Senior GRC Analyst, Privacy
Company Overview
Benevity is the way the world does good, providing companies (and their employees) with technology to take social action on the issues they care about. Through giving, volunteering, grantmaking, employee resource groups and micro-actions, we help most of the Fortune 100 brands build better cultures and use their power for good. We’re also one of the first B Corporations in Canada, meaning we’re as committed to purpose as we are to profits.
We have people working all over the world, including Canada, Spain, Switzerland, the United Kingdom, the United States and more!
Benevity is seeking a Sr. GRC Analyst, Privacy to anchor and advance our data protection program across a complex, multi‑jurisdictional regulatory landscape. In this role, you will own the design, operationalization, and continuous maturity of Benevity’s privacy compliance program, spanning GDPR, UK‑GDPR, CPRA, PIPEDA, CASL and emerging global frameworks. You will build the foundational infrastructure that keeps Benevity accountable to its regulatory obligations:
Records of Processing Activities, Data Subject Access Request workflows, Data Protection Impact Assessments and subprocessor governance, ensuring the program is defensible to regulators and scalable as Benevity grows. You will act as a trusted privacy advisor embedded across cross‑functional teams, working closely with Legal, Security, Engineering, Product and Data Governance to embed Privacy by Design into the business.
- Own and maintain Benevity’s Records of Processing Activities under both controller and processor regimes, ensuring compliance with GDPR Article 30 and equivalent requirements across applicable jurisdictions.
- Develop and maintain privacy policies, notices, standards and control frameworks aligned with GDPR, UK‑GDPR, CPRA/CCPA, PIPEDA, CASL and emerging global laws.
- Support privacy policy approval, exception management and attestation processes, constantly seeking opportunities for process improvement and automation.
- Build and manage DSAR intake, triage and response workflows in compliance with statutory deadlines (30 days under GDPR; 45 days under CPRA) and coordinate with business and legal stakeholders.
- Maintain and refresh the subprocessor listing in alignment with client Data Processing Agreement commitments and GDPR Article 28 obligations.
- Design, operationalize and continuously improve the DPIA process; embed DPIA requirements into product, data and business initiative workflows.
- Support the DPO operational function, including regulatory correspondence readiness, breach notification preparedness and supervisory authority interface support in coordination with Legal.
- Partner with Security, Engineering, Product, Legal and Data Governance teams to embed privacy by design and by default into key business initiatives.
- Review and support the negotiation of Data Processing Agreements and data transfer mechanisms (SCCs, UK IDTAs) in collaboration with Legal.
- Monitor the global privacy regulatory landscape and assess the impact of new and evolving requirements on Benevity’s operations and client commitments.
- Support multi‑entity privacy obligations across Benevity’s partner ecosystem, including jurisdiction‑specific compliance requirements and data processing documentation.
- Maintain and enhance privacy workflows in GRC platforms (e.g., One Trust Privacy module) to automate and streamline compliance operations at scale.
- Deliver executive‑ready privacy reports, risk insights and dashboards to inform leadership decision‑making.
- Leverage AI tools and automation as a force multiplier, accelerating DSAR triage, regulatory horizon scanning, policy drafting and evidence workflows to scale program output without scaling headcount.
- Design and deliver privacy awareness and training programs to build a culture of data protection across Benevity.
- Serve as a cross‑functional privacy advisor, partnering with teams across the organization to embed privacy requirements into…
To Search, View & Apply for jobs on this site that accept applications from your location or country, tap here to make a Search: