atVenu

Role Description atVenu's Compliance & Risk team is seeking an experienced privacy professional to lead and mature our privacy function. As a live event commerce platform handling transaction data for venues, promoters, artists, and fans across North America and expanding in Europe, we operate at the intersection of B2B SaaS and payments. Privacy isn't an afterthought; it's core to how we build and operate. This is a high-impact individual contributor role with real ownership. You'll be atVenu's only dedicated privacy resource, working across Legal, Engineering, Product, and Operations to ensure we're meeting our obligations under GDPR, CCPA/CPRA, PIPEDA, and other applicable frameworks. This is a hands-on role. You'll be expected to: - Draft policies, oversee cookie consent configurations, review contracts, engage with product teams during development, and manage DSARs (low volume). - Think strategically about where the program needs to go. What You’ll Do - Lead the day-to-day operation and continued development of atVenu’s privacy compliance program, including maintaining privacy policies and internal standards. - Champion privacy requirements across new business initiatives from concept through to operation, managing cross-functional stakeholder engagement. - Conduct and manage Data Protection Impact Assessments (DPIAs) for new products, features, integrations, and third-party service providers. - Serve as the company’s subject matter expert on GDPR, CCPA/CPRA, PIPEDA, and emerging privacy regulations. - Partner with Legal to review and negotiate data processing agreements (DPAs), vendor contracts, and other agreements with privacy implications. - Manage and maintain atVenu’s OneTrust Cookie Consent implementation. - Review customer agreements and data-related contractual obligations. - Monitor ongoing data practices to ensure customer data is used consistently with contractual commitments. - Work with Engineering and Product teams to embed privacy-by-design principles into the development lifecycle. - Manage and respond to data subject access requests (DSARs) and privacy inquiries. - Lead the privacy workstream during incidents, including conducting privacy impact assessments. - Assess the privacy implications of AI and machine learning systems. - Monitor the evolving regulatory landscape and assess the impact of new or amended privacy laws. - Cultivate a lasting privacy-aware culture by designing and delivering training. Qualifications - 8+ years of hands-on privacy compliance experience, ideally in a B2B SaaS, fintech, or payments environment. - Deep, practical knowledge of GDPR, CCPA/CPRA, and PIPEDA. - Proven experience conducting DPIAs and translating findings into actionable risk mitigations. - Experience reviewing and negotiating data processing agreements and vendor contracts. - Strong project management skills, with a demonstrated ability to own a program. - Experience assessing the privacy and compliance risks of AI and machine learning systems. - Familiarity with information security principles and how privacy and security controls intersect. - Experience reviewing commercial contracts or data agreements. - Excellent communication skills and the ability to translate complex regulatory requirements. - Comfortable operating in a lean, fast-moving organization. - A pragmatic and collaborative approach that balances rigour with business reality. Nice to Have - IAPP certification (CIPP/E, CIPP/C, CIPP/US, CIPM, or CIPT). - Experience with OneTrust (specifically Cookie Consent). - Experience managing privacy controls in a GRC platform like Vanta. - Experience supporting external audits and responding to customer assurance requests. - Exposure to regulatory compliance programs beyond privacy (e.g., SOC 2, PCI-DSS, ISO 27001, ISO 42001).