We are seeking a highly skilled and results-oriented Data Protection Officer to own and operate InvoiceCloud’s enterprise privacy and data protection program. This is a senior individual contributor role responsible for translating complex regulatory requirements into pragmatic, scalable controls that protect people and data while enabling the business to move quickly and responsibly. 

The Data Protection Officer serves as the company’s authoritative expert on privacy, data governance, and ethical data use. The role partners closely with Legal, Information Security, Product, Data, Engineering, People, and Go-To-Market teams to embed privacy-by-design across systems, data flows, and business processes. While advanced tooling and automation support data protection activities, this role is accountable for ensuring those systems are effectively designed, implemented, and continuously improved. 

Operating with a high degree of autonomy, the Data Protection Officer is trusted with privileged and highly sensitive information and is expected to exercise sound judgment when balancing regulatory risk, contractual obligations, and business objectives. Success in this role requires strong ownership, execution discipline, and the ability to influence outcomes without formal authority—establishing clear guardrails that reduce risk without creating unnecessary friction. 

This role plays a critical part in strengthening InvoiceCloud’s compliance posture, improving visibility into data risk, and supporting responsible innovation as the company continues to scale. 

Success Profile:  

This role is anchored in our company’s core competencies—These competencies reflect the mindsets and behaviors that define success in this role. We outline how each competency translates into real-world actions and outcomes specific to this role. 

 

Results Driven 

• Establishes and executes a measurable enterprise privacy and data protection program that reduces regulatory, contractual, and operational risk. 

• Prioritizes high-impact data risks across business units, translating regulatory requirements into actionable plans with clear milestones. 

• Delivers tangible outcomes across DPIAs, DSARs, incident reporting, and compliance obligations within defined timelines. 

 

Takes Ownership 

• Operates as the authoritative individual contributor for privacy and data protection, making independent decisions within established risk and regulatory guardrails. 

• Owns enterprise data governance practices, including data mapping, classification, retention, and lifecycle management. 

• Serves as the primary point of contact for regulators, data subjects, and internal stakeholders on privacy matters, maintaining trust and accountability. 

 

Drives Efficiency 

• Designs and maintains scalable, auditable controls that embed privacy-by-design into products, data flows, and operational processes. 

• Standardizes workflows for RoPA, DPIAs, vendor privacy reviews, and incident response to reduce friction and false positives. 

• Establishes clear metrics and reporting to provide leadership with visibility into data risk posture and program maturity. 

 

Innovative 

• Leverages GRC platforms, data governance tooling, and collaboration systems to modernize privacy operations and improve execution quality. 

• Applies automation and GenAI to support activities such as data discovery, classification, policy enforcement, and risk analysis—reducing manual effort while increasing consistency and speed. 

• Continuously evaluates emerging technologies and practices to strengthen data protection capabilities as the business scales. 

 
Requirements 

• 10+ years of experience in privacy, data protection, governance, GRC, or security engineering, with demonstrated ownership of enterprise programs 

• Strong working knowledge of GDPR, CCPA/CPRA, and U.S. state privacy laws; familiarity with PCI DSS, SOC 2, and NIST Privacy Framework 

• Hands-on experience with tools such as Drata, Microsoft Purview, DLP platforms, and data governance solutions 

• Proven ability to design measurable controls and balance risk reduction with business enablement 

• High integrity and sound judgment when handling sensitive and confidential information