Data Security & Privacy Compliance Manager

CoinFlip is a leading fintech company powered by cryptocurrency. Believing everyone deserves to participate in the new digital economy, the company operates one of the world’s largest networks of cryptocurrency ATMs — with over 4,000 active kiosks — as well as an over-the-counter trading desk. In 2022, CoinFlip became an international company by expanding into Canada, and launched CoinFlip Ventures, a new initiative designed to support start-up companies. 
CoinFlip placed No. 60 on the 2021 Inc. 5000 list of the nation’s fastest-growing private companies. CoinFlip was also named the 2021 and 2022 #1 fastest-growing company in Chicago by Crain’s Business. 
As our growth trajectory continues, we’re looking to quickly expand all of our teams. It’s an exciting time to join CoinFlip as we’re pursuing additional business lines and continued international expansion to further cement us as a leading financial technology company. 

We’re seeking a Data Privacy Compliance Manager responsible for building out CoinFlip’s global data privacy program that will ensure the protection of sensitive information, including internal and customer data. This role reports to CoinFlip’s Chief Information Security Officer, but also works closely with our compliance and legal departments. The Data Privacy Compliance Manager develops and oversees the privacy compliance program, supporting privacy compliance, governance/policy, and incident response needs of legal, compliance and security teams. Key responsibilities include supporting CoinFlip’s businesses by leading efforts to create, maintain, and improve upon processes and procedures to comply with all relevant privacy and data protection laws, and to gather, preserve, and distribute proof of compliance where applicable.

Responsibilities:

• Responsible for the implementation of the company's domestic and international business and consumer privacy protection program
• Responsible for ensuring technical solutions are implemented to identify potential data breaches and 
• Interpret and apply data privacy regulations, policies, standards, or procedures to specific issues
• Conduct Privacy Impact Assessments (PIAs) of the application’s security design for the appropriate security controls, which protect the confidentiality and integrity of Personally Identifiable Information (PII)
• Interpret patterns of non-compliance to determine their impact on levels of risk and/or overall effectiveness of the enterprise’s cybersecurity program
• Develop privacy training materials and other communications to increase employee understanding and awareness of company privacy policies, data handling practices and procedures and legal obligations
• Work with the general counsel and business teams to ensure both existing and new services comply with privacy and data security obligations
• Work with legal counsel, management, key departments, and committees to ensure the organization has and maintains appropriate privacy and confidentiality consent, authorization forms and information notices and materials reflecting current organization and legal practices and requirements
• Maintain current knowledge of applicable federal, state, and international privacy laws and accreditation standards, and monitor advancements in information privacy technologies to ensure organizational adaptation and compliance
• Work with business teams and senior management to ensure awareness of “best practices” on privacy and data security issues
• Serve in a leadership role for Privacy and Security Committee activities
• Collaborate with cybersecurity personnel on the security risk assessment process to address privacy compliance and risk mitigation
• Interface with Senior Management to develop strategic plans for the collection, use and sharing of information in a manner that maximizes its value while complying with privacy regulations
• Identify and manage privacy incidents and breaches in conjunction with the Chief Information Security Officer, legal counsel and the business units

Qualifications:

• 5+ years’ experience in a privacy / data loss prevention and protection related field
• The ability to create a data privacy program and eventually lead a team of privacy professionals
• Bachelor degree or above in information security, computer, or related majors
• The ability and experience with working across departments and business units to implement organization’s privacy principles and programs, and align privacy objectives with security objectives 
• The ability to develop, update, and/or maintain standard operating procedures (SOPs)
• The ability to determine whether a security incident violates a privacy principle or legal standard requiring specific legal action
• Expertise in domestic and international laws and regulations, such as cybersecurity law, GDPR, HIPPA, etc.
• The ability to partner with lawyers and outside law firms to stay abreast of changing privacy related laws and regulations
• Experience with cloud environments (e.g., AWS, Azure, O365) and technical implementation of data security and privacy requirements 
• Self-driven with good teamwork, communication skills
• Privacy certification preferred (e.g., CDPSE, CIPP-E, CIPP-US, CIPM, CISSP)

Nice to Have:

• Experience working for a rapidly growing startup, and managing change 
• Experience in financial services, fintech and/or crypto

Working at CoinFlip means collaborating with experienced and innovative leaders who share a clear vision and a track record of success. We offer a collaborative and positive working environment where we encourage employees to balance productivity with time to recharge. Compensation is above and beyond a typical “startup” — we offer competitive salaries, performance-based incentives, and competitive benefits for full-time employees.
CoinFlip values diversity in the workplace and is an equal opportunity employer committed to providing an inclusive and accessible work environment. We thank all candidates who apply, but only those selected for an interview will be contacted. 
By applying to this role, you give express consent to CoinFlip to send you informational text (SMS) messages regarding this role and the application process. You can cancel the SMS service at any time by replying "STOP" to the text message you received. If at any time you forget what keywords are supported, just reply "HELP." Message and data rates apply. If you require a special accommodation, please let us know and we’ll work with you to meet your needs.