Manager, Privacy Compliance

About the team and role:

Klaviyos Legal Privacy team is responsible for Klaviyos privacy strategy and for keeping the companys products operations and go-to-market practices aligned with privacy laws and regulations worldwide. The Senior Manager Legal Compliance - Privacy will serve as a senior subject matter expert on privacy compliance across the company partnering with Product Engineering Marketing Security and Customer Experience teams to operationalize privacy requirements in a fast-moving B2C CRM platform environment. Reporting directly to the Sr. Director Legal Privacy this role combines strategic privacy program ownership with hands-on compliance execution covering the full lifecycle of Klaviyos customer data handling across company products and services. The Senior Manager will help drive Klaviyos privacy-by-design culture support compliance with U.S. and international privacy frameworks and contribute to the companys approach to AI governance as Klaviyos AI-powered capabilities continue to grow.

How youll make a difference:

Privacy Program Management

• Own and execute a 612 month privacy compliance work plan aligned with broader Legal and company KPIs identifying opportunities to drive measurable impact.
• Lead compliance readiness efforts for new and evolving U.S. state privacy laws (CCPA/CPRA) FTC requirements and international privacy regulations (GDPR UK Data Protection Act PECR PIPEDA and emerging frameworks).
• Monitor legislative and regulatory developments across jurisdictions assess applicability to Klaviyos products and operationsDevelop maintain and improve privacy policies procedures records of processing activities (RoPAs) and internal documentation to demonstrate compliance with applicable laws.

Privacy by Design and Product Counseling

• Working closely with Product Counsel serve as the primary privacy compliance advisor to Product Engineering and Data teams embedding privacy-by-design principles into Klaviyos product development lifecycle including new features AI/ML capabilities data integrations and platform changes.
• Conduct and oversee privacy impact assessments (PIAs) and data protection impact assessments (DPIAs) for high-risk processing activities new product launches and third-party integrations.

Cross-Functional Partnership and Stakeholder Engagement

• Communicate with key stakeholders cross-functionally to deliver a unified global privacy compliance experience for the business.
• Partner with Security IT and Data Governance teams on controls frameworks data mapping data retention schedules and incident response protocols.
• Support the negotiation and review of data processing agreements (DPAs) and privacy-related contractual terms with vendors partners and enterprise customers.
• Build and leverage strong relationships with leaders and partners across the company to secure buy-in manage issues and drive results on privacy initiatives.

Data Subject Rights and Incident Response

• Oversee processes for data subject rights requests (access deletion correction opt-out) to ensure timely and compliant responses at scale.
• Support privacy incident and data breach response including investigation documentation root-cause analysis remediation and regulatory reporting as needed.

AI Governance

• Contribute to Klaviyos approach to responsible AI governance advising on privacy and data protection considerations for AI-powered features.
• Monitor emerging AI-related privacy regulations and guidance (EU AI Act FTC AI enforcement trends state AI legislation) and assess their applicability to Klaviyos products and services.

Training Reporting and Continuous Improvement

• Design and deliver privacy training and awareness programs tailored to different business functions (Engineering Marketing Customer Support and Success Sales).
• Maintain accountability for key privacy compliance metrics (DSR response times assessment completion rates training completion incident resolution timelines) and report on program performance to senior leadership.
• Proactively engage with external networks (IAPP industry peer groups privacy forums) to stay current on best practices developing trends and solutions to emerging issues.
• Set the standard for resolving urgent compliance issues effectively continuously implementing systematic improvements to reduce recurring issues over time.
• Perform other related duties as assigned.

Who you are:

• You have deep expertise in global data privacy and protection law including GDPR CCPA/CPRA PECR CAN-SPAM and emerging U.S. state privacy statutes with the ability to apply them pragmatically to a technology platform business.
• You are a seasoned professional with a full understanding of privacy compliance as a specialization and can identify organizational risks proactively.
• You are comfortable operating at both strategic and operational levels moving from program roadmap planning to hands-on policy drafting assessment execution and stakeholder advising in the same day.
• You communicate clearly and effectively across functions teaching others how to think about privacy and building a collaborative privacy culture.
• You challenge to ensure excellence can disagree and commit and are able to deliver tough messages to senior internal and external partners when needed.
• You have strong project management skills with a track record of building and executing multi-month work plans across cross-functional teams.
• You are familiar with privacy management tools and technologies (e.g. OneTrust Transcend or similar) GRC platforms and workflow/ticketing systems.
• You bring a technology-forward mindset including comfort with AI/ML concepts and an interest in leveraging automation to improve compliance program efficiency.
• You function well in a high-paced environment and can prioritize tasks and delegate appropriately.
• Proficient with Microsoft Office Suite Google Workspace Slack or related productivity software.

Education and Experience:

• Bachelors degree required; J.D. CIPP/US CIPP/E CIPM or CIPT certification strongly preferred.
• 7 years of experience in privacy data protection compliance or a related legal function with at least 2 years focused on privacy compliance in a technology or SaaS company.
• Experience with privacy compliance in a B2C or direct-to-consumer context including marketing and communications channels (email SMS push) is highly preferred.
• Experience with privacy-by-design reviews DPIAs and data subject rights processes at scale preferred.
• Prior experience at a publicly traded company is a plus.

We use Covey as part of our hiring and / or promotional process. For jobs or candidates in NYC certain features may qualify it as an AEDT. As part of the evaluation process we provide Covey with job requirements and candidate submitted applications. We began using Covey Scout for Inbound on April 3 2025.

Please see the independent bias audit report covering our use of Covey here

Required Experience:

Manager