Senior Compliance & Privacy Program Manager

At Commerce, our mission is to empower businesses to innovate, grow, and thrive with our open, AI-driven commerce ecosystem. As the parent company of BigCommerce, Feedonomics, and Makeswift, we connect the tools and systems that power growth, enabling businesses to unlock the full potential of their data, deliver seamless and personalized experiences across every channel, and adapt swiftly to an ever-changing market. Simply said, we help businesses confidently solve complex commerce challenges so they can build smarter, adapt faster, and grow on their own terms. If you want to be part of a team of bold builders, sharp thinkers, and technical trailblazers, working together to shape the future of commerce, this is the place for you.

We are seeking a Senior Privacy Program Manager / Lead to design, build, and operationalize a comprehensive privacy program that supports the company’s activities as both a data controller and a data processor, including the use of AI and data-driven technologies across commercial operations and product development.

This role blends privacy program ownership, hands-on analytical execution, and product evaluation, requiring someone who can translate regulatory, contractual, and customer expectations into practical, scalable privacy controls. The role partners closely with Legal, Security, Sales, Marketing, Product, and Engineering, and contributes directly to the company’s customer trust posture.

What You’ll Do:

• Build, own, and scale the company’s global privacy program, ensuring compliance with global regulations (GDPR, CCPA, PIPEDA, etc.).

• Define and implement governance frameworks that clearly operationalize our obligations as both a Data Controller and Data Processor.

• Develop privacy metrics, dashboards, and policies to measure program effectiveness and demonstrate accountability.

• Own and maintain core privacy operations, including Data Subject Access Requests (DSARs), Records of Processing Activities (RoPAs), data retention, and vendor risk management.

• Conduct comprehensive risk evaluations (PIAs, DPIAs, TIAs, LIAs) and data flow analyses across all internal systems and products.

• Serve as the privacy lead for incident response, internal audits, and customer due diligence inquiries.

• Partner closely with Product and Engineering to embed Privacy-by-Design and default principles directly into the software development lifecycle (SDLC).

• Evaluate new product builds and system designs for privacy risks, with a heavy focus on AI-enabled features, machine learning models, and automated decision-making tools.

• Assess AI-specific risks, including training data usage, data minimization, and downstream data exposure.

• Act as a trusted advisor to Sales, Marketing, Legal, and Security, translating complex regulatory requirements into practical, scalable business processes.

• Evaluate commercial activities (like AI-driven marketing and analytics) to ensure they align with our external commitments and public-facing privacy statements.

• Proactively identify and fix process gaps to reduce manual effort, minimize customer friction, and strengthen the company's overall trust posture.

Who You Are:

• Experience & Regulatory Expertise: 5+ years in privacy, data protection, or compliance, with a strong operational grasp of global frameworks (GDPR, CPRA, PIPEDA, etc.).

• Hands-On Execution: Proven track record of conducting PIAs/DPIAs, executing data mapping, and navigating privacy obligations as both a Data Controller and Data Processor.

• AI & Tech Evaluation: Experience assessing privacy and data protection risks specific to AI, machine learning, and complex data-driven systems (including automated decisioning/profiling).

• Cross-Functional Translation: Excellent communication skills with the ability to translate complex privacy laws into practical, actionable guidance for both technical (Engineering/Product) and non-technical (Sales/Marketing) teams.

• Certifications: Active privacy certifications (e.g., CIPM, CIPP/E, CIPP/US). [Nice To Have]

• Tech & Security Fluency: Working knowledge of IT security concepts, cloud data flows, the Software Development Life Cycle (SDLC), or basic data analysis/coding skills. [Nice To Have]

• Program & Risk Management: Experience utilizing formal risk frameworks, driving process improvements, and managing workflows in tools like Jira, Asana, or Smartsheet. [Nice To Have]

• Legal Acumen: Demonstrated ability to review, draft, and amend privacy-related contracts or vendor agreements. [Nice To Have]

This description is intended to serve as a summary of key duties and responsibilities and may not contain a comprehensive list of activities.

(Pay Transparency Range: $104,000 - $156,000)

At Commerce, we believe that celebrating the unique histories, perspectives and abilities of every employee makes a difference for our company, our customers and our community. We are an equal opportunity employer and the inclusive atmosphere we build together will make room for every person to contribute, grow and thrive.

We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the interview process, to perform essential job functions and to receive other benefits and privileges of employment. If you need an accommodation in order to interview at Commerce, please let us know during any of your interactions with our recruiting team.

Learn more about the Commerce team, culture and benefits at https://www.commerce.com/careers/

Commerce, along with many other employers, has become the subject of fraudulent job offers to hopeful prospective job seekers.
Be advised:
Commerce does not offer jobs to individuals who do not go through our formal hiring process.
Commerce will never:

• require payment of recruitment fees from candidates;

• request personally identifiable information through unsanctioned websites or applications;

• attempt to solicit money from you as part of the hiring process or as part of an employment offer;

• solicit money to complete visa requirements as part of a job offer.

If you receive unsolicited offers of employment from Commerce, we urge you to be extremely cautious and avoid engaging or responding.