This description is a summary of our understanding of the job description. Click on 'Apply' button to find out more.

Role Description

We are seeking a Senior Privacy Program Manager / Lead to design, build, and operationalize a comprehensive privacy program that supports the company’s activities as both a data controller and a data processor, including the use of AI and data-driven technologies across commercial operations and product development.

• Build, own, and scale the company’s global privacy program, ensuring compliance with global regulations (GDPR, CCPA, PIPEDA, etc.).
• Define and implement governance frameworks that clearly operationalize our obligations as both a Data Controller and Data Processor.
• Develop privacy metrics, dashboards, and policies to measure program effectiveness and demonstrate accountability.
• Own and maintain core privacy operations, including Data Subject Access Requests (DSARs), Records of Processing Activities (RoPAs), data retention, and vendor risk management.
• Conduct comprehensive risk evaluations (PIAs, DPIAs, TIAs, LIAs) and data flow analyses across all internal systems and products.
• Serve as the privacy lead for incident response, internal audits, and customer due diligence inquiries.
• Partner closely with Product and Engineering to embed Privacy-by-Design and default principles directly into the software development lifecycle (SDLC).
• Evaluate new product builds and system designs for privacy risks, with a heavy focus on AI-enabled features, machine learning models, and automated decision-making tools.
• Assess AI-specific risks, including training data usage, data minimization, and downstream data exposure.
• Act as a trusted advisor to Sales, Marketing, Legal, and Security, translating complex regulatory requirements into practical, scalable business processes.
• Evaluate commercial activities (like AI-driven marketing and analytics) to ensure they align with our external commitments and public-facing privacy statements.
• Proactively identify and fix process gaps to reduce manual effort, minimize customer friction, and strengthen the company's overall trust posture.

Qualifications

• 5+ years in privacy, data protection, or compliance, with a strong operational grasp of global frameworks (GDPR, CPRA, PIPEDA, etc.).
• Proven track record of conducting PIAs/DPIAs, executing data mapping, and navigating privacy obligations as both a Data Controller and Data Processor.
• Experience assessing privacy and data protection risks specific to AI, machine learning, and complex data-driven systems (including automated decisioning/profiling).
• Excellent communication skills with the ability to translate complex privacy laws into practical, actionable guidance for both technical (Engineering/Product) and non-technical (Sales/Marketing) teams.
• Active privacy certifications (e.g., CIPM, CIPP/E, CIPP/US).

Requirements

• Working knowledge of IT security concepts, cloud data flows, the Software Development Life Cycle (SDLC), or basic data analysis/coding skills.
• Experience utilizing formal risk frameworks, driving process improvements, and managing workflows in tools like Jira, Asana, or Smartsheet.
• Demonstrated ability to review, draft, and amend privacy-related contracts or vendor agreements.

Benefits

• Pay Transparency Range: $104,000 - $156,000
• The exact salary will be dependent on the successful candidate’s location, relevant knowledge, skills, and qualifications.

Inclusion and Belonging

At Commerce, we believe that celebrating the unique histories, perspectives and abilities of every employee makes a difference for our company, our customers and our community. We are an equal opportunity employer and the inclusive atmosphere we build together will make room for every person to contribute, grow and thrive.

We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the interview process, to perform essential job functions and to receive other benefits and privileges of employment. If you need an accommodation in order to interview at Commerce, please let us know during any of your interactions with our recruiting team.