Senior GRC Analyst, Privacy

Posted Yesterday
Be an Early Applicant
2 Locations
Hybrid
Senior level
Software
The Role
Lead design and operationalization of a multi-jurisdictional privacy program (GDPR, CPRA, PIPEDA, CASL, etc.). Maintain ROPAs, DSAR workflows, DPIAs, and subprocessor governance. Advise Legal, Security, Product, and Engineering on privacy by design, support DPO operations, review DPAs and data transfer mechanisms, maintain GRC tooling (OneTrust/Hyperproof), deliver executive reporting, and design privacy training and awareness programs.
Summary Generated by Built In
Meet Benevity

Benevity is the way the world does good, providing companies (and their employees) with technology to take social action on the issues they care about. Through giving, volunteering, grantmaking, employee resource groups and micro-actions, we help most of the Fortune 100 brands build better cultures and use their power for good. We’re also one of the first B Corporations in Canada, meaning we’re as committed to purpose as we are to profits. We have people working all over the world, including Canada, Spain, Switzerland, the United Kingdom, the United States and more!

Benevity is seeking a Sr. GRC Analyst, Privacy to anchor and advance our data protection program across a complex, multi-jurisdictional regulatory landscape. In this role, you will own the design, operationalization, and continuous maturity of Benevity’s privacy compliance program, spanning GDPR, UK-GDPR, CPRA, PIPEDA, CASL, and emerging global frameworks. You will build the foundational infrastructure that keeps Benevity accountable to its regulatory obligations: Records of Processing Activities, Data Subject Access Request workflows, Data Protection Impact Assessments, and subprocessor governance, ensuring the program is not only defensible to regulators but scalable as Benevity grows.

As a trusted privacy advisor embedded across cross-functional teams, you will work closely with Legal, Security, Engineering, Product, and Data Governance to embed Privacy by Design into the business. You will support the DPO operational function, partner on Data Processing Agreement reviews, and translate complex privacy requirements into practical, business-aligned controls. Your work will directly protect Benevity’s clients, employees, and the communities they serve, and ensure that trust remains a core competitive advantage.

What you’ll do:

Privacy Program & Governance

  • Own and maintain Benevity’s Records of Processing Activities (ROPA) under both controller and processor regimes, ensuring compliance with GDPR Article 30 and equivalent requirements across applicable jurisdictions.

  • Develop and maintain privacy policies, notices, standards, and control frameworks aligned with GDPR, UK-GDPR, CPRA/CCPA, PIPEDA, CASL, and emerging global laws (AU Privacy Act, India DPDP, Swiss FADP, and others).

  • Support privacy policy approval, exception management, and attestation processes, actively seeking opportunities for process improvement and automation.

Data Subject Rights & DSAR

  • Build and manage DSAR intake, triage, and response workflows in compliance with statutory deadlines (30 days under GDPR; 45 days under CPRA), including coordination with business and legal stakeholders.

  • Maintain and refresh the subprocessor listing in alignment with client Data Processing Agreement commitments and GDPR Article 28 obligations.

Data Protection Impact & Risk

  • Design, operationalize, and continuously improve the Data Protection Impact Assessment (DPIA) process; embed DPIA requirements into product, data, and business initiative workflows.

  • Support the DPO operational function, including regulatory correspondence readiness, breach notification preparedness, and supervisory authority interface support in coordination with Legal.

  • Partner with Security, Engineering, Product, Legal, and Data Governance teams to embed privacy by design and by default into key business initiatives.

Regulatory Compliance & Monitoring

  • Review and support the negotiation of Data Processing Agreements and data transfer mechanisms (SCCs, UK IDTAs) in collaboration with Legal.

  • Monitor the global privacy regulatory landscape and assess the impact of new and evolving requirements on Benevity’s operations and client commitments.

  • Support multi-entity privacy obligations across Benevity’s partner ecosystem, including jurisdiction-specific compliance requirements and data processing documentation.

Tooling & Operational Delivery

  • Maintain and enhance privacy workflows in GRC platforms (e.g., OneTrust Privacy module) to automate and streamline compliance operations at scale.

  • Deliver executive-ready privacy reports, risk insights, and dashboards to inform leadership decision-making.

  • Leverage AI tools and automation as a force multiplier, accelerating DSAR triage, regulatory horizon scanning, policy drafting, and evidence workflows to scale program output without scaling headcount.

Advisory & Awareness

  • Design and deliver privacy awareness and training programs to build a culture of data protection across Benevity.

  • Serve as a cross-functional privacy advisor, partnering with teams across the organization to embed privacy requirements into products, services, and operational decisions.

What you’ll bring:

  • 5+ years of experience in privacy, data protection, GRC, or a closely related field, ideally within a SaaS or high-growth technology environment.

  • Deep, practical knowledge of global privacy frameworks, including GDPR, UK-GDPR, CPRA/CCPA, PIPEDA, and CASL, with working familiarity of emerging regimes (India DPDP, Swiss FADP, AU Privacy Act reforms).

  • Hands-on experience building and maintaining ROPAs under both controller and processor regimes, managing DSAR workflows, conducting DPIAs, and maintaining subprocessor inventories.

  • Experience supporting or operating within a DPO function, including regulatory interface and breach notification processes.

  • Proven ability to review and support the negotiation of Data Processing Agreements and data transfer mechanisms in collaboration with Legal.

  • Hands-on experience with privacy or GRC tooling (e.g., OneTrust Privacy module, Hyperproof, or equivalent) to operationalize compliance workflows at scale.

