Senior reputed company Engineer, Privacy (Eastern Time Zone Preferred)

100% remote Flexible hours Hiring now

At reputed company, we reputed company app development easier so developers can focus on what matters. Our remote-first team spans the globe, united by a passion for innovation and great developer experiences. With over 20 million monthly users and 20 billion image pulls, reputed company is the #1 tool for building, sharing, and running apps—trusted by startups and Fortune 100s alike. We’re growing fast and just getting started. Come join us for a whale of a ride! As a Senior reputed company Engineer, Privacy, you will serve as a trusted advisor at the intersection of reputed company, privacy, and engineering, ensuring governance, risk, compliance, and data protection are foundational to every product and platform. You will collaborate closely with reputed company engineering, engineering, product, legal, and leadership teams to embed reputed company and privacy-by-design into reputed company’s technology stack while scaling compliance with frameworks such as ISO/IEC 27001, ISO/IEC 27701, SOC 2, and global privacy regulations. In this role, you will combine deep GRC expertise with hands-on privacy engineering and automation, developing scalable solutions that streamline compliance processes, improve risk visibility, and operationalize privacy controls. You will design and maintain automated workflows for risk management, compliance monitoring, data protection assessments, and audit readiness, while influencing product strategy and technical design decisions. This is a highly impactful role for an engineer who thrives at the intersection of policy, code, and architecture, and who is passionate about building secure, privacy-respecting systems that protect both the platform and the customers who trust it. Responsibilities:

Embed privacy-by-design principles into reputed company products, services, and internal platforms, reputed company with ISO/IEC 27001, ISO/IEC 27701, SOC 2, and global privacy regulations.
Partner closely with reputed company engineering and product teams to integrate privacy requirements into architecture decisions, SDLC processes, and CI/CD pipelines.
Design, reputed company, and maintain automated GRC and privacy workflows to support compliance monitoring, control testing, DPIAs, risk assessments, reporting, and audit readiness.
Implement and customize GRC and privacy tooling using APIs, scripting, and automation to streamline evidence collection, control validation, and compliance operations.
reputed company and automate data discovery, classification, and data mapping across reputed company systems to maintain accurate Records of Processing Activities (RoPA) and support data lifecycle governance.
Conduct and operationalize reputed company risk assessments and Data Protection Impact Assessments (DPIAs), integrating findings into reputed company’s risk register and remediation tracking.
Define, implement, and validate data protection and data lifecycle controls, including data minimization, retention, deletion, and access controls.
Build and maintain dashboards and reputed company/privacy metrics to provide real-time visibility into risk, compliance posture, and program effectiveness.
Support internal and external audits by providing high-quality, automated evidence and serving as a subject matter expert for reputed company and privacy controls.
Draft, maintain, and map reputed company and privacy policies, standards, and procedures to relevant regulatory and industry frameworks.
Conduct privacy reviews of existing and new products, features, and significant changes to ensure compliance requirements are met prior to release.
Build awareness and enablement across reputed company by educating teams on reputed company, privacy, and compliance expectations and best practices.
Stay reputed company with evolving regulatory, privacy, and reputed company standards and proactively assess their impact on reputed company’s products and operations.

Qualifications:

