Senior GRC Analyst, Privacy

Responsibilities

• Privacy Program & Governance
• Own and maintain Benevity's Records of Processing Activities (ROPA) under both controller and processor regimes, ensuring compliance with GDPR Article 30 and equivalent requirements across applicable jurisdictions.
• Develop and maintain privacy policies, notices, standards, and control frameworks aligned with GDPR, UK-GDPR, CPRA/CCPA, PIPEDA, CASL, and emerging global laws (AU Privacy Act, India DPDP, Swiss FADP, and others).
• Support privacy policy approval, exception management, and attestation processes, actively seeking opportunities for process improvement and automation.
• Data Subject Rights & DSAR
• Build and manage DSAR intake, triage, and response workflows in compliance with statutory deadlines (30 days under GDPR; 45 days under CPRA), including coordination with business and legal stakeholders.
• Maintain and refresh the subprocessor listing in alignment with client Data Processing Agreement commitments and GDPR Article 28 obligations.
• Data Protection Impact & Risk
• Design, operationalize, and continuously improve the Data Protection Impact Assessment (DPIA) process; embed DPIA requirements into product, data, and business initiative workflows.
• Support the DPO operational function, including regulatory correspondence readiness, breach notification preparedness, and supervisory authority interface support in coordination with Legal.
• Partner with Security, Engineering, Product, Legal, and Data Governance teams to embed privacy by design and by default into key business initiatives.
• Regulatory Compliance & Monitoring
• Review and support the negotiation of Data Processing Agreements and data transfer mechanisms (SCCs, UK IDTAs) in collaboration with Legal.
• Monitor the global privacy regulatory landscape and assess the impact of new and evolving requirements on Benevity's operations and client commitments.
• Support multi-entity privacy obligations across Benevity's partner ecosystem, including jurisdiction-specific compliance requirements and data processing documentation.
• Tooling & Operational Delivery
• Maintain and enhance privacy workflows in GRC platforms (e.g., OneTrust Privacy module) to automate and streamline compliance operations at scale.
• Deliver executive-ready privacy reports, risk insights, and dashboards to inform leadership decision-making.
• Leverage AI tools and automation as a force multiplier, accelerating DSAR triage, regulatory horizon scanning, policy drafting, and evidence workflows to scale program output without scaling headcount.
• Advisory & Awareness
• Design and deliver privacy awareness and training programs to build a culture of data protection across Benevity.
• Serve as a cross-functional privacy advisor, partnering with teams across the organization to embed privacy requirements into products, services, and operational decisions.

Requirements

• 5+ years of experience in privacy, data protection, GRC, or a closely related field, ideally within a SaaS or high-growth technology environment.
• Deep, practical knowledge of global privacy frameworks, including GDPR, UK-GDPR, CPRA/CCPA, PIPEDA, and CASL, with working familiarity of emerging regim

Additional Information

Meet Benevity Benevity is the way the world does good, providing companies (and their employees) with technology to take social action on the issues they care about. Through giving, volunteering, grantmaking, employee resource groups and micro-actions, we help most of the Fortune 100 brands build better cultures and use their power for good. We're also one of the first B Corporations in Canada, meaning we're as committed to purpose as we are to profits. We have people working all over the world, including Canada, Spain, Switzerland, the United Kingdom, the United States and more! Benevity is seeking a Sr. GRC Analyst, Privacy to anchor and advance our data protection program across a complex, multi-jurisdictional regulatory landscape. In this role, you will own the design, operationalization, and continuous maturity of Benevity's privacy compliance program, spanning GDPR, UK-GDPR, CPRA, PIPEDA, CASL, and emerging global frameworks. You will build the foundational infrastructure that keeps Benevity accountable to its regulatory obligations: Records of Processing Activities, Data Subject Access Request workflows, Data Protection Impact Assessments, and subprocessor governance, ensuring the program is not only defensible to regulators but scalable as Benevity grows. As a trusted privacy advisor embedded across cross-functional teams, you will work closely with Legal, Security, Engineering, Product, and Data Governance to embed Privacy by Design into the business. You will support the DPO operational function, partner on Data Processing Agreement reviews, and translate complex privacy requirements into practical, business-aligned controls. Your work will directly protect Benevity's clients, employees, and the communities they serve, and ensure that trust remains a core competitive advantage.

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at Benevity? Share your experience