Data Privacy & Security Engineer

Position Summary: The Data Privacy and Security Engineer will lead and support enterprise-wide privacy initiatives, ensuring alignment with global data protection regulations such as GDPR, HIPAA, and CPRA. This role is responsible for managing cross-functional privacy projects using Agile methodology, operationalizing privacy compliance through technical and procedural controls, and integrating privacy risk management practices across business units.

Primary Accountabilities:

Privacy Program & Project Management (25%)

• Oversee privacy initiatives in collaboration with internal teams and external partners, outside counsel and consultants to enhance privacy operations.

• Develop bi-weekly privacy project status reports, tracking accomplishments, obstacles, risks, and actions against the plan.

• Develop and operationalize project plans using SCRUM Agile Methodology

• Facilitate monthly core privacy team meetings across Enterprise, MarTech, and Healthcare divisions, ensuring alignment on priorities.

• Support the Privacy Officer in data governance, strategic planning, and privacy committee meetings (including Data, BI & AI, and Security & Risk committees).

• Ensure compliance with data privacy and security regulations (e.g., GDPR, HIPAA, ISO 27001, CPRA).

Operationalizing Privacy Compliance (25%)

Assist in rolling out enterprise privacy and data security standards and procedures, including:

• ServiceNow Record of Processing Activity (RoPA) workflows.

• Data Subject Rights (DSR) processes for access and deletion requests.

• Consumer opt-out of data sale procedures.

• Privacy Impact Assessments (PIAs) and vendor assurance processes in ServiceNow.

• Online tracker and cookie banner compliance across 14+ domains.

• Privacy-centric threat modeling using models like LINDDUN

• Work with teams to embed privacy controls into the technology stack, ensuring audit-ready documentation – Privacy by Design

• Drive de-identification standards and data clean-room assurance for privacy-preserving analytics.

• Develop privacy training materials and facilitate train-the-trainer sessions for enterprise privacy practices.

• Develop, enforce, and maintain data security policies, standards, and best practices.

• Design and implement data protection strategies to protect sensitive company and customer information.

• Deploy and manage Data Security Posture Management (DSPM) platform, analyze and action any applicable findings

• Develop automation using programming languages and/or frameworks to assist in auditing and enforcing desired state for data security and protection controls

Privacy Risk & Compliance Integration (25%)

• Support ServiceNow Privacy Controls Framework implementation, including risk-based metrics and regulatory mappings.

• Assist in conducting privacy impact assessments (PIAs) to assess data use cases and privacy risks.

• Work with procurement and business teams to develop new client privacy vetting procedures for evaluating privacy notices and online tracking practices.

• Track and manage ongoing privacy compliance obligations related to evolving U.S. and international privacy laws.

Stakeholder Collaboration & Change Management (25%)

• Partner with IT, Legal, Compliance, Security, and Business teams to ensure privacy is embedded into processes and decision-making.

• Help navigate evolving privacy requirements by fostering a privacy-first culture across the organization.

• Ensure alignment between privacy governance, data strategy, and regulatory expectations.

• Collaborate on privacy and data security product and services reviews

• Proactively ensure alignment between privacy, governance, data strategy, regulatory and other key stakeholders.

Required Qualifications:

• Bachelor’s degree required in Computer Science, Cyber Security, Data Privacy, or a related field.  

• 5-7 years of experience in privacy, compliance, security or data governance roles.

• Strong project management skills with the ability to drive complex initiatives and hold teams accountable.

• Ability to translate privacy requirements into operational procedures for business and technical stakeholders.

• Experience with privacy frameworks, data governance, and regulatory compliance (GDPR, CPRA, HIPAA, etc.).

• Excellent communication and facilitation skills—ability to influence and collaborate across teams.

Preferred Qualifications:

• PMP certification or equivalent project management experience.

• Experience with agile methodologies and iterative project execution.

• Familiarity with OneTrust, ServiceNow, or similar privacy management tools.

• Prior experience managing privacy projects at a global or enterprise scale.

• CIPM/CIPP/PMP/CIPT/CDPSE/OneTrust Privacy Professional Certification/ CISA/ CISSP/ CCSP. 

• Experience with security and privacy frameworks such as NIST, CIS, or ISO 27001/27701, CBPR, HITRUST, HDS etc.

• Risk Management experience.

• Strong analytical and problem-solving skills.

• Programming and/or automation experience. 

