Senior GRC Analyst

The Role

The Senior GRC Privacy Analyst sits within the Security Governance, Risk, and Compliance (GRC) team and plays a key role in advancing Iterable’s privacy program and supporting the organization’s security and compliance risk management efforts. 

This hands-on, senior individual contributor is responsible for privacy operations and participates in rotational responsibilities, including third-party risk reviews, audit support, and customer trust and privacy inquiries. The role partners closely with Legal, the DPO, Security, Product, and business teams to ensure privacy and security risks are identified, assessed, and managed consistently, in alignment with privacy and regulatory requirements.

 

Key Responsibilities:

• Lead privacy operations within the Security GRC function by developing, implementing, and maintaining privacy program processes and documentation, including:
• Privacy Impact Assessments (PIAs) and Data Protection Impact Assessments (DPIAs)
• Records of Processing Activities (ROPA) and data inventories
• Data Subject Access Requests (DSARs), in coordination with Legal, HR, and Marketing
• Privacy and compliance risk assessments aligned with GDPR, CCPA/CPRA, HIPAA, and other applicable global privacy laws
• Support privacy-by-design practices by embedding privacy considerations into GRC workflows, risk assessments, and third-party reviews
• Support the privacy risk register by providing input and context on privacy and security risks, and ensure key stakeholders, including Legal, the DPO, and business teams, are kept informed of risk status and updates
• Assist with third-country data transfer risk assessments (Transfer Impact Assessments), Legitimate Interest Assessments (LIAs), and related privacy evaluations in consultation with Legal and the DPO
• Participate in GRC rotational responsibilities, including third-party security and privacy vendor reviews and support for internal and external audits (e.g., SOC 2, ISO 27001), including evidence collection and remediation tracking
• Provide rotational support for customer trust and privacy inquiries, partnering with Sales and Customer Success on customer-requested DPIAs, privacy questionnaires, and data protection assessments
• Collaborate cross-functionally with Legal, the DPO, Product, Engineering, Security, and business teams to operationalize privacy and security requirements in a scalable, risk-based manner by providing innovative solutions and automation initiatives

The Ideal Candidate Will Be/Have:

• Strong experience with GDPR and global privacy operations in a SaaS or technology environment
• Hands-on experience with PIAs/DPIAs, ROPA, DSARs, and privacy risk assessments
• Experience with third-party risk management and security reviews
• Experience supporting customer trust and privacy inquiries
• Ability to analyze complex privacy and security issues and provide clear, actionable recommendations
• Familiarity with SOC 2, ISO 27001, and ISO 27701 audit processes
• Strong cross-functional communication and stakeholder management skills, including the ability to explain privacy and security risks to technical and non-technical audiences
• Highly organized with strong attention to detail and the ability to manage multiple priorities under tight deadlines
  
  

Nice to have/Bonus Points::

• Privacy certifications (CIPP/E, CIPP/US, CIPM, or similar)
• Experience with US state privacy laws (HIPAA, CCPA and others)
• Experience working at a SaaS company 

What we offer 

• Competitive salaries & meaningful equity
• Private Medical Insurance
• Life/Risk Assurance
• Meal Allowance: 8.55€ per day
• Community Days (days for us to give back to the community) 
• Paid Annual Leave (22 days)
• Global Lifestyle Reimbursement Account
• Paid Sabbatical
• Complete laptop workstation