Privacy Officer

Job Description:

Summary

The Privacy Officer is responsible for overseeing all activities related to the development, implementation, and maintenance of the organization's privacy program in accordance with applicable data protection laws and internal policies. This role ensures the company's compliance with privacy regulations (such as GDPR, CCPA, HIPAA, or others) and fosters a culture of accountability and transparency regarding personal data use. The Privacy Officer serves as the subject matter expert on data protection issues and is a key liaison between legal, compliance, IT, information security, HR, marketing, and other departments to ensure privacy is integrated into all operations.

Duties and Responsibilities

• Develop, implement, and maintain the company's privacy governance framework, including policies, procedures, and controls.

• Conduct regular reviews and updates of the privacy program to reflect changes in laws, regulations, and best practices.

• Monitor and interpret relevant global, national, and local privacy laws (e.g., GDPR, CCPA, HIPAA, etc.) and advise the business accordingly.

• Oversee the data breach response process, including investigation, documentation, mitigation, notification, and remediation.

• Collaborate with Legal, IT, and Information Security to manage and report data breaches in compliance with applicable laws.

• Ensure company practices align with regulatory requirements and industry standards for data protection.

• Develop and deliver training programs for employees on privacy practices, policies, and legal obligations.

• Promote privacy awareness across the organization to embed a privacy-by-design culture.

• Lead Privacy Impact Assessments (PIAs) for new or updated products, systems, or processes.

• Conduct Data Protection Impact Assessments (DPIAs) and present a summary of identified risks along with proposed mitigating measures to the Data Protection Officer (DPO).

• Escalate relevant issues to the Risk and Compliance Manager and the General Counsel, in accordance with escalation protocols.

• Advise staff on privacy-related matters and provide training to increase internal knowledge in this area.

• Act as the primary point of contact for regulatory authorities (e.g., Data Protection Authorities) and manage regulatory filings and reporting as required.

• Monitor Privacy mailbox.

• Review clients' contracts from a data privacy perspective.

• Ensure data processing agreements/addendums (DPAs) and standard contractual clauses (SCCs) are in place where appropriate.

• Acts as the primary point of contact with our appointed Data Protection Officer (DPO).

• Oversee and manage requests from data subjects (e.g., access, deletion, correction, restriction, and portability).

• Ensure timely and compliant responses to data subject access requests (DSARs) and inquiries.

• Assist in performing GDPR/Data Privacy risk assessments and monitoring with other compliance and control functions, results are shared with Leadership on quarterly steering call as well as line of business leadership.

• Serve as a primary point of contact for internal and external audit functions, ensuring timely follow-up on audit findings and exception remediation.

• Provide guidance to executives, staff, and employees on data privacy aspects.

• Participate in a multifaceted educational awareness and training program that focuses on the elements of the compliance program, policies, and procedures

• Ensure compliance with information security and privacy policies, procedures and workflows that refer to privacy or security breach incidents.

• Work closely with departments such as Legal, IT, Information Security, HR, Sales and other departments to embed privacy requirements into day-to-day operations and strategic initiatives.

• Advise product and technology teams on privacy-by-design and data minimization strategies.

• Evaluate third-party vendors for privacy compliance, contract negotiation, and ongoing oversight.

• Participate in the remediation exercises as required.

• Participate in strategic projects at the organizational level as required.

Required Qualifications

• Bachelor's degree in law, Business, IT, or a related field.

• Advanced degree (Master of Laws (LLM), Master of Science (MSc) in Data Privacy, Data Protection, etc.) is a plus.

• Minimum of 3-5 years' experience in privacy or data protection roles (total professional experience: 5–10 years; relevant privacy/data protection experience: minimum of 3–5 years within the total experience, specifically in roles focused on privacy or data protection)

• Proven experience in implementing and managing data privacy programs.

• Familiarity with regulatory regimes such as General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA) / California Privacy Rights Act (CPRA), Health Insurance Portability and Accountability Act (HIPAA), and others relevant to the business.

• Strong knowledge of global privacy laws and frameworks.

Preferred Qualifications

• One or more of the following preferred: Certified Information Privacy Professional (CIPP/E, CIPP/US, CIPP/A, etc.), Certified Information Privacy Manager (CIPM), Certified Information Systems Security Professional (CISSP)

• Excellent communication and interpersonal skills; ability to explain complex legal and technical terms in simple language.

• Analytical and problem-solving skills with a proactive mindset.
• Project management and organizational skills.

• High ethical standards and attention to detail.

• Ability to work independently and collaboratively in a fast-paced environment.

Normal Working Hours and Conditions

Core business hours are generally 8:00 am – 5:00 pm. However, this position may require work to be performed outside of normal business hours based on Company operations.

Physical Requirements

Primary functions require sufficient physical ability and mobility to work in an office setting; to stand or sit for prolonged periods of time; to occasionally stoop, bend, kneel, crouch, reach, and twist; to lift, carry, push, and/or pull light to moderate amounts of weight; to operate office equipment requiring repetitive hand movement and fine coordination including use of a computer keyboard; to travel to other office locations and to verbally communicate to exchange information.

About AML RightSource

AML RightSource is the leading firm solely focused on AML/BSA and financial crimes compliance solutions. We provide highly trained AML/BSA professionals to assist banks and non-bank financial institutions meet day-to-day compliance tasks. Services include transaction monitoring, alert backlog management, enhanced due diligence reviews, and financial crimes advisory matters. Our highly trained workforce approximately 4,000 analysts and subject matter experts includes the industry's largest team of full-time professionals. We typically provide our services directly from our secure facilities in Ohio, New York, Arizona (US); Ontario, CA; Sofia, BG; Krakow, PL; New Delhi, IN.

AML RightSource is committed to fostering a diverse work environment and is proud to be an equal opportunity employer. We provide equal employment opportunities to all qualified applicants without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state, or local laws.  

All the information concerning breaches of law during the recruitment process should be reported at Upon request, you will be provided with Internal procedure for reporting and following up on breaches of law, adopted by the Company based on the Whistleblower Protection Act.

Recruitment Scam Alerts

We're aware of an increase in recruitment scams where individuals falsely claim to represent AML RightSource. These scammers may ask for money or personal information by offering fake job opportunities through e-mail, text message or social media. Please verify the source of any job-related communications carefully. All official AML RightSource communications are conducted through "" email addresses. If you encounter suspicious messages, do not respond.