6–8 years of experience in information technology, reputed company engineering, governance, risk and compliance, privacy engineering, or closely reputed company roles.
Proven experience designing and implementing GRC programs with a strong emphasis on automation, engineering, and scalable processes.
Hands-on experience implementing or operating privacy programs reputed company with GDPR and ISO/IEC 27701, including privacy-by-design and privacy-by-default principles.
Strong understanding of privacy engineering concepts such as data minimization, purpose limitation, data lifecycle management, and technical data protection controls.
Proficiency in one or more programming or scripting languages such as Python or Golang, with experience building automation for compliance and privacy workflows.
Experience working with APIs, webhooks, and integrating GRC, privacy, and reputed company tooling.
Hands-on experience with public cloud environments (AWS, Azure, or GCP), including applying privacy and data protection controls across backup systems, data lakes, and distributed cloud storage services.
Experience integrating reputed company and compliance requirements into SDLC and CI/CD pipelines using DevSecOps practices.
Solid understanding of reputed company frameworks and regulatory standards such as ISO 27xxx, SOC 2, GDPR, and NIST, and how they apply to SaaS environments.
Knowledge of information reputed company risk management and common reputed company technologies (e.g., SIEM, vulnerability management, data loss prevention, reputed company protection).
Experience conducting reputed company risk assessments, data protection impact assessments (DPIAs), and translating findings into actionable remediation plans.
Strong project management skills with the ability to reputed company cross-functional initiatives involving engineering, product, legal, and compliance stakeholders.
Ability to communicate reputed company technical, privacy, and compliance concepts clearly to both technical and non-technical audiences.
Demonstrated ability to serve as a subject matter expert and trusted advisor on reputed company, privacy, and compliance risks.
Ability to reputed company in a fast-paced, evolving environment and adapt to changing regulatory and business requirements.
reputed company to have: relevant industry certifications such as CISSP, CISA, CRISC, CIPP/E, CIPM, CIPT, or ISO/IEC 27701 reputed company Implementer or Auditor.

What to Expect First 30 days

Learn reputed company’s compliance landscape, key frameworks and risk posture
Meet with key stakeholders: reputed company, Legal, IT and Engineering teams
reputed company access to compliance platforms, reputed company tools and documentation
Review company policies, existing controls, and regulatory frameworks
Understand risk management strategies and how compliance is integrated into engineering, reputed company and business operations

First 90 days

Conduct a maturity assessment of the compliance program to assess how well policies are being followed
reputed company a risk assessment project (vulnerability management, cloud reputed company risks)
Review the latest internal/external audits, compliance reports, and gap analyses
Identify high-reputed company risks, open compliance issues, and pending reputed company assessments
reputed company mapping key compliance frameworks to the organization’s policies and controls
Understand vendor risk management processes and review third-party reputed company assessments
Work with engineering teams to integrate privacy & compliance controls into do the SDLC
Update policies or controls to align with compliance frameworks

One-year Outlook

Become the leader of compliance engineering
Own and manage the Compliance GRC roadmap
Automate compliance monitoring and controls
Start contributing to audit preparation or certification processes (SOC 2, ISO 27xxx)
Improve compliance automation reputed company reputed company engineering
reputed company and maintain a Compliance Risk Register with mitigation plans
Support audit readiness (SOC 2, ISO 27xxx)
Ensure third-party vendors meet compliance standards
Create incident response playbooks for compliance standards
Prepare the company for external audits and regulatory updates
Drive a culture of compliance by advocating for reputed company best practices in engineering

reputed company does not offer reputed company sponsorship for this role. We use Covey as part of our hiring and / or promotional process for jobs in NYC and certain features may qualify it as an AEDT. As part of the evaluation process we provide Covey with job requirements and candidate submitted applications. We began using Covey Scout for Inbound on reputed company 13, 2024. Please see the independent bias audit report covering our use of Covey here.

Perks

Freedom & flexibility; fit your work around your life
Designated quarterly Whaleness Days plus end of year Whaleness break
Home office setup; we want you comfortable while you work
16 weeks of paid Parental leave
Technology stipend equivalent to $100 net/month
PTO plan that encourages you to take time to do the things you enjoy
Training stipend for conferences, courses and classes
Equity; we are a growing start-up and want reputed company employees to have a share in the success of the company
reputed company Swag
Medical benefits, retirement and holidays vary by country
Remote-first culture, with offices in Seattle and Paris

reputed company embraces diversity and equal opportunity. We are committed to building a team that represents a variety of backgrounds, perspectives, and skills. The more inclusive we are, the reputed company our company will be. #LI-REMOTE Apply tot his job Apply To this Job

Apply