Sr. Privacy Program Specialist

About us
HighLevel is an AI-powered business operating system that gives agencies, entrepreneurs and SMBs the infrastructure to build, automate and scale. Today, HighLevel supports SMBs across 150+ countries, fueling community-driven growth rooted in real customer outcomes.

To date, businesses operating on HighLevel have generated over $7 billion in ecosystem value, demonstrating the impact of shared infrastructure at scale. By centralizing conversations, automation and intelligence into one system, we help businesses move faster, reduce complexity and execute efficiently.

Behind the platform, HighLevel powers more than 4 billion API hits and 2.5 billion message events daily. With 250 terabytes of distributed data, 250+ microservices and over 1 million domain names supported, our architecture is built for performance, resilience and long-term scalability.

Our people
With over 2,000 team members across 10+ countries, HighLevel operates as a global, remote-first organization built for speed and ownership. We value initiative, clarity and execution, creating space for ambitious people to build systems that support millions of businesses worldwide. Here, innovation thrives, ideas are celebrated and people come first, no matter where they call home.

Our impact
Every month, HighLevel enables more than 1.5 billion messages, 200 million leads and 20 million conversations for the more than 1 million businesses we support. Behind those numbers are real people building independence, expanding opportunity and creating measurable impact. We’re proud to be a part of that.

Learn more about us on our YouTube Channel or Blog Posts

HighLevel is an all-in-one sales and marketing platform serving over 60,000 customers across 140 countries. We help marketing agencies, entrepreneurs, and small businesses capture leads, nurture customer relationships, and close deals. As we scale, we need a Sr. Privacy Program Specialist to run and continuously improve our privacy compliance operations.

You will take ownership of our existing privacy program: managing data subject rights requests, conducting privacy assessments, coordinating DPA reviews, overseeing our consent management platform, and keeping tracking technologies in check. When new privacy regulations emerge, you'll assess what HighLevel needs to do and work with the legal team to make it happen.

The right candidate is operationally minded, detail-oriented, and always looking for ways to make processes more efficient. You should be comfortable managing multiple workstreams, coordinating across teams, and building systems that scale without constant oversight.

What You’ll Be Doing:

Privacy Program Operations

• Own the day-to-day operation of HighLevel's privacy program, ensuring compliance processes run smoothly and efficiently
• Manage and optimize our consent management platform, ensuring it accurately reflects HighLevel's data practices and regulatory requirements
• Build and maintain privacy program documentation, including records of processing activities, data inventories, and compliance evidence
• Monitor for new privacy regulations and assess their impact on HighLevel, working with legal counsel to determine necessary changes
• Track regulatory deadlines, certification renewals, and compliance milestones

Data Subject Rights Requests

• Own the end-to-end data subject rights request (DSR) process, from intake through fulfillment and response
• Build and refine DSR workflows to improve response times, reduce manual effort, and ensure consistent handling
• Coordinate with engineering and product teams to fulfill complex requests requiring technical data retrieval
• Maintain DSR metrics and reporting to demonstrate compliance and identify process improvements

Privacy Assessments

• Own the operational workflow for Data Protection Impact Assessments (DPIAs) and Privacy Impact Assessments (PIAs), creating and managing the end-to-end process from intake through completion. 
• Develop and maintain assessment templates, intake processes, and taking systems that enable assessments to scale without bottlenecks. 
• Work with product and engineering teams to gather necessary information and document privacy considerations
• Track assessment findings and ensure remediation items are addressed

DPA Management & Vendor Privacy

• Coordinate DPA reviews with commercial counsel, managing the intake, tracking, and completion of data processing agreements
• Maintain DPA templates and clause libraries, flagging deviations for legal review
• Support vendor privacy assessments, ensuring third parties meet HighLevel's data protection requirements
• Track DPA obligations and renewal dates

Marketing & Tracking Compliance

• Own the operational process for managing tracking technologies, pixels, and cookies deployed across HighLevel properties, building workflows that give the legal team visibility without creating bottlenecks for marketing
• Work with the marketing team to establish a process for identifying and flagging new tracking technologies as they’re added to the consent management platform 
• Ensure tracking implementations align with consent requirements and privacy disclosures
• Coordinate cookie banner updates and consent preference changes with relevant teams
• Monitor for unauthorized tracking deployments and coordinate remediation
• Continuously improve tracking compliance processes, identifying opportunities for automation and clear handoffs between teams 

What You’ll Bring:

• Bachelor's degree
• 5 years of experience in privacy program operations, with hands-on responsibility for DSRs, privacy assessments, or DPA management
• Experience with consent management platforms (OneTrust, TrustArc, Transcend, or similar)
• Understanding of GDPR, CCPA/CPRA, and other major privacy regulations, sufficient to operationalize legal requirements
• Familiarity with tracking technologies, cookies, and tag management from a compliance perspective
• Strong project management skills and attention to detail with the ability to manage multiple concurrent workstreams
• Hands-on experience using AI tools to build automations or streamline compliance workflows and scale operations
• Strong written communication skills for documentation, reporting, and cross-functional coordination

Preferred Qualifications:

• CIPP/US, CIPP/E, or CIPM certification
• Experience at a SaaS, marketing technology, or B2B platform company
• Familiarity with HIPAA privacy requirements
• Experience building or improving privacy program automation
• Exposure to privacy engineering concepts or technical privacy implementations
• Experience at a public company or company preparing for IPO

What We’re Looking For (The Intangibles):

• Process optimizer. You see a manual workflow and immediately start thinking about how to automate it. You measure success by how much time you've saved, not by how many tasks you've completed.
• Reliable operator. DSRs have deadlines. Assessments have to get done before launch. You deliver consistently, on time, without needing to be chased. People trust that if it's on your plate, it's handled.
• Regulatory translator. You can read a new privacy law and figure out what it means operationally. You understand compliance well enough to build the first draft of the response plan.
• Detail-oriented without losing the forest. You catch the errors in a data inventory, but you also know which errors matter and which ones don't. You prioritize based on risk, not just completeness.
• Cross-functional navigator. You'll work with marketing, engineering, product, and commercial legal constantly. You build relationships quickly, communicate clearly, and get what you need without creating friction.
• Self-sufficient. You don't need hand-holding. When you encounter something new, you research it, figure out the answer, and move forward. You escalate to legal when you should, but you handle everything you can on your own.
• Curious about privacy. You stay current on privacy developments because you're genuinely interested, not just because it's your job. You bring new ideas for improving the program.
• AI Fluent. You don't just know about AI tools, you actively experiment with them and find ways to incorporate them into your daily work. When faced with a repetitive task, your first instinct is to see if AI can handle it or make it faster. You embrace new AI capabilities rather than being skeptical, and you're always looking for the next tool that could streamline privacy operations

Success Metrics:

• DSRs are fulfilled within regulatory deadlines with consistent, documented processes
• DPIAs and PIAs are completed before product launches, with findings addressed and tracked
• DPA review coordination is efficient, with commercial counsel receiving well-organized intake and timely follow-up
• Consent management platform accurately reflects HighLevel's data practices and is updated promptly when practices change
• Marketing team has clear visibility into tracking compliance requirements, with unauthorized deployments identified and remediated quickly
• Privacy program processes become measurably more efficient over time, with reduced manual effort and faster turnaround
• New privacy regulations are assessed promptly, with clear operational plans developed before deadlines
• Privacy documentation and records are audit-ready at all times

This role is ideal for a privacy professional who gets satisfaction from running efficient compliance operations and wants to own a program rather than just execute tasks.