Privacy & Cybersecurity Compliance Officer

What You Will Do:

• Privacy & Data Protection Compliance:
• Lead and manage compliance with global data privacy regulations, including but not limited to GDPR, CCPA, CPRA, and other relevant privacy laws.
• Develop, implement, and monitor data privacy policies, procedures, and controls to ensure compliance with regulatory requirements and internal standards.
• Conduct data protection impact assessments (DPIAs), privacy audits, and assessments of data processing activities to ensure compliance with applicable laws.
• Advise on cross-border data transfer issues and implement solutions, including Standard Contractual Clauses (SCCs), Binding Corporate Rules (BCRs), and data localization strategies.
• Act as the primary point of contact for privacy regulators, handling inquiries, audits, and complaints from data subjects.
• Cybersecurity Compliance:
• Oversee the ad tech division’s cybersecurity compliance program, ensuring adherence to industry standards and best practices such as NIST, ISO 27001, and SOC 2.
• Collaborate with IT and security teams to design, implement, and enforce cybersecurity policies, including incident response plans, data breach protocols, and risk management strategies.
• Ensure that appropriate technical and organizational measures are in place to protect sensitive data, including encryption, access controls, and security monitoring.
• Regularly conduct risk assessments and security audits to identify vulnerabilities and implement remediation plans.
• Coordinate responses to cybersecurity incidents, including leading post-incident reviews and ensuring compliance with breach notification requirements under various regulations.
• Vendor and Third-Party Risk Management:
• Establish and maintain a robust third-party risk management program, ensuring that vendors and partners meet the company’s privacy and cybersecurity standards.
• Conduct privacy and security due diligence on new and existing vendors, especially those involved in data processing activities.
• Review and negotiate privacy and cybersecurity terms in vendor contracts, ensuring alignment with internal and regulatory requirements.
• Training & Awareness:
• Develop training programs for employees on data privacy, cybersecurity best practices, and compliance obligations.
• Promote awareness of privacy and cybersecurity risks across the organization, fostering a culture of compliance and security.
• Serve as a key advisor to ad tech senior management on emerging privacy and cybersecurity trends and their potential impact on the company.
• Regulatory & Legal Guidance:
• Provide expert advice to the legal team, business units, and senior leadership on privacy and cybersecurity-related matters.
• Keep abreast of changes in global privacy and cybersecurity laws and industry regulations, proactively advising the company on how these changes may impact business operations.
• Assist in the review and negotiation of data protection agreements, privacy policies, terms of service, and other legal documents to ensure compliance with privacy laws and data security standards.
• Reporting & Monitoring:
• Develop regular reports to the General Counsel, and executive leadership on privacy and cybersecurity compliance initiatives, risks, and incidents.
• Track and report on key privacy and cybersecurity metrics, including the number of privacy incidents, data breach responses, and compliance with regulatory timelines.

Who You Are:

• Education: Bachelor's degree required, with a preference for a JD, MBA, or a related advanced degree.
• Certifications: Certified Information Privacy Professional (CIPP), Certified Information Systems Security Professional (CISSP), or similar certifications are strongly preferred.
• Experience: Minimum of 3-5 years of experience in privacy, data protection, and cybersecurity compliance, ideally within the ad tech or tech industry.
• Knowledge: Deep understanding of global privacy laws (GDPR, CCPA, CPRA, etc.) and cybersecurity frameworks (NIST, ISO 27001, SOC 2).
• Proven experience in developing and implementing privacy and cybersecurity programs, policies, and incident response plans.
• Strong working knowledge of advertising technology, digital marketing practices, and related regulatory challenges, including ad fraud, cookie compliance, and cross-border data flows.
• Skills:
• Excellent communication and interpersonal skills, with the ability to interact effectively with both technical and non-technical stakeholders.
• Strong leadership skills with experience managing cross-functional teams and projects.
• Analytical mindset with the ability to assess and mitigate risk while balancing business needs.
• Ability to work under pressure in a fast-paced, dynamic environment.

Why Mediaocean?

• Competitive total compensation, including 401(K) employer match and financial wellness seminars 
• Extensive medical, dental, and vision plan – Keep your family (or just yourself!) safe and healthy
• Flexible time off – In addition to our 14 company holidays, we provide open PTO to all U.S.- based Mediaocean employees. So take a sick day, vacation day, or mental health day 
• Bonding Leave – After six months of employment at Mediaocean, mothers and fathers, including same-sex parents, can take job-protected, paid time off to bond with their child within the first 12 months of the child’s birth or adoption 
• Insurance, Pet Insurance, employer matched Health Savings Account and Flexible Spending Accounts
• Professional development – Personalized development plan created with your manager, continuous internal and external trainings, official company-wide mentorship program, professional development rewards program, management, leadership, and function-specific training for top performance, education reimbursement 
• Get rewarded for demonstrating Mediaocean values 
• Active affinity-based groups – Form connections with similar peers in offices around the world. Groups include: Women at MO, Black Employees at Mediaocean (BEMO), Pride at MO, Mi gente (Hispanic/Latinx community), AAPI at MO, Parents at MO, International Enrichment, Language Lovers, Books & Beyond, DEI in Engineering, and Mental Health & Wellness, and Caregivers United  
• Wellness opportunities – Free virtual yoga and abs and glutes classes, company-paid Headspace meditation app membership, company-wide steps challenges, complimentary snacks in-office   
• Bikeshare program in select offices, (Divvy and CitiBike for Chicago and New York offices)  
• All of these benefits/perks are effective on the date of hire