Manager of Privacy Compliance
Upstart is seeking a Manager of Privacy Compliance to lead and enhance its privacy program, ensuring alignment with consumer finance and privacy regulations. This role involves integrating privacy controls into AI/ML systems, financial products, and data pipelines, while fostering innovation and maintaining compliance with complex financial and privacy laws.
The Manager of Privacy Compliance will collaborate with cross-functional teams, including Product, Engineering, Data Science, Data Analytics, Legal, Security, and Compliance, to embed privacy-by-design principles into AI models, underwriting workflows, data pipelines, and new product features. Key responsibilities include conducting privacy risk and impact assessments for new product launches, machine learning models, new data sources, consumer-facing financial products, and emerging technologies. The role also involves supporting privacy aspects of model governance, explainability, algorithmic fairness reviews, and data lifecycle management. Additionally, the Manager will maintain enterprise privacy documentation, such as records of processing activities, data flow diagrams, and system-of-record artifacts to support audits and regulatory expectations. Collaboration with Security and Compliance teams on data safeguards, access controls, vendor assessments, and privacy incident response activities is also essential.
Candidates should possess a Bachelor's degree in law, business, information systems, computer science, or a related field, or have equivalent experience. A minimum of 5 years in privacy, compliance, risk, or data governance within fintech, financial services, AI/ML, or other highly regulated environments is required. Strong working knowledge of GLBA, FCRA, ECOA, CCPA/CPRA, NIST Privacy Framework, ISO 27701, and model governance and automated decision systems is essential. Experience in conducting DPRAs/PIAs/DPIAs, managing privacy controls, and collaborating with technical teams is necessary. The ability to translate regulatory requirements into actionable requirements for engineering and data science teams is crucial.
Preferred qualifications include professional privacy certifications such as CIPP/US, CIPM, or CIPT, experience supporting credit decisioning, lending, underwriting, fraud prevention, or financial operations, familiarity with model governance, automated decision systems, and AI/ML lifecycle processes, experience supporting regulatory examinations, internal audits, or external audits, and knowledge of modern cloud architectures, data platforms, machine learning tooling, and generative AI.
Upstart offers competitive compensation, including base salary, bonuses, and equity. Benefits include comprehensive medical, dental, and vision coverage, a generous 401(k) plan with matching contributions, an Employee Stock Purchase Plan (ESPP), life and disability insurance, paid time off, and family leave. Additional perks include annual wellness, technology, and ergonomic reimbursement programs, social activities such as team events and onsites, and catered lunches and snacks in offices.
Upstart is a digital-first company with offices in San Mateo, California; Columbus, Ohio; Austin, Texas; and New York City, NY (opening Summer 2026). The company supports flexible work arrangements and opportunities for in-person collaboration through team onsites and planning sessions. Upstart is committed to fostering a diverse and inclusive work environment and encourages individuals from all backgrounds to apply.