Privacy Program Manager



San Francisco, CA, USA
Posted on Wednesday, August 16, 2023

Upgrade is a fintech company that provides affordable and responsible credit, mobile banking, and payment products to everyday consumers. We were the fastest growing company in the Americas last year according to the Financial Times and Upgrade Card was the fastest growing credit card in America. We have delivered over $21 billion in affordable and responsible credit over the last 5 years. The company is backed by some of the most prominent technology investors and was recently valued at $6.3B.

We have built an energizing, collaborative and inclusive culture where team members help each other, learn and innovate to move the company and its customers in the right direction, and own the outcome of their efforts.

Upgrade has been named a “Best Place to Work in the Bay Area” three years in a row, “Top Companies to work for in Arizona” and one of the "Best Engineering Department" awarded annually by Comparably. We've also received recognition for being a best company for Diversity, Women, Culture, and Veterans.

We are looking for new team members who get excited about designing and delivering new and better products to join a team of 1500 talented and dedicated professionals. Come join us if you like to tackle big problems and make a meaningful difference in people's lives.

About the Role:

We’re seeking a Privacy Program Manager to help mature and manage our privacy program. Reporting to the Legal Director, Privacy, this role will provide comprehensive support for operationalizing privacy requirements for various business teams. Partnering with cross-functional stakeholders across the company, this role will help develop and implement our privacy controls framework.

What You’ll Do:

  • Support the implementation of privacy, security, and data governance requirements and best practices and ensure operational effectiveness of policies, procedures, and controls
  • Work closely with a variety of cross-functional stakeholders
  • Bridge communication with both technical engineering and business teams to connect legal requirements with implementation of business requirements
  • Scope, manage, and drive to completion the end-to-end delivery of compliance projects with excellent project management skills
  • Identify, drive, and manage privacy program maturation, including mapping policies, standards, guidelines, and controls against internationally recognized data and privacy standards such as ISO, GAAP, and NIST
  • Develop, maintain, and track meaningful metrics to gauge the effectiveness of the program and prepare reports on progress of key deliverables for multiple stakeholders
  • Work with business teams to complete relevant privacy assessments for any new or existing systems, products, or business processes involving personal information
  • Keep track of evolving privacy and data protection laws

What We Look For:

  • 3-5+ years of operational, in-house experience implementing privacy and data governance initiatives with an emphasis on programmatic compliance
  • BS/BA degree or equivalent experience in relevant fields such as law, privacy, information security, information technology, or related discipline
  • Certifications such as CIPP, CIPM, or CIPT and/or PMP are preferred
  • Strong, demonstrable experience leading organizational change and end-to-end project management
  • Experience managing projects across cross-functional teams, building scalable and sustainable processes
  • Ability to take large, complex projects/problems and break them up into pieces, with deep technical, project, and program management expertise
  • Ability to coordinate cross-functionally, including with outside vendors, on issues related to privacy, information security, product development, compliance requirements, and other technology initiatives
  • Excellent communication, interpersonal, organizational, and writing skills, including project plan creation and management, status and result reporting, and effective training presentations
  • Demonstrable knowledge of compliance methods, standards, processes, governance models, and industry standard compliance frameworks
  • Proven track record of leading large, complex programs/projects, including experience supporting compliance initiatives for global privacy and regulatory frameworks, such as GDPR, CCPA
  • Strong working knowledge of relevant financial privacy and data protection laws, regulations, and industry standards, including, GLBA, FCRA, CCPA, CalFIPA, NY DFS cybersecurity regulation, PCI DSS, and others

Nice to Have:

  • Technical Program Management (TPM) or other engineering/technology background is a plus.

What We Offer You:

  • Competitive salary and stock option plan
  • 100% paid coverage of medical, dental and vision insurance
  • Flexible PTO
  • Opportunities for professional growth and development
  • Paid parental leave
  • Health & wellness initiatives

The compensation range of this position in San Francisco, CA is USD $135,000 - $155,000 annually plus equity and benefits. Within this range, an individual's base pay will be dependent on a variety of factors, including without limitation, job-related knowledge, skills, education, and experience.

Upgrade has different base pay ranges for different work locations within the United States and Canada, which allows us to pay employees competitively and consistently in different geographic markets. The range could vary depending on what ultimately is determined to be the candidate’s primary work location.

Notice to California-based Candidates for Employment. This California Candidate Privacy Notice is intended to provide information about how Upgrade collects and uses personal information to California consumers who apply for employment with Upgrade If you are employed by Upgrade, refer to the Employee Handbook for additional information. For any questions about this notice, please contact
Personal Information Upgrade Collects:
Identifiers Including name, address, email, telephone number, social security number, driver license number, passport number, and other personal identifying information. Characteristics of protected classifications under California or federal law, including demographic information and other personal information obtained during the application process, such as gender, race, national origin. Professional or employment-related information, such as salary/compensation and benefits packages, other relocation or job preferences, prior background, experience, skills, and other information in support of your application, reference information, other information obtained through background checks, including employment, credit, and criminal history. Education Information. Any other information you provide as a part of recruitment, job application, or interview process.
Purposes for Collecting Personal Information:
To consider qualifications, skills, and interest for employment. To communicate with you during the recruitment and interview process. To conduct background checks and verify your information if you are offered employment. To provide compensation, including payroll, and administer stock options and benefits, including medical, dental, vision, commuter, and retirement benefits. To provide human resources services and conduct performance evaluations. To monitor work eligibility including work-related licenses, credentials, training, and eligibility to work in the United States. To improve recruitment and interview processes and ensure a safe and efficient working environment. To comply with applicable legal or regulatory requirements including state and federal company reporting obligations.

We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.