Senior Security, Compliance, and Privacy Manager
Posted on Friday, September 1, 2023
The Senior Security, Compliance, and Privacy Manager will be responsible for overseeing the development, implementation, and enforcement of the organization's privacy and compliance policies and procedures. As part of the engineering team, this role works closely with Business Operations and Engineering Leadership to establish compliance in Product Development, Data Analytics & Engineering, Security Operations, and Platform Operations. The ideal human requires a strong understanding of data privacy laws, industry regulations, and best practices to ensure the organization's compliance. Additionally, the Security, Compliance, and Privacy Manager will be responsible for managing the organization's Business Continuity/Disaster Recovery (BC/DR) plan and Risk Register.
Right away, we’ve listed what we think you’ll be spending your time on. We’re growing fast, and growth means the challenges we’ll work on together will change as we lead Loop through new and different phases.
This is an indispensable role with us, so we’ll be looking for you to have examples of when you’ve tackled these challenges throughout your career. We’ve laid out the experience we think is important to set you up for success in this role. But, we appreciate that different humans will solve problems in different ways, so we don’t expect you to fit exactly in a box of requirements.
Loop HQ is a state-of-the-art office located in Columbus, Ohio, and more than half of our team works remotely across the United States and Canada. You can choose to join us in the Columbus office or stay fully remote in this role.
Priority #1: Plan and execute for the future of Loop’s Privacy and Compliance practice.
- Own the current state of compliance policies and procedures and develop the next phase in line with applicable laws and regulations.
- Drive and support Loop’s business goals while ensuring policies are effectively implemented, communicated, and understood by employees.
- Understand the needs of Loop’s partners and merchants to build sustainable processes and controls.
- Coordinate with different departments to integrate privacy and compliance considerations into their processes.
Priority #2: Monitor Compliance and Risk on behalf of the business and technical teams.
- Work with technical teams to automate visibility into our daily engineering operations.
- Conduct regular reviews and audits of the organization's data collection, storage, and use practices to ensure compliance with policies and regulations.
- Investigate and address any potential compliance issues, working with the relevant teams to implement corrective actions.
Priority #3: Own Loop’s privacy incident response process:
- Use your past experience to lead the organization's response to data breaches and other privacy incidents.
- Coordinate with legal, technical, and communication teams to investigate the incident, mitigate the damage, notify affected individuals, and report to regulators if required.
- Conduct privacy incident response tabletop exercises to test the organization's readiness and identify areas for improvement.
Priority #4: Provide Training and Education to the organization:
- Educate yourself on the latest industry trends, providing guidance on new privacy laws and regulations.
- Develop and deliver training programs for employees on privacy and compliance matters that relate to Loop’s business.
- Help employees understand their privacy obligations and how to protect personal data in their roles.
- Develop new privacy and compliance initiatives to support the highest standards for Loop and its merchants
Priority #5: Manage BC/DR Plan and Risk Register:
- Take ownership of the organization's Business Continuity/Disaster Recovery plan and Risk Register, guiding Loop’s technical platform and business operations.
- Set and drive goals across Loop’s functions to reduce risk and increase stability.
- Collaborate with engineering and business teams to regularly review, update, and improve the BC/DR plan and Risk Register.
- Ensure compliance with the plan and Risk Register during SOC2 reviews and other assessments.
- 6+ years of experience in security, privacy, compliance, or a related field, building a culture of quality while supporting goals in a fast-growing business.
- Expert knowledge of data privacy laws and regulations, such as GDPR and CCPA and steering architecture and processes towards compliance.
- Experience in risk management and business continuity planning.
- You’re a strong communicator no matter the medium - in-person and virtual, connecting initiatives across technical, go-to-market, and the operational needs of Loop.
- You feel a strong sense of ownership and build close relationships with your stakeholders.
- You have examples to share of how you’re already living Loop’s core values: Be a Human First, Clear is Kind, Go Get Results, Land the Plane, and Make Merchants Successful.
In a perfect world, Loop wouldn't exist. If we had our way, we'd live in a world where we're mindful about how we consume, we love every product we own, and we share values with the brands who create them. In reality, commerce isn't perfect and often breaks. Loop creates second chances.
We're starting by revolutionizing the post-purchase experience. We've taken one of the most fragile commerce interactions - returns - and turned it into something consumers actually love, and that deepens our connection to brands and products.
We take connection seriously on the inside, too. We're building a work experience that allows you to Be A Human First and prioritizes empathy and wellbeing. We view Loop as a special place in your career to shape the future of an industry and become a better person while doing it. You can grow faster here in a shorter amount of time - we'll give you space and trust you to fill it.
Learn more about us here: https://loopreturns.com/careers.
You can review our privacy notice here.