Note: The job is a remote job and is open to candidates in USA. PrivacyWise is a data and AI governance consulting firm that helps companies handle data responsibly. They are seeking a part-time Privacy Operations Specialist to execute day-to-day privacy program tasks such as vendor reviews and data mapping, while collaborating closely with senior team members on client engagements.
Responsibilities
- Vendor and third-party reviews. Send and triage vendor questionnaires, review DPAs and sub-processor lists, score vendor risk, track follow-ups, manage the back-and-forth
- Data mapping and inventories. Conduct stakeholder interviews, build and maintain data inventories and ROPAs, map data flows, document processing activities
- DSAR support. Help clients respond to access, deletion, and opt-out requests — intake, verification, fulfillment tracking
- Consent and tracker operations. Review and make updates to CMP configurations (OneTrust, TrustArc, etc.), interpret consent audit findings, support remediation work
- Policy and notice maintenance. Update privacy notices, internal policies, vendor-facing documentation as laws and client circumstances change
- Assessment execution support. Collect evidence, schedule and run interviews, take meticulous notes, organize findings, draft sections of assessment reports under direction
- Project management. Keep client work moving — track action items, follow up on outstanding requests, make sure nothing falls through the cracks
Skills
- 3+ years of hands-on privacy operations experience (in-house, consulting, or law firm support — all count)
- CIPP/US and/or CIPT (or actively working toward it)
- Working knowledge of CCPA/CPRA, GDPR, and the U.S. state privacy law patchwork (Colorado, Texas, Virginia, etc.); awareness of MHMDA, COPPA, and HIPAA basics
- Experience executing at least three of these: vendor due diligence, data mapping, DSAR handling, CMP configuration (OneTrust/TrustArc/Sourcepoint), privacy notice updates, DPIA drafting
- Strong project management discipline — you can keep a dozen things moving without dropping any of them
- Clear, concise verbal and written communication. You can explain a privacy concept to a marketing manager without making them feel stupid, and to a GC without sounding like a textbook
- CIPM, CIPP/E, or PLS in addition to CIPP/US
- Direct experience with ad tech privacy (cookie audits, pixel reviews, HAR file analysis, GTM/server-side tagging, IAB TCF, GPC)
- Experience supporting privacy assessments (maturity assessments, audits, gap analyses)
- Familiarity with consulting workflows — multiple clients, billable hours, deliverables-on-deadline
- Background in retail, health/wellness, or ad tech industries
Benefits
- Remote, async-friendly, but reachable during U.S. business hours for client work
Company Overview