Manager, Privacy & Compliance

This is a fully remote position, open to applicants in Canada.

📋 Description

• Oversee the daily operations and ongoing enhancement of atVenu’s privacy compliance program, which includes the upkeep of privacy policies and internal standards.

• Advocate for privacy requirements throughout new business initiatives from inception to execution, facilitating engagement with cross-functional stakeholders to ensure early identification and integration of privacy considerations.

• Execute and supervise Data Protection Impact Assessments (DPIAs) for new products, features, integrations, and third-party service providers.

• Act as the company's subject matter expert on GDPR, CCPA/CPRA, PIPEDA, and emerging privacy regulations, offering practical, risk-based advice to both business and technical teams.

• Collaborate with the Legal team to review and negotiate data processing agreements (DPAs), vendor contracts, and other agreements that involve privacy concerns.

• Oversee and maintain atVenu’s OneTrust Cookie Consent implementation, ensuring it remains aligned with current data flows and regulatory requirements.

• Examine customer agreements and data-related contractual obligations to ascertain permitted and restricted uses of customer data, collaborating with Legal and Operations to ensure these obligations are understood and operationalized throughout the organization.

• Monitor ongoing data practices to ensure that customer data is utilized in a manner consistent with contractual commitments, identifying and addressing gaps as they arise.

• Partner with Engineering and Product teams to integrate privacy-by-design principles into the development lifecycle.

• Manage and address data subject access requests (DSARs) and privacy inquiries promptly and in compliance with regulations.

• Lead the privacy workstream during incidents, which includes conducting privacy impact assessments, managing regulatory notifications, and coordinating communication with affected individuals when necessary.

• Evaluate the privacy implications of AI and machine learning systems at all stages, from assessing third-party tools prior to adoption to reviewing internally developed models from design through deployment, ensuring data usage is lawful, transparent, and aligned with regulatory and contractual expectations.

• Keep abreast of the evolving regulatory landscape and evaluate the impact of new or amended privacy laws on atVenu’s operations.

• Foster a lasting culture of privacy awareness by designing and delivering training, creating practical guidance, and serving as a trusted resource for teams navigating privacy-related queries in their work.

⛳️ Requirements

• A minimum of 8 years of practical privacy compliance experience, preferably in a B2B SaaS, fintech, or payments setting.

• Extensive, hands-on knowledge of GDPR, CCPA/CPRA, and PIPEDA, particularly regarding their application to transaction data and third-party data sharing.

• Demonstrated experience in conducting DPIAs and translating their outcomes into actionable risk mitigations.

• Proficiency in reviewing and negotiating data processing agreements and vendor contracts that involve privacy implications to ensure compliance with standards.

• Strong project management capabilities, with a proven ability to take ownership of a program, prioritize tasks, and drive initiatives to completion with minimal supervision.

• Experience in assessing privacy and compliance risks associated with AI and machine learning systems, including evaluating third-party AI tools and contributing to internal governance frameworks.

• Knowledge of information security principles and the intersection of privacy and security controls (e.g., access management, data minimization, retention, incident response).

• Experience in reviewing commercial contracts or data agreements with a focus on data use restrictions and obligations, and the ability to translate those requirements into practical operational guidance.

• Excellent communication skills, with the ability to simplify complex regulatory requirements into clear, actionable guidance for both technical and non-technical stakeholders.

• Ability to thrive in a lean, fast-paced organization where processes are still evolving and ambiguity is a regular part of the job.

• A pragmatic and collaborative approach that balances rigor with business realities, coupled with the ability to drive results through influence rather than direct authority.

🏝️ Benefits

• Comprehensive health and wellness benefits.

• Opportunities for professional development and career advancement.

• Flexible working arrangements to support work-life balance.

• A dynamic and inclusive company culture.