AI Data Security & Privacy Engineer

About your role

Rocket Lawyers customer data is the companys most important asset and we need to continue maintaining the security and privacy of this data to ensure delighted customers and a successful business. As a seasoned data security and privacy engineer you will play a critical role in designing building and scaling the systems processes and controls that protect the company and our users data and ensure trust in our products. Working as part of the Security team you will partner closely with Engineering Legal and cross-functional stakeholders to embed privacy-by-design principles into our infrastructure and translate regulatory requirements into scalable technical solutions. Youll bring to the role a passion for architecting and operating a secure data storage system.

This is a hands-on role for a senior individual contributor who thrives at the intersection of security privacy and data infrastructure. You will shape how we discover classify and protect information lead privacy risk mitigation efforts and help evolve our data security capabilities as the company grows and our AI product flourishes. The ideal candidate will be a seasoned data security and privacy expert with exposure to AI-integrated systems to understand the complexities of data security as it relates to AI.

How you will make a difference day to day

Data Discovery Classification and Mapping

• Design and implement data classification and handling frameworks to provide appropriate protection throughout the data lifecycle.

• Build and maintain comprehensive data inventories and data flow maps identifying where data resides and how it is processed across systems.

• Collaborate with Engineering teams to apply appropriate controls at every point in the data pipeline.

• Understand the need for encryption implement it where possible and implement all appropriate safeguards to ensure keys are both kept secure and available to prevent data exfiltration and loss.

Privacy by Design and Technical Enablement

• Partner with Engineering Legal Product IT and other cross-functional stakeholders to design and embed privacy and data protection principles across the entire organization from product development to operations.

• Partner with Stakeholders to translate legal and regulatory obligations into actionable technical requirements policies and controls.

• Develop privacy-enhancing capabilities such as data minimisation anonymisation and access-control frameworks that scale with our infrastructure.

• Work with AI teams to ensure that architectural designs are reviewed and threat modeled to minimize data privacy risk.

Risk Assessment Monitoring and Compliance Execution

• Conduct technical risk assessments of internal and third-party systems and applications to identify evaluate and mitigate privacy and data security risks including vulnerabilities misuse and compliance gaps.

• Contribute to Data Protection Impact Assessments (DPIAs) by assessing the technical and security implications of new processing activities.

• Partner with Legal to transform evolving regulatory frameworks (e.g. SOC2 GDPR CCPA NIST ISO) into secure scalable engineering solutions that drive compliance and build user trust.

Incident Response and Breach Management

• Support and coordinate the companys technical response to data breaches or security incidents including those impacting personal information (Incidents) enabling timely investigation effective mitigation and root-cause analysis.

• Design and implement processes and tooling to detect investigate and remediate data security incidents in compliance with applicable laws.

Privacy Automation and Process Enablement

• Partner with Stakeholders to design and implement automated workflows and tools to streamline privacy operations including data subject rights requests and data deletion workflows.

• Deploy and manage data loss prevention (DLP) capabilities across endpoints applications and infrastructure to prevent unauthorised disclosure of sensitive data.

• Implement continuous auditing monitoring and alerting to track compliance posture and surface security and operational privacy risks proactively.

Cross-Functional Collaboration and Enablement

• Act as a trusted advisor to Stakeholders on the technical implementation of privacy and security controls.

• Provide strategic input on product design decisions and architectural choices to enable alignment with privacy and security best practices.

• Partner with cross-functional teams to develop and execute vendor risk assessments as they relate to data security establishing processes that address technical security and privacy requirements across the entire vendor lifecycle.

Aditional Responsibilities

• Collaborate with Legal on technical aspects of contractual reviews with enterprise customers partners vendors and other third parties.

• Assist with answering vendor security questionnaires as they relate to Rocket Lawyers privacy and data-handling policies.

• Contribute to the development of internal policies standards and procedures based on technical best practices.

What youll need

• 5 years of hands-on experience in information security privacy engineering or related roles.

• Strong understanding of global data protection laws and regulations (e.g. GDPR CCPA) and their technical implications.

• Proven experience in incident response data protection engineering and risk assessments.

• Familiarity with data classification mapping and governance methodologies.

• Experience with at least one software data classification technology such as a DSPM.

• Experience with DLP technologies and implementing privacy workflows and automation.

• Familiarity with workflow automation tools and ticketing systems (e.g. Jira ServiceNow).

• Experience in using third-party privacy automation tooling is a plus.

• Strong analytical problem-solving and communication skills with the ability to work effectively across cross-functional teams.

• Industry certifications (e.g. CISSP CISA CISM) are a plus.

Not sure if you meet all the qualifications Apply anyway! We value diverse experiences and encourage you to bring your unique talents to our team!

Benefits & Perks

• Comprehensive health plans (including Medical Dental and Vision insurance for full-time employees)
• Unlimited PTO
• Competitive salary packages
• Life insurance
• Disability benefits
• Supplemental Optional Life Insurance Benefits
• FSA Options Optional
• HSA with Company Match
• 401k program with Company Match
• Wellhub & ClassPass fitness platforms
• Comprehensive Pet Insurance options
• Financial Wellbeing & Student Loan Program access
• Access to additional Mental Health & Wellbeing resources
• Pre-tax Commuter/Transit Benefits
• Free Rocket Lawyer account with online access to an extensive legal documents library and brilliant licensed attorneys at discounted rates.

Interview Process

• Recruiter Phone Screen
• Role Assessment(s)
• Hiring Manager Interview
• Panel Interviews
• Final Interview

By applying for this position your data will be processed as per Rocket Lawyer.