Data Privacy Compliance Manager

CoinFlip is a leading fintech company powered by cryptocurrency. The company operates the world's largest network of cryptocurrency ATMs by transaction volume with over 4,500 kiosks across 49 US states, Puerto Rico, Canada, Australia, New Zealand, South Africa, Italy, Panama, and Brazil supporting the buying and selling of major cryptocurrencies with cash. In 2020, CoinFlip launched Order Desk, an over-the-counter service that provides investors with a personal account manager and competitive coin pricing. In 2023, CoinFlip launched a digital app and created an additional way to easily buy, sell, send, swap, and receive crypto. 

CoinFlip was founded in 2015 by Daniel Polotsky, Kris Dayrit, Alan Gurevich, and Ben Weiss. Headquartered in Chicago, CoinFlip placed in the top 500 on the 2021, 2022, and 2023 Inc. 5000 list, and on the 2022 Deloitte Technology Fast 500, was named the 2021 and 2022 #1 fastest-growing company in Chicago by Crain's and was awarded the 2021 and 2022 Stevie ® Awards for Customer Service. For more information about CoinFlip, please visit www.CoinFlip.tech.

We’re seeking a Data Privacy Compliance Manager responsible for managing CoinFlip’s global data privacy program with the goal of identifying and protecting sensitive information, including internal and customer data. This role reports to CoinFlip’s Chief Information Security Officer, but also works closely with our compliance and legal departments. The Data Privacy Compliance Manager develops and oversees the privacy compliance program, supporting privacy compliance, governance/policy, and data response needs of legal, compliance and security teams. Key responsibilities include supporting CoinFlip’s businesses by leading efforts to create, maintain, and improve upon processes and procedures to comply with all relevant privacy and data protection laws, and to gather, preserve, and distribute proof of compliance where applicable.

• Conduct Privacy Impact Assessments (PIAs) of the application’s security design for the appropriate security controls, which protect the confidentiality and integrity of Personally Identifiable Information (PII)
• Responsible for the implementation of the company's domestic and international business and consumer privacy protection program
• Interpret and apply data privacy regulations, policies, standards, or procedures to specific issues
• Interpret patterns of non-compliance to determine their impact on levels of risk and/or overall effectiveness of the enterprise’s cybersecurity program
• Manage and ensure the enterprise data inventory is kept up-to-date
• Develop privacy training materials and other communications to increase employee understanding and awareness of company privacy policies, data handling practices and procedures and legal obligations
• Work with the general counsel and business teams to ensure both existing and new services comply with privacy and data security obligations
• Work with legal counsel, management, key departments, and committees to ensure the organization has and maintains appropriate privacy and confidentiality consent, authorization forms and information notices and materials reflecting current organization and legal practices and requirements
• Maintain current knowledge of applicable federal, state, and international privacy laws and accreditation standards, and monitor advancements in information privacy technologies to ensure organizational adaptation and compliance
• Work with business teams and senior management to ensure awareness of “best practices” on privacy and data security issues
• Collaborate with the cybersecurity and IT teams to ensure privacy requirements are translated into technical requirements and solutions are implemented correctly
• Interface with Senior Management to develop strategic plans for the collection, use and sharing of information in a manner that maximizes its value while complying with privacy regulations
• Identify and manage privacy incidents and breaches in conjunction with the Chief Information Security Officer, legal counsel and the business units.
• Other assigned duties.

• 5 years’ experience in a privacy / data loss prevention and protection related field
• The ability to create a data privacy program and eventually lead a team of privacy professionals
• Bachelor degree or above in information security, computer, or related majors
• The ability and experience with working across departments and business units to implement organization’s privacy principles and programs, and align privacy objectives with security objectives
• The ability to develop, update, and/or maintain standard operating procedures (SOPs)
• The ability to determine whether a security incident violates a privacy principle or legal standard requiring specific legal action
• Expertise in domestic and international laws and regulations, such as cybersecurity law, GDPR, HIPPA, etc.
• The ability to partner with lawyers and outside law firms to stay abreast of changing privacy related laws and regulations
• Experience with cloud environments (e.g., AWS, Azure, O365) and technical implementation of data security and privacy requirements
• Self-driven with good teamwork, communication skills
• Privacy certification preferred (e.g., CDPSE, CIPP-E, CIPP-US, CIPM, CISSP)

• Experience working for a rapidly growing startup, and managing change
• Experience in financial services, fintech and/or crypto

Working at CoinFlip means collaborating with experienced and innovative leaders who share a clear vision and a track record of success. We offer a collaborative and positive working environment where we encourage employees to balance productivity with time to recharge. Compensation is above and beyond a typical “startup” — we offer competitive salaries, performance-based incentives, and competitive benefits for full-time employees.

CoinFlip values diversity in the workplace and is an equal opportunity employer committed to providing an inclusive and accessible work environment. We thank all candidates who apply, but only those selected for an interview will be contacted. 

By applying to this role, you give express consent to CoinFlip to send you informational text (SMS) messages regarding this role and the application process. You can cancel the SMS service at any time by replying "STOP" to the text message you received. If at any time you forget what keywords are supported, just reply "HELP." Message and data rates apply. If you require a special accommodation, please let us know and we’ll work with you to meet your needs.