Data Privacy Manager

Lendistry is an Equal Opportunity/Affirmative Action Employer. We consider applicants without regard to race, color, religion, age, national origin, ancestry, ethnicity, gender, gender identity, gender expression, sexual orientation, marital status, veteran status, disability, genetic information, or membership in any other group protected by federal, state, or local law.

If you need assistance or accommodation due to a disability, you may contact us at hr@lendistry.com

Lendistry does not accept unsolicited resumes from recruiters, employment agencies, or staffing firms. To conduct business with Lendistry, a Master Services Agreement (MSA) must be executed and confirmed prior to submitting any information relating to a potential candidate. Without a signed MSA, Lendistry shall not be responsible to any individual or entity for any payment relating to any form of fee or compensation.

And, in the event that a resume or candidate is submitted by a recruiter, an employment agency, or a staffing firm without a fully executed MSA, Lendistry has the unrestricted right to pursue and hire any of those candidate(s) without any legal or financial responsibility to the recruiter, agency, and/or firm. 

A Day in the Life

The Data Privacy Manager will lead the enterprise privacy program across Lendistry’s and affiliated and subsidiary entities. Reporting to the VP, Enterprise Security, this role is the organization’s technical data privacy subject matter expert, translating regulatory requirements into concrete technical controls and auditable processes.

You will own the governance, technical, and operational aspects of Lendistry’s privacy program, spanning regulatory obligations under CCPA/CPRA, GLBA, SBA program requirements, state lending and consumer finance law, and evolving state privacy statutes, through day-to-day privacy operations, data subject rights handling, vendor privacy diligence, and privacy-by-design embedded in product development and AI/ML pipelines.

You will partner closely with Security, Legal, Compliance, Product, Engineering, and every business unit and process that collects, processes, or shares personal information, serving as the primary driver of technical implementation of compliance obligations across the organization.

Lendistry: Who We Are           

We’re proud to be the nation’s largest minority-led, tech-savvy lender for small businesses and commercial real estate.  As a certified Community Development Financial Institution (CDFI) and Community Development Entity (CDE), our mission is all about creating economic opportunities and fueling growth for small business owners and their communities.  Join us as we pave the way with innovative financing and financial education!

What You’ll Be Doing

Data Privacy & Protection

• Serve as the Data Privacy subject matter expert for the organization.

• Design, implement, and manage solutions to protect personal data, embedding “privacy by design” into the software development lifecycle, product architecture, and AI/ML privacy integration.

• Act as a bridge between Compliance, Legal, and Engineering teams to translate privacy policy and regulatory requirements into (i) actionable requirements such as data minimization, encryption, tokenization, data masking, anonymization, and access controls, and (ii) clearly defined, auditable controls.

• Maintain and continuously update enterprise data flow diagrams and data inventories to map the lifecycle of personal information from ingestion to deletion.

• Lead and document annual privacy risk assessments, including Privacy Impact Assessments (PIAs) and Data Protection Impact Assessments (DPIAs).

• Manage first-line-of-defense compliance with the technical requirements of applicable US state privacy laws (CCPA/CPRA, GLBA Safeguards Rule, and the growing patchwork of state statutes).

• Support incident response activities related to data privacy, including breach assessment, documentation, and regulatory support, in partnership with the Security and Legal.

Privacy Strategy & Program Ownership

• Own the governance, technical, and operational aspects of the enterprise privacy program across Lendistry and all subsidiary entities, working cross-departmentally with Legal, Compliance, and Engineering to set privacy strategy.

• Serve as Lendistry’s point of contact for Legal and Compliance on privacy matters involving regulators, banking partners, auditors, and consumers.

• Set the privacy roadmap, including annual program priorities, investment requests, and measurable objectives tied to business and regulatory risk.

• Report regularly to VP, Security and executive leadership on privacy posture, material risks, regulatory developments, incidents, and program maturity.

Privacy by Design & AI Privacy

• Embed privacy by design in the product development lifecycle, reviewing new features, data flows, retention changes, and vendor integrations before they ship.

• Partner with the AI team to set privacy guardrails on Lendistry’s AI systems, including data minimization, PII redaction before inference, model training data governance, and consumer disclosure for automated decisioning.

• Contribute to Lendistry’s responsible AI posture alongside Legal, Compliance, Security, and the AI team, with attention to fair lending, consumer disclosures for AI-driven decisions, and alignment with the NIST AI Risk Management Framework.

Third-Party & Vendor Risk

• Support third-party risk assessments with a focus on data handling, privacy, and regulatory exposure.

• Review vendor security and privacy documentation (SOC reports, SIGs, DPAs).

• Maintain and update the data inventory and data flow diagrams to reflect new tools or changes in the use case of existing tools, ensuring the vendor data map accurately tracks who receives Lendistry personal data, for what purpose, under what contractual protections, and with what track record.

• Track controls and remediation items and ensure vendors meet contractual and regulatory obligations.

Training & Culture

• Work with Compliance and Training and Development teams to administer privacy training, including role-based training for engineering, credit, servicing, marketing, and customer-facing teams, plus executive-level education.

• Build a privacy-aware culture where data questions prompt conversation rather than workarounds.

