Manager of Privacy Compliance

Upstart · Fintech · Remote · Compliance

Manager of Privacy Compliance at Upstart, a fintech company. This role focuses on building and maturing the company's privacy program, embedding privacy controls into AI/ML systems, product lifecycles, and data pipelines, while ensuring compliance with financial and privacy regulations. Responsibilities include leading privacy risk assessments, supporting model governance, and maintaining privacy documentation.

What you'd actually do

  1. Build, manage, and mature Upstart’s privacy program in alignment with consumer finance and privacy regulatory requirements.
  2. Partner with Product, Engineering, Data Analytics, Legal, Security, and Compliance to embed privacy-by-design into AI models, underwriting workflows, data pipelines, and new product features.
  3. Lead privacy risk and impact assessments (DPRAs/PIAs/DPIAs) for new product launches, machine learning models, new data sources, consumer-facing financial products, and emerging technologies.
  4. Support privacy aspects of model governance, explainability, algorithmic fairness reviews, and data lifecycle management.
  5. Maintain enterprise privacy documentation, including records of processing activities, data flow diagrams, and system-of-record artifacts to support audits and regulatory expectations.

Skills

Required

  • Privacy program management
  • Risk assessment (DPRAs/PIAs/DPIAs)
  • Embedding privacy controls
  • Regulatory compliance (consumer finance, privacy)
  • Collaboration with technical teams (Engineering, Data Science)
  • Data governance
  • Model governance support
  • Explainability
  • Algorithmic fairness

Nice to have

  • Professional privacy certifications (CIPP/US, CIPM, CIPT)
  • Credit decisioning/lending/underwriting/fraud prevention experience
  • Automated decision systems
  • AI/ML lifecycle processes
  • Regulatory examinations/audits
  • Cloud architectures
  • Data platforms
  • Machine learning tooling
  • Generative AI

What the JD emphasized

  • privacy-by-design into AI models
  • machine learning models
  • consumer finance and privacy regulatory requirements
  • highly regulated environments