Senior GRC Analyst

Iterable is the leading AI-powered customer engagement platform that helps leading brands like Redfin SeatGeek Priceline Calm and Box create dynamic individualized experiences at scale. Our platform empowers organizations to activate customer data design seamless cross-channel interactions and optimize engagementall with enterprise-grade security and compliance. Today nearly 1200 brands across 50 countries rely on Iterable to drive growth deepen customer relationships and deliver joyful customer experiences.

Our success is powered by extraordinary people who bring our core valuesTrust Growth Mindset Balance and Humilityto life. We foster a culture of innovation collaboration and inclusion where ideas are valued and individuals are empowered to do their best work. Thats why weve been recognized as one of Incs Best Workplaces and Fastest Growing Companies and were recognized on Forbes list of Americas Best Startup Employers in 2022. Notably Iterable has also been listed on Wealthfronts Career Launching Companies List and has held a top 10 ranking on the Top 25 Companies Where Women Want to Work.

With a global presenceincluding offices in San Francisco New York Denver London and Lisbon plus remote employees worldwidewe are committed to building a diverse and inclusive workplace. We welcome candidates from all backgrounds and encourage you to apply. Learn more about our story and mission on our Culture and About Us pages. Lets shape the future of customer engagement together!

The Role

The Senior GRC Privacy Analyst sits within the Security Governance Risk and Compliance (GRC) team and plays a key role in advancing Iterables privacy program and supporting the organizations security and compliance risk management efforts.

This hands-on senior individual contributor is responsible for privacy operations and participates in rotational responsibilities including third-party risk reviews audit support and customer trust and privacy inquiries. The role partners closely with Legal the DPO Security Product and business teams to ensure privacy and security risks are identified assessed and managed consistently in alignment with privacy and regulatory requirements.

Key Responsibilities:

• Lead privacy operations within the Security GRC function by developing implementing and maintaining privacy program processes and documentation including:
• Privacy Impact Assessments (PIAs) and Data Protection Impact Assessments (DPIAs)
• Records of Processing Activities (ROPA) and data inventories
• Data Subject Access Requests (DSARs) in coordination with Legal HR and Marketing
• Privacy and compliance risk assessments aligned with GDPR CCPA/CPRA HIPAA and other applicable global privacy laws
• Support privacy-by-design practices by embedding privacy considerations into GRC workflows risk assessments and third-party reviews
• Support the privacy risk register by providing input and context on privacy and security risks and ensure key stakeholders including Legal the DPO and business teams are kept informed of risk status and updates
• Assist with third-country data transfer risk assessments (Transfer Impact Assessments) Legitimate Interest Assessments (LIAs) and related privacy evaluations in consultation with Legal and the DPO
• Participate in GRC rotational responsibilities including third-party security and privacy vendor reviews and support for internal and external audits (e.g. SOC 2 ISO 27001) including evidence collection and remediation tracking
• Provide rotational support for customer trust and privacy inquiries partnering with Sales and Customer Success on customer-requested DPIAs privacy questionnaires and data protection assessments
• Collaborate cross-functionally with Legal the DPO Product Engineering Security and business teams to operationalize privacy and security requirements in a scalable risk-based manner by providing innovative solutions and automation initiatives

The Ideal Candidate Will Be/Have:

• Strong experience with GDPR and global privacy operations in a SaaS or technology environment
• Hands-on experience with PIAs/DPIAs ROPA DSARs and privacy risk assessments
• Experience with third-party risk management and security reviews
• Experience supporting customer trust and privacy inquiries
• Ability to analyze complex privacy and security issues and provide clear actionable recommendations
• Familiarity with SOC 2 ISO 27001 and ISO 27701 audit processes
• Strong cross-functional communication and stakeholder management skills including the ability to explain privacy and security risks to technical and non-technical audiences
• Highly organized with strong attention to detail and the ability to manage multiple priorities under tight deadlines
  
  

Nice to have/Bonus Points::

• Privacy certifications (CIPP/E CIPP/US CIPM or similar)
• Experience with US state privacy laws (HIPAA CCPA and others)
• Experience working at a SaaS company

What we offer

• Competitive salaries & meaningful equity
• Private Medical Insurance
• Life/Risk Assurance
• Meal Allowance: 8.55 per day
• Community Days (days for us to give back to the community)
• Paid Annual Leave (22 days)
• Global Lifestyle Reimbursement Account
• Paid Sabbatical
• Complete laptop workstation

Recruitment Disclaimer:

Please be aware that Iterable Inc. (Iterable) and our official professional recruiting agencies and platforms do not:

• Send job offers from free email services like Gmail Yahoo mail Hotmail etc.
• Request money fees or payment of any kind from prospective candidates to apply to Iterable for employment or for the recruitment process (e.g. for home office supplies or training etc.).
• Request or require personal documents like bank account details tax forms or credit card information as part of the recruitment process prior to the candidate signing an engagement letter or an employment contract with Iterable.

You may see all job vacancies on our official Iterable channels:

• Official Iterable website Careers page: LinkedIn Jobs page: is not affiliated in any way to these impostors and we hereby confirm that such individuals/entities are not authorized encouraged or sponsored to act on behalf of Iterable. Such job opportunities are entirely fake and not valid. Therefore please disregard any written or oral request for a job offer or an interview that you believe is or might be fraudulent or suspicious and immediately reach out to us via email at upon receiving a suspicious job offer.

  Criminal and/or civil liabilities may arise from such actions and Iterable expressly reserves the right to take legal action including criminal action against such individuals/entities whenever such phenomena any case please note that under no circumstances shall Iterable and any of its affiliates be held liable or responsible for any claims losses damages expenses or other inconvenience resulting from or in any way connected to the actions of these impostors.
  
  Iterable is an Equal Employment Opportunity employer that proudly pursues and hires a diverse workforce. Iterable does not make hiring or employment decisions on the basis of race color religion or religious belief ethnic or national origin nationality sex gender gender-identity sexual orientation disability age military or veteran status or any other basis protected by applicable local state or federal laws or prohibited by Company policy. Iterable also strives for a healthy and safe workplace and strictly prohibits harassment of any kind. Pursuant to the San Francisco Fair Chance Ordinance and other similar state laws and local ordinances and its internal policy Iterable will also consider for employment qualified applicants with arrest and conviction records.