Flexport

About Flexport:

At Flexport, we believe global trade can move the human race forward. That’s why it’s our mission to make global commerce so easy there will be more of it. We’re shaping the future of a $10T industry with solutions powered by innovative technology and exceptional people. Today, companies of all sizes—from emerging brands to Fortune 500s—use Flexport technology to move more than $19B of merchandise across 112 countries a year.

The recent global supply chain crisis has put Flexport center stage as we continue to play a pivotal role in how goods move around the world. We are proud to have the support of the best investors in the game who believe in our mission, solutions and people. Ready to tackle global challenges that impact business, society, and the environment? Come join us.

Position Overview

We are seeking a Privacy and Compliance Manager to lead and oversee all aspects of our privacy and data protection compliance programs. This role is key to maintaining our global reputation for transparency, integrity, and security in handling customer and partner data.

The ideal candidate has deep experience with the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA/CPRA), and New York SHIELD Act, and will work cross-functionally with legal, engineering, product, and customer-facing teams.

Key Responsibilities

Serve as the designated privacy and security officer under GDPR and lead compliance initiatives for CCPA/CPRA, NY SHIELD Act, and other emerging privacy laws.
Own and maintain the company’s Record of Processing Activities (ROPA) and ensure its accuracy and availability.
Lead internal privacy impact assessments (PIAs) and data protection impact assessments (DPIAs).
Develop, maintain, and implement company-wide privacy policies, procedures, and training programs.
Oversee and guide contractual data privacy reviews, including Data Processing Agreements (DPAs), Standard Contractual Clauses (SCCs), and vendor privacy addenda.
Act as the primary point of contact for EU/EEA Supervisory Authorities, Data Subjects, and external auditors.
Monitor global legal and regulatory developments and proactively assess their impact on company operations.
Advise product and engineering teams on privacy-by-design and default principles in the development of new features.
Collaborate with the Information Security team to ensure alignment between privacy and cybersecurity protocols.
Lead or support the company’s response to data subject access requests (DSARs) and personal data breach incidents.
Assist with cross-border data transfer strategies, including adequacy assessments and transfer impact assessments.

Qualifications

8–10 years of relevant experience in privacy, data protection, or regulatory compliance, with a strong track record in GDPR and U.S. state privacy laws.
Experience working with technology-driven companies or in SaaS, logistics, or supply chain sectors preferred.
Strong understanding of international data privacy frameworks, including GDPR, CCPA/CPRA, NY SHIELD Act, and evolving global laws.
CIPP/E, CIPP/US, CIPM, or other IAPP certifications strongly preferred.
Demonstrated experience leading privacy programs or audits within a high-growth or international company.
Excellent legal, business, and technical judgment, with strong stakeholder management skills.
Proactive, collaborative, and capable of working autonomously and across global teams.
Legal degree

The range displayed on each job posting reflects the minimum and maximum target for new hire salaries for the position in the posting's respective region. Our salary ranges are determined by role, level, and location. Within the range displayed, individual pay is determined by work location and additional factors, including job-related skills, experience, and relevant education and / or training.

The US base salary range for this position (exclusive of bonus, equity and benefits):

$122,000—$160,000 USD

Commitment to Equal Opportunity

At Flexport, our ability to fulfill our mission of making global commerce easy and accessible relies on having a diverse, dedicated and engaged workforce. All qualified applicants will receive consideration for employment regardless of race, color, religion, sex, national origin, age, physical and mental disability, health status, marital and family status, sexual orientation, gender identity and expression, military and veteran status, and any other characteristic protected by applicable law.

Global Data Privacy Notice for Job Candidates and Applicants

Depending on your location, the General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA) may regulate the way we manage the data of job applicants. By submitting your application, you are agreeing to our use and processing of your data as required. Please see our Privacy Notice available at www.flexport.com/privacy for additional information.

Manager, Privacy and Compliance