Data Privacy Manager

Lendistry is an Equal Opportunity/Affirmative Action Employer. We consider applicants without regard to race, color, religion, age, national origin, ancestry, ethnicity, gender, gender identity, gender expression, sexual orientation, marital status, veteran status, disability, genetic information, or membership in any other group protected by federal, state, or local law.

If you need assistance or accommodation due to a disability, you may contact us at

Lendistry does not accept unsolicited resumes from recruiters, employment agencies, or staffing firms. To conduct business with Lendistry, a Master Services Agreement (MSA) must be executed and confirmed prior to submitting any information relating to a potential candidate. Without a signed MSA, Lendistry shall not be responsible to any individual or entity for any payment relating to any form of fee or compensation.

And, in the event that a resume or candidate is submitted by a recruiter, an employment agency, or a staffing firm without a fully executed MSA, Lendistry has the unrestricted right to pursue and hire any of those candidate(s) without any legal or financial responsibility to the recruiter, agency, and/or firm.

The Data Privacy Manager will lead the enterprise privacy program across our lending platform and subsidiary entities. This is a senior leadership role reporting to the Chief Information Security Officer, with direct escalation authority to the General Counsel, the Chief Compliance Officer, the CEO, and the Board on any matter where independent privacy judgment is required. The DPO's authority is designed to be independent in substance even where it sits administratively within the CISO organization.

You will have the documented right to raise, elevate, and publicly dissent on any privacy matter without requiring CISO concurrence, and your performance will be assessed in part on the credibility and independence of your privacy judgments.

You will own Lendistry's privacy strategy, policy, and operations end to end — from regulatory obligations under CCPA/CPRA, GLBA, SBA program requirements, state lending and consumer finance law, and evolving state privacy statutes, through day-to-day privacy operations, data subject rights handling, vendor privacy diligence, privacy-by-design embedded in product development, and privacy oversight of Lendistry's AI‑driven lending systems.

You will partner closely with the CISO and Security Engineering, Legal, Compliance, Product, Engineering, the AI team, and every business unit that handles borrower or employee personal information. You are the voice of privacy inside Lendistry — and, when required, the voice of Lendistry on privacy matters to regulators, banking partners, auditors, and the public.

We’re proud to be the nation’s largest minority‑led, tech‑savvy lender for small businesses and commercial real estate. As a certified Community Development Financial Institution (CDFI) and Community Development Entity (CDE), our mission is all about creating economic opportunities and fueling growth for small business owners and their communities. Join us as we pave the way with innovative financing and financial education!

You will own and evolve the privacy program end to end, including:

• The Lendistry privacy policy and notice framework — consumer, borrower, employee, and partner‑facing, kept current across every jurisdiction we operate in.
• The data inventory and records of processing activity — a single, credible view of what personal data we hold, for what purpose, and under what controls.
• The data subject rights operation — intake, verification, fulfillment, reporting — meeting every statutory timeline with defensible documentation.
• The PIA / DPIA process — especially for AI‑driven decisioning and new product launches.
• The vendor privacy diligence program — defensible, documented, and aligned with the GRC vendor risk function.
• The privacy incident response playbook — integrated with the CISO's security incident process and Legal's regulatory response process.
• The training and culture program — so privacy shows up in the daily decisions of…