISO 27018, manage the existing ISO 27701 certification, and build and lead the development of the companys privacy program to ensure compliance with GDPR, CCPA, and CPRA. This role requires deep expertise in privacy regulations, SaaS environments, and cloud-based systems.

You will collaborate with cross-functional teams, including Legal, Security, IT, Product, Engineering, and Marketing, to assess, implement, and maintain privacy controls across our platforms and operations.

What Youll Do:

ISO 27018 Implementation:

• Lead the implementation of ISO 27018:2019 standard, ensuring that privacy controls are integrated within the Information Security Management System (ISMS).
• Collaborate with the relevant teams to identify, mitigate, and monitor privacy risks.
• Provide guidance to internal stakeholders to ensure adherence to privacy-related requirements under ISO 27018.

ISO 27701 Certification Management:

• Oversee the maintenance and continuous improvement of the companys ISO 27701 certification.
• Manage internal and external audits, ensuring compliance with ISO 27701s information security management practices.
• Develop and implement corrective actions based on audit findings and security assessments.

Privacy Program Development & Management:

• Build and mature the companys privacy program to ensure compliance with global privacy laws, including GDPR, CCPA, and CPRA.
• Lead and manage data privacy impact assessments (DPIAs) for new projects, products, and services.
• Advise the company on best practices related to data retention, user consent management, data breach notification, and privacy by design.

Global Privacy Compliance:

• Ensure compliance with GDPR, CCPA, and CPRA requirements, as well as other emerging privacy regulations across key markets.
• 
  Monitor regulatory developments and provide proactive recommendations for compliance adjustments.
• Design, develop, and implement company-wide privacy policies and procedures to ensure compliance across the business.

Cross-Functional Collaboration & Training:

• Work closely with legal, product, security, and engineering teams to integrate privacy and security controls into product development cycles.
• Lead privacy awareness and training programs for employees, ensuring alignment with evolving privacy laws and company policy.

Third-Party Risk Management:

• Conduct privacy assessments and manage third-party privacy and data protection risk, ensuring vendors comply with privacy standards and contractual obligations.
• Work with legal and procurement teams to draft privacy and data protection provisions in vendor contracts.

Incident Response & Breach Management:

• Lead the companys response to data breaches or privacy incidents, including notifications to regulators and affected individuals as necessary.
• Maintain breach documentation and assess root causes to mitigate future risks.

What You Need:

Education & Certifications:

• Bachelors or Masters degree in Law, Information Security, Privacy, or a related field.
• Relevant certifications such as CIPP/E, CIPM, ISO 27001 Lead Implementer, or similar privacy/security certifications are preferred.

Experience:

• 5-7 years of experience in privacy compliance, focusing on SaaS, cloud-based environments, and international privacy laws.

  Looking to get Placed? Try our Placement Guarantee Plan

  Get Hired
• Proven experience driving ISO 27018 implementation and managing ISO 27701 certification.
• In-depth knowledge of GDPR, CCPA, CPRA, and other global data protection laws.
• Strong understanding of privacy practices in a cloud-based, SaaS environment and experience implementing privacy programs for such platforms.
• Experience in managing third-party privacy risk and contract negotiations.
• Prior experience in incident response, including handling data breach notifications and regulatory reporting.
• Experience in working within a fast-moving startup environment, with the ability to right-size the privacy program according to business needs.
• Proven ability to drive initial buy-in and ongoing engagement from stakeholders who may have varying levels of familiarity with privacy requirements.
• Demonstrated flexibility in balancing an ideal privacy posture with practical implementation for a budget-conscious organization.
• Hands-on experience with OneTrust for cookie consent management is highly desirable.

Skills:

• Strong knowledge of privacy frameworks, risk management, and compliance processes.
• Excellent project management skills, with the ability to manage multiple priorities in a fast-paced environment.
• Strong communication and interpersonal skills, with the ability to influence and engage stakeholders at all levels.
• Ability to analyze complex privacy challenges and provide clear, actionable recommendations.

Preferred:

• Experience in a global, high-growth SaaS or tech company.
• Familiarity with cloud platforms (AWS, Azure, GCP) and their data security/privacy implications.
• Expertise in privacy technology solutions and tools for consent management, data mapping, and DPIA, like OneTrust.
• Experience in working with legal teams on data protection contracts and privacy terms.

#LI-JD1