Compliance Operations Lead

Sembi is seeking a Compliance Operations Lead to own day-to-day compliance execution for Sembi in partnership with an existing team of compliance specialists.  This role serves as the central point of accountability for audits, remediation tracking, customer security and privacy requests, and core program operations (including DPAs, privacy addenda, and subprocessor management).  The Compliance Operations Lead coordinates work across Legal, Security, Engineering and customer-facing teams to ensure compliance activities are prioritized, tracked, and completed.

Responsibilities

• Implement and maintain compliance Policies to support all related privacy regulations and requirements such as GDPR, CCPA, and other compliance frameworks (including AI governance and cyberresiliency).
• Conduct, review, and document privacy assessments (DPIAs, DTIAs, website/ cookie compliance, risk registry), identifying privacy risks, recommending mitigation measures, and supporting stakeholders through remediation, and improving day-to-day operational tasks in support of overall privacy compliance program. 
• Collaborate with business and engineering stakeholders to devise process and product privacy remediation activities across the organization (data retention/ deletion, responsible use of AI).
• Contribute to vendor risk management program to assess vendor privacy risks, and onboard subprocessors (coordinate subprocessor notifications, review vendor data privacy and security documentation). 
• Coordinate with the Legal team to execute DPA’s with customers, vendors, and partners/ resellers.
• Maintain records of data processing, data flows and process narratives for all business operational areas.
• Assist with answering data privacy related inquiries from customers, vendors, and employees (DSARs, opt-out/ unsubscribe, deletion, incident response).
• Ensure internal audits and tasks pertaining to data privacy are performed and tracked in a timely manner.
• Maintain centralized tracking and reporting for compliance commitments, remediation items, and customer-facing obligations, providing regular status updates to stakeholders.
• Own the preparation, maintenance, and reuse of standard customer-facing compliance artifacts (e.g., security questionnaires, privacy summaries, audit reports) to reduce reactive work and response time.
• Oversee and coordinate external and internal compliance audits, ensuring audit plans, timelines, evidence collection, and remediation activities are aligned, tracked, and completed in partnership with the audit owner.

Skills and experience

• 3+ years of hands-on experience in privacy compliance and governance within a SaaS or technology environment.
• Working knowledge of AI-related privacy and governance considerations; IAPP certifications preferred but not required.
• Ability to work effectively with cross-functional partners across engineering, product, sales, marketing, support, legal, and human resources, driving alignment and execution toward data privacy compliance goals.
• Practical understanding of privacy-by-design principles and experience applying them to engineering and marketing workflows.
• Experience developing, implementing, and maintaining privacy controls and procedures, with knowledge of commonly used control and risk frameworks (e.g., ISO, NIST).
• Knowledge of privacy and compliance risks associated with cookies, tracking technologies, and online analytics tools.
• Experience handling data subject rights requests (DSARs), as well as requirements related to encryption and anonymization, access controls, data retention and destruction, cross-border data transfers, privacy compliance assessments, and coordination of data breach or cyber incident response.
• Strong written and verbal communication skills, with the ability to manage multiple workstreams, prioritize effectively, and solve problems in a fast-moving environment.