Data Protection Officer at Timehop
New York City, NY, US
About us:Every day, millions of users come to Timehop to reminisce. Timehop surfaces all of your memories, from your camera roll and social media accounts to show you what you did and what you said on this day in history. Our platform has connected people to their past for nearly a decade, and we’ve successfully leveraged programmatic advertising to enable and empower our mission. We now offer this mobile advertising platform–called Nimbus–as a service to third-party mobile applications to power their programmatic advertising needs. 
What we’re looking for?Timehop/Nimbus is seeking an experienced data protection, privacy & compliance professional to fill the role of Data Protection Officer. The position is located in New York City.
How will you help us achieve it?You will help build and oversee a data protection and privacy compliance program to ensure that Timehop and Nimbus handle personal data safely and responsibly and comply with all applicable data protection and privacy laws, including the EU General Data Protection Regulation (“GDPR”), the California Consumer Privacy Act (CCPA),  oversight of international compliance regulations as well as SOC1 and 2 compliance, and assisting teams with financial and data security issues. You will work collaboratively across multiple teams to build and enhance an appropriate compliance framework for developing and deploying products, infrastructure and policies that adhere to best-in-class privacy practices. You will also act as the primary point of contact for Timehop/Nimbus and its employees, regulators, and the public for issues relating to our data protection, privacy and compliance program.

What you'll do:

    • Experience managing and mitigating privacy, data protection and compliance risk. Key skills include the ability to communicate and translate privacy and compliance issues across a diverse set of teams.
    • Data & Privacy Compliance: In depth knowledge of GDPR as well as American and other national/state data protection laws such as CCPA, including conducting regular internal compliance audits, leading training, and ensuring the maintenance of accurate and up-to-date records demonstrating such compliance, and performing all other necessary duties in accordance with Article 39 of the GDPR.
    • Participate in the analysis and understand how GDPR applies to the business, and in particular in relation to new regulatory announcements and ensure communication to any impacted areas is concise. The successful candidate will be a “doer”, and know how to map data flows, conduct risk assessments and testing, product development reviews, vendor assessments and monitoring, communicating with regulators, and lead training.
    • General Compliance: Provide supervisory oversight to our existing SOC 1 and imminent SOC 2 program.
    • Product & Engineering: Experience advising on data protection, privacy and compliance requirements in a company that develops tech products, uses digital marketing, etc. Comfortable communicating in an informed manner and with credibility to advise and influence product developers and engineers.

Job Requirements

    • You have 3+ years of relevant work experience with global data protection and privacy issues in a multi-jurisdictional environment. A law degree is a plus, but not required.
    • Understanding of GDPR and CCPA compliance issues
    • Familiarity with information systems compliance standards and information security frameworks and certifications
    • Tech savvy. You don’t need to be an engineer, but ideally you have knowledge of major security technologies, development and analytics tools, and cloud infrastructure platforms.
    • Project management skills, including experience building and enhancing global compliance programs
    • Experience working collaboratively with Compliance,Legal and Product Management teams 
    • Excellent judgment. Demonstrated ability to find practical, appropriate solutions to compliance issues.
    • A high degree of integrity and credibility - you know how to use your experience, skill and smarts to influence and manage complex projects.
    • You work well autonomously - you need to be able to roll up your sleeves and do the work yourself.
    • Effective communication skills - verbally and in writing (this means you can speak and write in plain English, not only legalese) and can tailor your communication to suit a wide-range of audiences (board of directors, Engineering teams, product managers, legal teams, etc.)
About Timehop
Timehop created the digital nostalgia category and continues to be THE team reinventing reminiscing for the digital era. We have more "old" photos and content than ever before, yet most of the internet focuses on "new". Timehop has a massive untapped opportunity to build new ways of consuming, storytelling, and finding meaning in our digital histories.
Our goal is to help billions of people around the world connect with their friends around the past. We collect your scattered digital history from the far corners of the internet – all of your past photos, status updates, tweets, check-ins and posts. Then we add context and meaning so that you understand and appreciate your history better. Lastly, we help you tell great stories by making it easy to creatively share and talk about your history.
With our new Nimbus ad platform – built from our own needs and for the needs of publishers – Timehop is a profitable company, with no plans to raise more VC. We control our own destiny and that future is bright. We're looking for talented people to join our team.