Upstart is a leading AI lending marketplace focused on reducing the cost and complexity of borrowing for all Americans. The Senior Manager, Privacy Engineering will lead the team responsible for building scalable privacy infrastructure and technical privacy controls, ensuring compliance with privacy regulations and working collaboratively across various departments.
Responsibilities:
- Lead the Privacy Engineering team’s strategy, roadmap, and execution across privacy infrastructure, data governance, and privacy-by-design initiatives
- Hire, coach, and develop a team of privacy engineers while establishing clear operating rhythms, priorities, and technical standards
- Guide the design and delivery of scalable privacy controls, including data discovery, classification, access controls, audit logging, retention, deletion, lineage, encryption, and key management
- Partner with Legal, Compliance, Security, Product, Data, Machine Learning, and Infrastructure teams to translate privacy requirements into practical technical solutions
- Oversee privacy reviews, technical risk assessments, and threat modeling for new products, data flows, models, and platform capabilities
- Define metrics and communicate progress, tradeoffs, dependencies, and risks to technical and cross-functional stakeholder
Requirements:
- Bachelor's degree in Computer Science, Engineering, Mathematics, or a related field, or equivalent practical experience, and 8+ years of experience in engineering, including at least 3 years of direct people management experience
- Experience leading engineering teams responsible for production software, platform, privacy, security, or data systems
- Experience designing, building, or operating privacy, security, data governance, or data platform capabilities in production environments
- Experience translating privacy, security, compliance, or regulatory requirements into technical controls
- Experience working with cross-functional partners such as Legal, Compliance, Security, Product, Data, or Machine Learning teams
- Knowledge of privacy-by-design principles, data minimization, purpose limitation, consent, retention, deletion, and data subject rights
- Knowledge of privacy and data protection regulations or frameworks such as GDPR, CCPA/CPRA, GLBA, FCRA, or similar requirements
- Experience with privacy reviews, threat modeling, risk assessments, data inventories, lineage systems, or automated policy enforcement
- Experience building privacy or governance controls for machine learning, AI, financial services, lending, or other regulated data environments
- Ability to communicate technical privacy tradeoffs clearly across engineering, legal, product, security, and business audiences