  • Ability to communicate complex privacy and regulatory concepts clearly to technical, legal, and business audiences.

  • A demonstrated interest and track record in leveraging AI and automation as a force multiplier, streamlining privacy operations, accelerating routine workflows, and expanding program capacity without proportional headcount growth.

  • Certifications such as CIPP/E, CIPP/US, or CIPM are highly valued; CIPT, CISM, or CRISC are also welcomed.

Discover your purpose at work

We’re not employees, we’re Benevity-ites. From all locations, backgrounds and walks of life, who deserve more …

Innovative work. Growth opportunities. Caring co-workers. And a chance to do work that fills us with a sense of purpose.

If the idea of working on tech that helps people do good in the world lights you up ... If you want a career where you’re valued for who you are and challenged to see who you can become …

It’s time to join Benevity. We’re so excited to meet you.

Where We Work

At Benevity, we embrace a flexible hybrid approach to where we work that empowers our people in a way that supports great work, strong relationships, and personal well-being. For those located near one of our offices, while there’s no set requirement for in-office time, we do value the moments when coming together in person helps us build connection and collaboration. Whether it’s for onboarding, project work, or a chance to align and bond as a team, we trust our people to make thoughtful decisions about when showing up in person matters most.

Join a company where DEIB isn’t a buzzword

Diversity, equity, inclusion and belonging are part of Benevity’s DNA. You’ll see the impact of our massive investment in DEIB daily — from our well-supported employee resources groups to the exceptional diversity on our leadership and tech teams.

We know that diverse backgrounds, experiences, skills and passions are what move our business and our people forward, so we're committed to creating a culture of belonging with equal opportunities for everyone to shine.

That starts with a fair and accessible hiring process. If you want to feel seen, heard and celebrated, you belong at Benevity.

Candidates with disabilities who may require accommodations throughout the hiring or assessment process are encouraged to reach out to [email protected].

Skills Required

  • 5+ years of experience in privacy, data protection, GRC, or closely related field
  • Deep practical knowledge of GDPR, UK-GDPR, CPRA/CCPA, PIPEDA, and CASL with familiarity of emerging regimes (India DPDP, Swiss FADP, AU Privacy Act)
  • Hands-on experience building and maintaining Records of Processing Activities (ROPA) under controller and processor regimes
  • Experience managing DSAR intake, triage, and response workflows and meeting statutory deadlines
  • Experience designing, operationalizing, and improving Data Protection Impact Assessment (DPIA) processes
  • Experience maintaining subprocessor inventories and subprocessor governance aligned with GDPR Article 28
  • Experience supporting or operating within a DPO function, including regulatory correspondence and breach notification processes
  • Proven ability to review and support negotiation of Data Processing Agreements and data transfer mechanisms (SCCs, UK IDTAs) with Legal
  • Hands-on experience with privacy or GRC tooling (e.g., OneTrust Privacy module, Hyperproof, or equivalent)
  • Ability to communicate complex privacy and regulatory concepts clearly to technical, legal, and business audiences
  • Demonstrated interest and track record in leveraging AI and automation to streamline privacy operations
  • Experience in SaaS or high-growth technology environments (ideal)
  • Certifications such as CIPP/E, CIPP/US, CIPM (highly valued); CIPT, CISM, or CRISC welcomed
Am I A Good Fit?
beta
Get Personalized Job Insights.
Our AI-powered fit analysis compares your resume with a job listing so you know if your skills & experience align.

The Company
HQ: Calgary, Alberta
818 Employees
Year Founded: 2008

What We Do

Benevity is the global social impact software with an all-in-one platform for corporate grantmaking, volunteering, giving, micro-actions and employee resource groups. A certified B Corporation and recognized in Fortune's Impact 20, we empower iconic brands to attract, retain and engage diverse workforces, embed social action in customer experiences, support communities and understand their impact in the world. Since our inception, Benevity has helped businesses around the world donate over $14 billion, track 72 million volunteer hours and support communities with over $19 billion in grants

Similar Jobs

Tapestry - Coach and Kate Spade Logo Tapestry - Coach and Kate Spade

Assistant Store Leader

eCommerce • Fashion • Retail • Sales • Wearables • Design
Hybrid
Rocky View County, AB, CAN
16000 Employees
25K-31K Hourly

Zapier Logo Zapier

Automation Strategist, Customer Success

Artificial Intelligence • Productivity • Software • Automation
In-Office or Remote
3 Locations
800 Employees
119K-238K Annually

Inspiren Logo Inspiren

Senior Data Scientist

Artificial Intelligence • Hardware • Healthtech • Software
Easy Apply
In-Office or Remote
3 Locations
150 Employees
170K-200K Annually

Samsara Logo Samsara

Sr. Data Ops Engineer

Artificial Intelligence • Cloud • Computer Vision • Hardware • Internet of Things • Software
Easy Apply
Remote or Hybrid
Canada
4000 Employees
113K-146K Annually

Similar Companies Hiring

Hanover Park Thumbnail
Artificial Intelligence • Fintech • Software • Financial Services
New York, New York
42 Employees
Kepler  Thumbnail
Fintech • Software
New York, New York
6 Employees
Onshore Thumbnail
Artificial Intelligence • Fintech • Software • Financial Services
New York, New York
60 Employees

Sign up now Access later

Create Free Account

Please log in or sign up to report this job.

Create Free Account