Manager, Privacy Compliance
AffirmYou'll be redirected to the original listing.
Description
Affirm is reinventing credit to make it more honest and friendly, giving consumers the flexibility to buy now and pay later without any hidden fees or compounding interest.
About the Team:
Affirm’s Compliance organization supports the company’s risk management framework across all three lines of defense, partnering with teams throughout the business to promote a strong culture of compliance and effective risk management. The Privacy Compliance team sits within the second line of defense and is responsible for the independent oversight and governance of Affirm’s privacy compliance program. The team partners closely with Legal, Product, Engineering, Operations, and other business functions to establish policies, standards, and control expectations, monitor compliance with regulatory requirements, and provide independent challenge to help ensure privacy risks are effectively managed while maintaining second-line independence.
About the Role:
The Compliance Manager, Privacy operates within the second line of defense and is responsible for oversight and governance of the Privacy compliance program. This role translates legal and regulatory requirements into policies, standards, and control expectations, and provides independent monitoring and challenge to support effective implementation by first-line teams.
In alignment with the company’s privacy operating model, Legal retains responsibility for regulatory interpretation and legal advisory, while Product, Engineering, and Operations own the implementation and execution of controls. This role partners with those teams to drive compliant outcomes while maintaining second-line independence.
This role does not serve as a designated Data Protection Officer (DPO) and does not hold regulatory accountability for statutory privacy roles.
What You’ll Do:
- Support oversight of the existing Privacy compliance program across jurisdictions, with primary focus on U.S. requirements and alignment to global privacy obligations, where required suggest improvements.
- Translate Legal guidance and regulatory requirements into policies, standards, and control expectations, ensuring clear articulation of compliance requirements for first-line teams.
- Provide oversight and maintain existing governance frameworks and standards for core privacy program areas, including:
- Data subject rights (DSAR) processes and SLAs
- Data protection impact assessment (DPIA) governance and documentation standards
- Consent and preference management expectations
- Data retention and deletion requirements
- Partner with Product and Engineering to advise on and review the design and implementation of privacy controls, ensuring alignment to regulatory expectations while maintaining second-line independence.
- Provide independent oversight and effective challenge of first-line privacy control environments, including review of control design, identification of gaps, and tracking of remediation actions.
- Oversee privacy incident and breach response processes from a governance perspective, including review of escalation, documentation, and outcomes, in coordination with Legal on notification requirements.
- Maintain privacy risk registers and support risk assessment processes, including DPIA oversight, issue identification, and remediation tracking.
- Monitor adherence to privacy requirements and control expectations, including data subject rights processes, consent management, and regulatory obligations, and escalate issues where gaps are identified.
- Support audits, regulatory examinations, and bank partner reviews by coordinating second-line input, reviewing materials, and tracking remediation actions.
- Produce and contribute to privacy monitoring and governance reporting, including metrics …
Related remote jobs