Program Director - Privacy & Data Protection

  • Boston, MA, USA
  • Employees can work remotely
  • Full-time
  • Department: Legal

Company Description

Tradeshift is a unicorn in the fintech industry. We are disrupting a typically stagnant environment by connecting companies of all sizes and providing them with the platform and network needed to create value from old processes like procurement, invoicing, payments, and workflow. We recognize that business is both messy and social - two revelations that have driven the development of Tradeshift, a platform for all your business interactions. We work hard and our teams have great freedom and responsibility to choose the best solutions, technologies and approaches to evolve the product to the next level.

We believe that being a global, multicultural company is a tremendous strength and we have people working from 18 different countries with hubs in Bucharest, Copenhagen, Kuala Lumpur, and San Francisco. We believe that if we truly focus on how to work distributed and collaborate across locations and (home) offices, we will not only enjoy work more but also build better products for our customers, and ultimately be a better company.

Job Description

The Program Director - Privacy and Data Protection will be involved in all aspects relating to the protection of personal data at Tradeshift. 

In particular, the role will be responsible for:

  • Negotiating privacy and data protection elements of customer and vendor contracts.

  • Monitoring, reporting on, and ensuring compliance with applicable legislation (GDPR, CCPA, PECR, etc.) and on Tradeshift’s data protection policies and procedures

  • Coordinating contract updates with customers for compliance with Schrems II including updating model clauses.

  • Building processes to track and control storage and usage of Personally Identifiable Information (PII).

  • Recommending, building and auditing controls related to protection of personal data

  • Documenting Tradeshift data protection impact assessments.

  • Raising awareness and training Tradeshift employees on data protection and privacy, i.e. “Privacy by Design” sessions

  • Coordinating with marketing teams to drive processes enabling processing of personal data based on legitimate interest.

  • Participating in relevant working groups dealing with data processing activities, including meetings with management.

  • Preparing reports on Data Protection Program activities.

  • Creating inventories and maintaining up-to-date records of processing operations.

  • Monitoring data protection and privacy laws, enforcement actions and guidance.

  • Reporting compliance status to the Data Governance Committee.


  • Experience applying GDPR and other privacy regulation concepts to a company’s activities.

  • Familiarity with global legislation and trends in data protection and desire to learn more.

  • Understanding of technology as it relates to data protection and privacy.

  • Experience negotiating data processing agreements either on the sales or purchasing side.

  • Proven ability to scope and drive to completion projects across a global organization.

  • Excellent communication with parties from multiple cultures and backgrounds.

  • Customer facing skills to answer questions and provide reassurances related to our data protection program.

  • Problem solving skills.

  • Nice to have: 

    • IAPP certification; 

    • Direct contract negotiation experience; 

    • Experience with OneTrust or similar data protection program software; 

Additional Information

We value diversity at our company. Tradeshift prohibits unlawful discrimination based on race, color, religious or religious creed, sex, sexual orientation, gender, age, marital status, veteran status, disability status or any other consideration made unlawful by applicable federal, state, or local laws. All your information will be kept confidential according to EEO guidelines. 

Privacy Policy