Privacy Program Manager

This is a fully remote position, open to applicants in United States.

📋 Description

• Lead the governance of PlayOn's privacy program, encompassing CCPA, COPPA, and relevant state privacy regulations.

• Collaborate with Legal and external privacy counsel to drive compliance remediation initiatives.

• Perform Privacy Impact Assessments (PIAs) for new products, features, and vendor partnerships, identifying genuine risks and facilitating resolutions rather than merely documenting issues.

• Manage Records of Processing Activities (ROPA) along with the organization-wide data inventory; ensure accuracy across all three product platforms.

• Supervise privacy processes, ensuring that all activities comply with program requirements and are completed within set service level agreements (SLA).

• Serve as the subject matter expert for the privacy program in the Data Privacy Council (DPC).

• Update and maintain external privacy policies, internal notices, and guidelines for employee data handling.

• Conduct privacy risk assessments for vendors during onboarding and as part of annual vendor evaluations.

• Aid the GRC program by collecting evidence for compliance reports and audits, such as SOC 2 Type II.

• Manage the response process for security questionnaires related to customer and prospect privacy inquiries.

• Monitor and report on privacy program metrics, outstanding risks, and remediation progress to the Chief Information Security Officer (CISO).

⛳️ Requirements

• 3–5 years of experience in a privacy program at a consumer-focused technology firm — a strong operational background rather than solely policy or legal advisory.

• Proven experience with CCPA compliance.

• Knowledge of COPPA and its practical implications for products aimed at minors or educational institutions.

• Experience in conducting PIAs and privacy risk assessments that lead to actionable outcomes, rather than just documentation.

• Familiarity with data mapping and ROPA methodologies; prior experience building or maintaining a data inventory is essential.

• Comfortable working within a governance and oversight structure — providing guidance and holding partner teams accountable instead of managing every operational process directly.

• Excellent written communication skills: crafting clear privacy notices, precise questionnaire responses, and avoiding marketing jargon.

• Ability to collaborate effectively across Legal, Data Governance, and Engineering teams, each with distinct incentives and terminologies.

• CIPP/US certification or ongoing pursuit of the certification.

• Familiarity with GRC platforms (such as Vanta, Hyperproof, Drata, or similar) — managing evidence workflows and control mappings.

• Knowledge of additional U.S. state privacy laws (including VCDPA, CPA, CTDPA, and others as applicable).

• Preferred operational experience with COPPA for products aimed at students or minors.

• Familiarity with PCI DSS standards is beneficial, as GoFan processes payment data across ticketing products.

🏝️ Benefits

• A variety of medical insurance plans available for selection.

• Dental, vision, life, and disability insurance coverage.

• Employee Emergency Fund support.

• Company equity in the form of stock options.

• Open Paid Time Off (PTO) policy.

• 401K plan with company matching contributions.

• A hybrid and flexible work environment.