• Serve as a credible, accessible partner to every business unit that handles personal information.

Cross-Functional Collaboration

• Work closely with Security, Engineering, Product, Legal, Compliance, and Operations teams.

• Provide practical guidance that balances compliance, risk reduction, and business velocity.

• Assist with regulator, auditor, and customer due-diligence inquiries.

AI Governance & Responsible Use

Lendistry expects its AI privacy team to be among the most thoughtful users of AI tools in the company. This role will collaborate with Legal, Compliance, AI and Engineering leadership to set AI use standards and strategy for privacy operations

• Stay current on AI capabilities and limitations as they relate to privacy operations

• Assist the Legal, Compliance and AI teams in shaping the policies, training, and controls that govern AI use across the organization

Your Areas of Knowledge and Expertise

• 5+ years in privacy, data protection, or a closely adjacent field, with a clear pattern of growing program ownership and regulatory accountability.

• Hands-on experience supporting regulatory and compliance programs, including SOC 2 and GLBA Safeguards Rule, along with familiarity with U.S. state privacy laws (CA, CO, VA, CT, UT, TX, OR, MT, NJ, TN, IA, IN, DE, NE, NH, MD, MN) and global frameworks such as GDPR, PIPEDA, LGPD, or DPDPA.

• Demonstrated ability to perform privacy and security risk assessments — PIAs, DPIAs, and data security risk assessments — with strong documentation and evidence-management practices.

• Hands-on experience developing and maintaining data inventories, data maps, and data flow diagrams to support privacy compliance and regulatory obligations.

• Deep working knowledge of CCPA/CPRA, including consumer rights, sensitive personal information, service provider vs. third-party distinctions, opt-out signals, and CPPA enforcement expectations.

• Deep working knowledge of GLBA (Privacy Rule and Safeguards Rule) and how GLBA interacts with state privacy laws for financial institutions.

Technical & Program Skills

• Understanding of privacy engineering and secure system design, including familiarity with privacy-enhancing technologies such as differential privacy, federated learning, and secure multi-party computation (particularly in AI/ML pipelines).

• Working knowledge of data mapping and automation tools used to manage data subject rights requests and privacy operations workflows (e.g., OneTrust, Archer, TrustArc, Transcend, Osano, or equivalent).

• Experience embedding privacy into product development — reviewing features, data flows, and vendor integrations at the point of design rather than at launch.

• Experience overseeing privacy for AI or automated decisioning systems — data minimization, training data governance, consumer disclosure, and fair lending intersections.

• Strong analytical, organizational, and documentation skills, with the ability to manage multiple compliance initiatives independently and communicate effectively across technical and business stakeholders.

Required Certifications

• CIPT or CDPSE required. CIPM and CISSP preferred.

Preferred Qualifications

• CIPP/US, CIPP/E, CIPM, CIPT, or FIP privacy certifications.

• Experience in SBA lending, CDFI operations, or other federally regulated financial institutions.

• Experience with state lending examinations, CFPB matters, or other consumer-protection regulator engagement.

• Experience with the NIST Privacy Framework and NIST AI Risk Management Framework.

• Experience building privacy programs across multiple legal entities or operating subsidiaries.

• Experience with cross-border operations.

Why You'll Love Working Here:

• Comprehensive Medical, Dental, and Vision Insurance

• Generous Paid Time Off

• Birthday Day Off

• 12 Paid Company Holidays

• 401(k) Match

• FSA and HSA

• Paid Life Insurance 

• Paid Disability Insurance

• Pet Insurance

• Employee Assistance Program (EAP)

• Professional Development Courses

• In Office Provided Snacks and Drinks

• Gym Facilities (LA & Tustin/CEC Offices)

• In Office Engagement Activities

Compensation Range

The US base salary range for this full-time position is $118,500 - $152,500 annually.

Our salary ranges are determined by role, level, and location.

The range displayed on each job posting reflects the minimum and maximum base salary for new hires for the position across all US locations.  Within the range, individual pay is determined by multiple factors like job-related skills, experience, and state of residence.  Your recruiter can share more about the specific salary range during the interview process.

Please note that the compensation details listed in US role postings reflect the base salary only, and do not include any variable compensation elements.

Physical Requirements

This is a stationary position that requires frequent sitting (approximately 95%), repetitive wrist motions, grasping, speaking, listening, close vision, and the ability to adjust focus.  It also may require occasional standing, lifting, carrying of 20lbs or less, walking, kneeling, bending/stooping, twisting, pulling/pushing, and reaching above the shoulder.  Employees in this position must be physically able to efficiently perform the essential functions of the position.

ACKNOWLEDGEMENT
B.S.D. Capital, Inc. dba Lendistry is an equal employment opportunity employer committed to providing its employees, applicants and other covered persons with equal opportunities without regard to race, color, age (40 or older), religious creed (including religious belief, practice or dress and grooming practices), national origin, ancestry, physical disability, mental disability, medical condition, genetic information, marital status, sex, gender (including pregnancy, childbirth or medical condition related to pregnancy or childbirth), gender expression, gender identity, sexual orientation, military or veteran status (including past, current or prospective service), or any other characteristic protected under applicable federal, state or local law.