Senior Privacy Specialist

Customers trust the Alation Data Intelligence Platform for self-service analytics, cloud transformation, data governance, and AI-ready data, fostering data-driven innovation at scale. With more than $340M in funding – valued at over $1.7 billion and nearly 600 customers, including 40% of the Fortune 100 — Alation helps organizations realize value from data and AI initiatives.

Alation has been recognized in 2024 as one of Inc. Magazine's Best Workplaces for the fifth time, a testament to our commitment to creating an inclusive, innovative, and collaborative environment. 

Collaboration is at the forefront of everything we do. We strive to bring diverse perspectives together and empower each team member to contribute their unique strengths to live out our values each day. These are: Move the Ball, Build for the Long Term, Listen Like You’re Wrong, and Measure Through Customer Impact. 

Joining Alation means being part of a fast-paced, high-growth company where every voice matters, and where we’re shaping the future of data intelligence with AI-ready data. 

Join us on our journey to build a world where data culture thrives and curiosity is celebrated each day!

Job Description:

Alation is seeking a detail-oriented and experienced senior privacy professional who will play a pivotal role in ensuring the company’s privacy strategy is robust, compliant, and aligned with industry best practices. This role will drive the implementation of ISO 27018, manage the existing ISO 27701 certification, and build and lead the development of the company's privacy program to ensure compliance with GDPR, CCPA, and CPRA. This role requires deep expertise in privacy regulations, SaaS environments, and cloud-based systems.

You will collaborate with cross-functional teams, including Legal, Security, IT, Product, Engineering, and Marketing, to assess, implement, and maintain privacy controls across our platforms and operations.

What You’ll Do:

ISO 27018 Implementation:

• Lead the implementation of ISO 27018:2019 standard, ensuring that privacy controls are integrated within the Information Security Management System (ISMS).

• Collaborate with the relevant teams to identify, mitigate, and monitor privacy risks.

• Provide guidance to internal stakeholders to ensure adherence to privacy-related requirements under ISO 27018.

ISO 27701 Certification Management:

• Oversee the maintenance and continuous improvement of the company’s ISO 27701 certification.

• Manage internal and external audits, ensuring compliance with ISO 27701’s information security management practices.

• Develop and implement corrective actions based on audit findings and security assessments.

Privacy Program Development & Management:

• Build and mature the company’s privacy program to ensure compliance with global privacy laws, including GDPR, CCPA, and CPRA.

• Lead and manage data privacy impact assessments (DPIAs) for new projects, products, and services.

• Advise the company on best practices related to data retention, user consent management, data breach notification, and privacy by design.

Global Privacy Compliance:

• Ensure compliance with GDPR, CCPA, and CPRA requirements, as well as other emerging privacy regulations across key markets.

• Monitor regulatory developments and provide proactive recommendations for compliance adjustments.

• Design, develop, and implement company-wide privacy policies and procedures to ensure compliance across the business.

Cross-Functional Collaboration & Training:

• Work closely with legal, product, security, and engineering teams to integrate privacy and security controls into product development cycles.

• Lead privacy awareness and training programs for employees, ensuring alignment with evolving privacy laws and company policy.

Third-Party Risk Management:

• Conduct privacy assessments and manage third-party privacy and data protection risk, ensuring vendors comply with privacy standards and contractual obligations.

• Work with legal and procurement teams to draft privacy and data protection provisions in vendor contracts.

Incident Response & Breach Management:

• Lead the company’s response to data breaches or privacy incidents, including notifications to regulators and affected individuals as necessary.

• Maintain breach documentation and assess root causes to mitigate future risks.

What You Need:

Education & Certifications:

• Bachelor’s or Master’s degree in Law, Information Security, Privacy, or a related field.

• Relevant certifications such as CIPP/E, CIPM, ISO 27001 Lead Implementer, or similar privacy/security certifications are preferred.

Experience:

• 5-7 years of experience in privacy compliance, focusing on SaaS, cloud-based environments, and international privacy laws.

• Proven experience driving ISO 27018 implementation and managing ISO 27701 certification.

• In-depth knowledge of GDPR, CCPA, CPRA, and other global data protection laws.

• Strong understanding of privacy practices in a cloud-based, SaaS environment and experience implementing privacy programs for such platforms.

• Experience in managing third-party privacy risk and contract negotiations.

• Prior experience in incident response, including handling data breach notifications and regulatory reporting.

• Experience in working within a fast-moving startup environment, with the ability to right-size the privacy program according to business needs.

• Proven ability to drive initial buy-in and ongoing engagement from stakeholders who may have varying levels of familiarity with privacy requirements.

• Demonstrated flexibility in balancing an ideal privacy posture with practical implementation for a budget-conscious organization.

• Hands-on experience with OneTrust for cookie consent management is highly desirable.

Skills:

• Strong knowledge of privacy frameworks, risk management, and compliance processes.

• Excellent project management skills, with the ability to manage multiple priorities in a fast-paced environment.

• Strong communication and interpersonal skills, with the ability to influence and engage stakeholders at all levels.

• Ability to analyze complex privacy challenges and provide clear, actionable recommendations.

Preferred:

• Experience in a global, high-growth SaaS or tech company.

• Familiarity with cloud platforms (AWS, Azure, GCP) and their data security/privacy implications.

• Expertise in privacy technology solutions and tools for consent management, data mapping, and DPIA, like OneTrust.

• Experience in working with legal teams on data protection contracts and privacy terms.

#LI-JD1

Alation, Inc. is an Equal Employment Opportunity employer. All qualified applicants will receive consideration for employment without regards to that individual’s race, color, religion or creed, national origin or ancestry, sex (including pregnancy), sexual orientation, gender identity, age, physical or mental disability, veteran status, genetic information, ethnicity, citizenship, or any other characteristic protected by law.                                   
 

The Company will strive to provide reasonable accommodations to permit qualified applicants who have a need for an accommodation to participate in the hiring process (e.g., accommodations for a job interview) if so requested.  
 

This company participates in E-Verify. Click on any of the links below to view or print the full poster. E-Verify and Right to Work.