Individual Competencies: 

Soft Skills & Mindset for Success

• This role requires a proactive, curious, and hands-on problem solver—someone who is not afraid to experiment and iteratively apply learnings for continuous improvement. The ideal candidate will thrive in an environment that requires both structure and adaptability, and will bring:

• WILLINGNESS TO LEARN & EXPERIMENT – You don’t need to have all the answers, but you must be willing to dig into challenges, learn new systems, and problem-solve through experimentation.

• FLEXIBILITY & ADAPTABILITY – The privacy landscape is constantly evolving, and priorities can shift quickly. You must be able to adjust, pivot, and thrive in fast-changing environments.

• PROBLEM-SOLVING & PUZZLE-SOLVING MINDSET – Many privacy issues require investigative thinking—understanding risks, identifying gaps, and mapping out logic behind compliance workflows, templates, and regulations.

• PROJECT MANAGEMENT DISCIPLINE – Ability to track multiple privacy initiatives, hold teams accountable, and maintain structured execution without losing sight of the bigger picture.

• RESEARCH & ANALYTICAL THINKING – You should be comfortable researching privacy regulations/rules/industry standards, analyzing risks, and translating legal concepts into actionable steps.

• COMFORT WITH SYSTEMS & TECHNOLOGY – This role involves working with OneTrust, ServiceNow, and other privacy technologies—you should enjoy figuring out how systems work and optimizing processes within them.

• SELF-STARTER MENTALITY – You won’t always have a step-by-step guide. This role requires someone who is comfortable with taking initiative, testing solutions, and learning by doing.

Why This Role is Unique

• HIGH VISIBILITY & CROSS-FUNCTIONAL EXPOSURE – Work directly with executives, product teams, security, legal, compliance, and data teams across Inmar.

• STRATEGIC IMPACT – Play a pivotal role in shaping and operationalizing privacy practices in a growing global company.

• CAREER GROWTH OPPORTUNITY – This role provides hands-on experience with privacy engineering, governance frameworks, data security practices, and compliance tech stacks (OneTrust, ServiceNow, etc.), making it an excellent stepping stone toward Privacy Engineer, Privacy Architect, or Privacy Program Lead roles.

• CUTTING-EDGE PRIVACY WORK – Gain experience implementing advanced privacy controls, de-identification standards, and AI governance frameworks in an evolving regulatory landscape.

• Work-Life Flexibility – Primarily remote with some travel for key initiatives, providing the best of collaborative engagement and autonomy.

The physical demands described here are representative of those that must be met by an associate to successfully perform the major job responsibilities (essential functions) of this job.  Reasonable accommodations may be made to enable individuals with disabilities to perform the major job responsibilities. This job description is not intended to be an exhaustive list of all duties, responsibilities, or qualifications associated with the job. Duties responsibilities and activities may change, or new ones may be assigned at any time with or without notice.

While performing the duties of this job, the associate is:  

• Regularly required to use hands to finger, handle or feel objects, tools or controls, and reach with hands or arms.

• Regularly required to talk or hear and read instructions on a computer monitor and/or printed on paper.

• Occasionally required to stand, kneel or stoop, and lift and/or move up to 25 pounds.

• Regularly required to view items at an extremely close range and must be able to adjust and readjust focus.

• Regularly required to remain in a stationary position.

As an Inmar Associate, you:

• Put clients first and consistently display a positive attitude and behaviors that demonstrate an awareness and willingness to listen and respond to clients in order to meet their short-term and long-term needs, requirements and exceed their expectations. 

• Treat clients and teammates with courtesy, consideration and tact; you also can perceive the needs of internal and external clients and communicate effectively with the objective of delighting and retaining the client. 

• Build collaborative relationships and work cooperatively with others, inside and outside the organization, to accomplish objectives, develop and maintain mutually beneficial partnerships, leverage information and achieve results. 

• Set and attain achievable, yet aggressive, goals with a sense of urgency and accountability. 

• Understand that results are important and focus on turning mission into action to achieve results following the principles of agile, dynamic execution while consistently complying with quality, service and productivity standards to meet deadlines and exceed expectations by giving our clients the best possible outcome.

• Support a safe work environment by following safety rules and regulations and reporting all safety hazards.

We are an Equal Opportunity Employer, including disability/vets.

This position is not eligible for student visa sponsorship, including F-1 OPT or CPT. Candidates must have authorization to work in the U.S. without the need for employer sponsorship now or in the future.