Job Description
Iterable is the leading AI-powered customer engagement platform that helps leading brands like Redfin, SeatGeek, Priceline, Calm, and Box create dynamic, individualized experiences at scale. Our platform empowers organizations to activate customer data, design seamless cross-channel interactions, and optimize engagement—all with enterprise-grade security and compliance. Today, nearly 1,200 brands across 50+ countries rely on Iterable to drive growth, deepen customer relationships, and deliver joyful customer experiences.
Our success is powered by extraordinary people who bring our core values—Trust, Growth Mindset, Balance, and Humility—to life. We foster a culture of innovation, collaboration, and inclusion, where ideas are valued and individuals are empowered to do their best work. That’s why we’ve been recognized as one of Inc’s Best Workplaces and Fastest Growing Companies , and were recognized on Forbes’ list of America’s Best Startup Employers in 2022. Notably, Iterable has also been listed on Wealthfront’s Career Launching Companies List and has held a top 10 ranking on the Top 25 Companies Where Women Want to Work .
With a global presence—including offices in San Francisco, New York, Denver, London, and Lisbon, plus remote employees worldwide—we are committed to building a diverse and inclusive workplace. We welcome candidates from all backgrounds and encourage you to apply. Learn more about our story and mission on our Culture and About Us pages. Let’s shape the future of customer engagement together!
The Role
The Senior GRC Privacy Analyst sits within the Security Governance, Risk, and Compliance (GRC) team and plays a key role in advancing Iterable’s privacy program and supporting the organization’s security and compliance risk management efforts.
This hands-on, senior individual contributor is responsible for privacy operations and participates in rotational responsibilities, including third-party risk reviews, audit support, and customer trust and privacy inquiries. The role partners closely with Legal, the DPO, Security, Product, and business teams to ensure privacy and security risks are identified, assessed, and managed consistently, in alignment with privacy and regulatory requirements.
Key Responsibilities:
Lead privacy operations within the Security GRC function by developing, implementing, and maintaining privacy program processes and documentation, including:
Privacy Impact Assessments (PIAs) and Data Protection Impact Assessments (DPIAs)
Records of Processing Activities (ROPA) and data inventories
Data Subject Access Requests (DSARs), in coordination with Legal, HR, and Marketing
Privacy and compliance risk assessments aligned with GDPR, CCPA/CPRA, HIPAA, and other applicable global privacy laws
Support privacy-by-design practices by embedding privacy considerations into GRC workflows, risk assessments, and third-party reviews
Support the privacy risk register by providing input and context on privacy and security risks, and ensure key stakeholders, including Legal, the DPO, and business teams, are kept informed of risk status and updates
Assist with third-country data transfer risk assessments (Transfer Impact Assessments), Legitimate Interest Assessments (LIAs), and related privacy evaluations in consultation with Legal and the DPO
Participate in GRC rotational responsibilities, including third-party security and privacy vendor reviews and support for internal and external audits (e.g., SOC 2, ISO 27001), including evidence collection and remediation tracking
Provide rotational support for customer trust and privacy inquiries, partnering with Sales and Customer Success on customer-requested DPIAs, privacy questionnaires, and data protection assessments
Collaborate cross-functionally with Legal, the DPO, Product, Engineering, Security, and business teams to operationalize privacy and security requirements in a scalable, risk-based manner by providing innovative solutions and au ... (truncated, view full listing at source)