The Compliance & Privacy Manager is a new role at edX with responsibility for leading edX’s compliance program and managing cross-functional compliance activities. You will join a small Legal Team that works proactively with all business areas in support of edX’s growth strategy and nonprofit mission. Areas supported by this role will include privacy and security, export restrictions, accessibility, HR and benefits, tax, business continuity, and anti-bribery.

Critical: To succeed in this role, you must be a detail-oriented self-starter with the ability to operate independently, create and maintain new processes, and be effective in a fast-paced, complex, and unstructured environment. The focus of this role is not gatekeeping, but instead, helping teams unlock forward progress and manage appropriate risk via knowledge-sharing in support of organizational transparency and the creation of effective systems. 

Key Responsibilities

• Maintain compliance program: 
• Become knowledgeable about edX’s compliance policies and procedures.
• Monitor legal and industry developments that may affect compliance strategy.
• Maintain and update an org-wide compliance framework in partnership with the Legal, Finance, IT, and Data Science Teams.
• Enable and enhance compliance activities:
• Review team-level compliance activities for efficacy, common issues, hidden risks, and potential gaps in controls.
• Partner with business teams to create team-level compliance plans.
• Carry out export and sanction-check programs to screen courses, products, and partners.
• Develop and maintain tracking systems for compliance with applicable policies and standards, including PCI. 
• Perform periodic audits on org procedures, processes, and documentation.
• Serve as lead POC for compliance questions: 
• Receive and respond to internal requests for guidance on compliance requirements.
• Provide practical advice on processes that will enable systematic compliance and fast, large-scale growth while appropriately managing legal and business risk.
• Train edX teams and partners:
• Develop, administer, and maintain training materials, surveys, and resources that educate teams and partners about edX’s compliance program.

 Requirements

• Strong privacy compliance and regulatory experience, including GDPR.
• Strong analytical and technical skills necessary to design and enhance org-wide systems for enabling and tracking compliance activities across departmental lines.
• Outstanding interpersonal and communication skills to collaborate with colleagues on compliance matters. Strong ability to maintain positive working relationships.
• Excellent business acumen and judgment, including ability to place compliance risk in proper business context.
• Strong ability to deal effectively with ambiguous situations and evolving business goals, balancing strategic outcomes with practical next steps.
• Strong sense of accountability and ownership; must be a team player.
• Associate’s or Bachelor’s Degree from an accredited college or equivalent professional experience.
• 5-7 years of professional experience in general compliance and governance with proficiency in the areas described above, preferably in a global technology company.

 Plusses

• Experience with ISO/IEC 27000 or similar security standard.
• Experience with PCI DSS.
• Experience with tax-exempt organizations.
• CIPP certification.
• Master’s, JD, or other relevant advanced degree from an accredited school.

Due to Covid-19, all edX employees will work remotely until September 8, 2020 (at a minimum). We continue to revisit the return-to-office date on a regular basis. Once the office re-opens, applicants must be able to work out of our Cambridge, MA HQ. Sorry, Visa sponsorship is not available.