Senior Compliance & Privacy Program Manager

Commerce•Austin, TX

1d•$104,000 - $156,000

About The Position

At Commerce, our mission is to empower businesses to innovate, grow, and thrive with our open, AI-driven commerce ecosystem. As the parent company of BigCommerce, Feedonomics, and Makeswift, we connect the tools and systems that power growth, enabling businesses to unlock the full potential of their data, deliver seamless and personalized experiences across every channel, and adapt swiftly to an ever-changing market. Simply said, we help businesses confidently solve complex commerce challenges so they can build smarter, adapt faster, and grow on their own terms. If you want to be part of a team of bold builders, sharp thinkers, and technical trailblazers, working together to shape the future of commerce, this is the place for you. We are seeking a Senior Privacy Program Manager / Lead to design, build, and operationalize a comprehensive privacy program that supports the company’s activities as both a data controller and a data processor, including the use of AI and data-driven technologies across commercial operations and product development. This role blends privacy program ownership, hands-on analytical execution, and product evaluation, requiring someone who can translate regulatory, contractual, and customer expectations into practical, scalable privacy controls. The role partners closely with Legal, Security, Sales, Marketing, Product, and Engineering, and contributes directly to the company’s customer trust posture.

Requirements

Experience & Regulatory Expertise: 5+ years in privacy, data protection, or compliance, with a strong operational grasp of global frameworks (GDPR, CPRA, PIPEDA, etc.).
Hands-On Execution: Proven track record of conducting PIAs/DPIAs, executing data mapping, and navigating privacy obligations as both a Data Controller and Data Processor.
AI & Tech Evaluation: Experience assessing privacy and data protection risks specific to AI, machine learning, and complex data-driven systems (including automated decisioning/profiling).
Cross-Functional Translation: Excellent communication skills with the ability to translate complex privacy laws into practical, actionable guidance for both technical (Engineering/Product) and non-technical (Sales/Marketing) teams.
Certifications: Active privacy certifications (e.g., CIPM, CIPP/E, CIPP/US).

Nice To Haves

Tech & Security Fluency: Working knowledge of IT security concepts, cloud data flows, the Software Development Life Cycle (SDLC), or basic data analysis/coding skills.
Program & Risk Management: Experience utilizing formal risk frameworks, driving process improvements, and managing workflows in tools like Jira, Asana, or Smartsheet.
Legal Acumen: Demonstrated ability to review, draft, and amend privacy-related contracts or vendor agreements.

Responsibilities

Build, own, and scale the company’s global privacy program, ensuring compliance with global regulations (GDPR, CCPA, PIPEDA, etc.).
Define and implement governance frameworks that clearly operationalize our obligations as both a Data Controller and Data Processor.
Develop privacy metrics, dashboards, and policies to measure program effectiveness and demonstrate accountability.
Own and maintain core privacy operations, including Data Subject Access Requests (DSARs), Records of Processing Activities (RoPAs), data retention, and vendor risk management.
Conduct comprehensive risk evaluations (PIAs, DPIAs, TIAs, LIAs) and data flow analyses across all internal systems and products.
Serve as the privacy lead for incident response, internal audits, and customer due diligence inquiries.
Partner closely with Product and Engineering to embed Privacy-by-Design and default principles directly into the software development lifecycle (SDLC).
Evaluate new product builds and system designs for privacy risks, with a heavy focus on AI-enabled features, machine learning models, and automated decision-making tools.
Assess AI-specific risks, including training data usage, data minimization, and downstream data exposure.
Act as a trusted advisor to Sales, Marketing, Legal, and Security, translating complex regulatory requirements into practical, scalable business processes.
Evaluate commercial activities (like AI-driven marketing and analytics) to ensure they align with our external commitments and public-facing privacy statements.
Proactively identify and fix process gaps to reduce manual effort, minimize customer friction, and strengthen the company's overall trust posture.