Privacy Manager

• •Run privacy request operations end-to-end
• •Serve as the Data Protection Officer where required by law
• •Lead the preparation and submission of mandatory data protection impact assessments (DPIAs) and/or privacy risk assessments (PRAs) to supervisory authorities when required by law.
• •Partner with Legal in lock step
• •Build and maintain core privacy program governance (lean but audit-ready)
• •Vendor and procurement privacy
• •Personal data incident support
• •Metrics and continuous improvement

Disrupting an industry takes vision, innovation, passion, technical chops, drive to deliver, collaboration, and execution. Join a team of great people who strive for excellence and personify our corporate values of ownership, craftsmanship, and open communication. We are looking for new colleagues who bring innovative ways of thinking and problem solving, and who want risks to be part of the team that changes the world’s financial markets.

**Here are some of the benefits* of working at BitGo:**

• •Competitive base salary, bonus and stock options
• •100% company paid health insurance for employee, partner and dependents
• •Up to 4% 401k company match
• •Paid parental leave, Paid vacation
• •Free commuter/parking pass
• •Free custom lunches, dinners and snacks
• •Computer equipment and workplace furniture to suit your needs
• •Great colleagues and inspiring startup environment

*Benefits may vary based on location.

• •7 or more years with proven ability to build and run a privacy program with operational responsibility and hands-on execution of privacy requests at scale.
• •Demonstrated ability to operate as a high-autonomy individual contributor in a lean environment.
• •Strong experience partnering with attorneys and translating legal requirements into operational controls.
• •Working knowledge of global privacy regulatory expectations, including but not limited to GDPR, CCPA/CPRA, LGPD, PIPEDA, and how to implement them in practical workflows.
• •Strong technical fluency: systems, data flows, access control concepts, logging, and incident handling collaboration.
• •Oversee the formal creation and maintenance of the Record of Processing Activities (ROPA), including its periodic review and updates to ensure compliance with Article 30 of the GDPR (or equivalent local mandates).
• •Excellent writing and documentation discipline (regulator-ready and audit-ready records).