Iterable is the leading AI-powered customer engagement platform that helps leading brands like Redfin, Seat Geek, Priceline, Calm, and Box create dynamic, individualized experiences at scale. Our platform empowers organizations to activate customer data, design seamless cross-channel interactions, and optimize engagement—all with enterprise-grade security and compliance. Today, nearly 1,200 brands across 50+ countries rely on Iterable to drive growth, deepen customer relationships, and deliver joyful customer experiences.

Our success is powered by extraordinary people who bring our core values—Trust, Growth Mindset, Balance, and Humility—to life. We foster a culture of innovation, collaboration, and inclusion, where ideas are valued and individuals are empowered to do their best work. That’s why we’ve been recognized as one of Inc’s Best Workplaces and Fastest Growing Companies, and were recognized on Forbes’ list of America’s Best Startup Employers in 2022. Notably, Iterable has also been listed on Wealthfront’s Career Launching Companies List and has held a top 10 ranking on the Top 25 Companies Where Women Want to Work.

With a global presence—including offices in San Francisco, New York, Denver, London, and Lisbon, plus remote employees worldwide—we are committed to building a diverse and inclusive workplace. We welcome candidates from all backgrounds and encourage you to apply. Learn more about our story and mission on our Culture and About Us pages. Let’s shape the future of customer engagement together!

The Role

The Senior GRC Privacy Analyst sits within the Security Governance, Risk, and Compliance (GRC) team and plays a key role in advancing Iterable’s privacy program and supporting the organization’s security and compliance risk management efforts.

This hands-on, senior individual contributor is responsible for privacy operations and participates in rotational responsibilities, including third-party risk reviews, audit support, and customer trust and privacy inquiries. The role partners closely with Legal, the DPO, Security, Product, and business teams to ensure privacy and security risks are identified, assessed, and managed consistently, in alignment with privacy and regulatory requirements.

Key Responsibilities:

• Lead privacy operations within the Security GRC function by developing, implementing, and maintaining privacy program processes and documentation, including:

• Privacy Impact Assessments (PIAs) and Data Protection Impact Assessments (DPIAs)

• Records of Processing Activities (ROPA) and data inventories

• Data Subject Access Requests (DSARs), in coordination with Legal, HR, and Marketing

• Privacy and compliance risk assessments aligned with GDPR, CCPA/CPRA, HIPAA, and other applicable global privacy laws

• Support privacy-by-design practices by embedding privacy considerations into GRC workflows, risk assessments, and third-party reviews

• Support the privacy risk register by providing input and context on privacy and security risks, and ensure key stakeholders, including Legal, the DPO, and business teams, are kept informed of risk status and updates

• Assist with third-country data transfer risk assessments (Transfer Impact Assessments), Legitimate Interest Assessments (LIAs), and related privacy evaluations in consultation with Legal and the DPO

• Participate in GRC rotational responsibilities, including third-party security and privacy vendor reviews and support for internal and external audits (e.g., SOC 2, ISO 27001), including evidence collection and remediation tracking

• Provide rotational support for customer trust and privacy inquiries, partnering with Sales and Customer Success on customer-requested DPIAs, privacy questionnaires, and data protection assessments

• Collaborate cross-functionally with Legal, the DPO, Product, Engineering, Security, and business teams to operationalize privacy and security requirements in a scalable, risk-based manner by providing innovative solutions and automation initiatives

The Ideal Candidate Will Be/Have:

• Strong experience with GDPR and global privacy operations in a SaaS or technology environment

• Hands-on experience with PIAs/DPIAs, ROPA, DSARs, and privacy risk assessments

• Experience with third-party risk management and security reviews

• Experience supporting customer trust and privacy inquiries

• Ability to analyze complex privacy and security issues and provide clear, actionable recommendations

• Familiarity with SOC 2, ISO 27001, and ISO 27701 audit processes

• Strong cross-functional communication and stakeholder management skills, including the ability to explain privacy and security risks to technical and non-technical audiences

• Highly organized with strong attention to detail and the ability to manage multiple priorities under tight deadlines

Nice to have/Bonus Points: :

• Privacy certifications (CIPP/E, CIPP/US, CIPM, or similar)

• Experience with US state privacy laws (HIPAA, CCPA and others)

• Experience working at a SaaS company

What we offer

• Competitive salaries & meaningful equity

• Private Medical Insurance

• Life/Risk Assurance

• Meal Allowance: 8.55€ per day

• Community Days (days for us to give back to the community)

• Paid Annual Leave (22 days)

• Global Lifestyle Reimbursement Account

• Paid Sabbatical

• Complete laptop workstation

Recruitment Disclaimer:

Please be aware that Iterable, Inc. (“Iterable”) and our official professional recruiting agencies and platforms do not:

• Send job offers from free email services like Gmail, Yahoo mail, Hotmail, etc.

• Request money, fees, or payment of any kind from prospective candidates to apply to Iterable, for employment, or for the recruitment process (e.g. for home office supplies, or training, etc.).

• Request or require personal documents like bank account details, tax forms, or credit card information as part of the recruitment process prior to the candidate signing an engagement letter or an employment contract with Iterable.

You may see all job vacancies on our official Iterable channels:

• Official Iterable website, Careers page: https://iterable.com/careers/

• Official LinkedIn Jobs page: https://www.linkedin.com/company/iterable/jobs/

Iterable is not affiliated in any way to these impostors and we hereby confirm that such individuals/entities are not authorized, encouraged, or sponsored to act on behalf of Iterable. Such job opportunities are entirely fake and not valid. Therefore, please disregard any written or oral request for a job offer or an interview that you believe is or might be fraudulent or suspicious and immediately reach out to us via email at talent-ops@iterable.com upon receiving a suspicious job offer.

Criminal and/or civil liabilities may arise from such actions, and Iterable expressly reserves the right to take legal action, including criminal action, against such individuals/entities whenever such phenomena occur. In any case, please note that under no circumstances shall Iterable and any of its affiliates be held liable or responsible for any claims, losses, damages, expenses or other inconvenience resulting from or in any way connected to the actions of these impostors.

Iterable is an Equal Employment Opportunity employer that proudly pursues and hires a diverse workforce. Iterable does not make hiring or employment decisions on the basis of race, color, religion or religious belief, ethnic or national origin, nationality, sex, gender, gender-identity, sexual orientation, disability, age, military or veteran status, or any other basis protected by applicable local, state, or federal laws or prohibited by Company policy. Iterable also strives for a healthy and safe workplace and strictly prohibits harassment of any kind. Pursuant to the San Francisco Fair Chance Ordinance and other similar state laws and local ordinances, and its internal policy, Iterable will also consider for employment qualified applicants with arrest and conviction records.