Manager of Privacy Compliance

The Team: 

Upstart’s Privacy and Data Governance Risk team is responsible for building and operating a scalable, risk-based privacy program that supports our AI-powered lending platform. The team partners closely with Engineering, Product, Data Science, Data Analytics,Information Security, Legal, and Compliance to ensure responsible data use, regulatory alignment, and privacy-by-design across Upstart’s products and machine learning lifecycle.

As the Manager of Privacy Compliance  at Upstart, you will play a critical role in shaping and maturing the company’s privacy program. You will embed privacy controls into AI/ML systems, financial products, and data pipelines while enabling innovation and supporting compliance with complex financial and privacy regulations.

How you’ll make an impact

• Build, manage, and mature Upstart’s privacy program in alignment with consumer finance and privacy regulatory requirements.
• Partner with Product, Engineering, Data Science, Data Analytics, Legal, Security, and Compliance to embed privacy-by-design into AI models, underwriting workflows, data pipelines, and new product features.
• Lead privacy risk and impact assessments (DPRAs/PIAs/DPIAs) for new product launches, machine learning models, new data sources, consumer-facing financial products, and emerging technologies.
• Support privacy aspects of model governance, explainability, algorithmic fairness reviews, and data lifecycle management.
• Maintain enterprise privacy documentation, including records of processing activities, data flow diagrams, and system-of-record artifacts to support audits and regulatory expectations.
• Collaborate with Security and Compliance on data safeguards, access controls, vendor assessments, and privacy incident response activities.

Minimum Qualifications 

• Bachelor’s degree in law, business, information systems, computer science, or related discipline (or equivalent experience).
• 5+ years of privacy, compliance, risk, or data governance experience within fintech, financial services, AI/ML, or other highly regulated environments.
• Strong working knowledge of:
  • GLBA, FCRA, ECOA, CCPA/CPRA
  • NIST Privacy Framework, ISO 27701
  • Model governance and automated decision systems
• Experience conducting DPRAs/PIAs/DPIAs, managing privacy controls, and partnering with technical teams.
• Ability to translate regulatory requirements into actionable requirements for engineering and data science.

Preferred Qualifications

• Professional privacy certifications such as CIPP/US, CIPM, or CIPT.
• Experience supporting credit decisioning, lending, underwriting, fraud prevention, or financial operations.
• Familiarity with model governance, automated decision systems, and AI/ML lifecycle processes.
• Experience supporting regulatory examinations, internal audits, or external audits.
• Knowledge of modern cloud architectures, data platforms, machine learning tooling, and generative AI

Position location This role is available in the followin...