Director of Privacy and Data Governance Risk

About Upstart

Upstart is the leading AI lending marketplace partnering with banks and credit unions to expand access to affordable credit. By leveraging Upstart's AI marketplace, Upstart-powered banks and credit unions can have higher approval rates and lower loss rates across races, ages, and genders, while simultaneously delivering the exceptional digital-first lending experience their customers demand. More than 80% of borrowers are approved instantly, with zero documentation to upload.

Upstart is a digital-first company, which means that most Upstarters live and work anywhere in the United States. However, we also have offices in San Mateo, California; Columbus, Ohio; and Austin, Texas.

Most Upstarters join us because they connect with our mission of enabling access to effortless credit based on true risk. If you are energized by the impact you can make at Upstart, we’d love to hear from you!

The Team

As the Director of Privacy and Data Governance at Upstart, you will play a pivotal role in ensuring the responsible use of data across the organization. You will lead the development and execution of a comprehensive Privacy and Data Governance Risk Management Program (“the Program”) that supports Upstart’s mission while aligning with regulatory expectations and industry best practices. This role requires strong cross-functional leadership, strategic thinking, and a deep understanding of privacy frameworks, regulatory requirements, and data governance principles. You will work closely with teams across Legal, Product, Data Platform, and Information Security to identify, assess, and mitigate privacy and data governance risks across Upstart’s products and services.

 

Position Location - This role is available in the following locations: Remote, San Mateo, CA, and Columbus, OH

Time Zone Requirements - This team operates on the East/West Coast time zones.

Travel Requirements - As a digital first company, the majority of your work can be accomplished remotely. The majority of our employees can live and work anywhere in the U.S but are encouraged to to still spend high quality time in-person collaborating via regular onsites. The in-person sessions’ cadence varies depending on the team and role; the Risk & Compliance team meets quarterly for 3-4 consecutive days at a time.

How you’ll make an impact:

• Define and drive the strategy for privacy and data governance risk management aligned with Upstart’s business objectives and regulatory obligations.
• Oversee the development of policies, procedures, and processes for data lifecycle management and  privacy-by-design.
• Serve as a strategic partner to Product, Data Platform, Information Security and other teams to embed privacy and data governance into product design, business operations, and third-party relationships.
• Lead cross-functional working group to ensure governance, accountability, and continuous improvement in privacy risk management.
• Lead a  team responsible for the execution of privacy and data governance initiatives.
• Set team objectives and key results (OKRs), manage performance, and allocate resources effectively to deliver measurable impact.
• Act as a spokesperson and subject matter expert for the Program in engagements with internal stakeholders and Upstart’s partners.
• Prepare and deliver communications, reports, and updates to senior leadership

 

What we’re looking for: 

• Minimum requirements:
• 10+ years of experience in compliance, legal, audit, or risk management within the financial services or fintech industry, with deep expertise in consumer protection regulations. This includes working knowledge of key regulatory frameworks such as GLBA, CCPA, FCRA, UDAAP, federal and state privacy laws, and emerging AI regulations.
• 3–5 years of risk or compliance governance experience at a financial institution, with demonstrated success in scaling frameworks and driving cross-functional alignment.
• Proven ability to lead enterprise-wide risk and compliance programs, influence across levels and functions, and manage complex stakeholder environments.
• Hands-on experience in operationalizing risk management programs, including risk identification, control design, testing and monitoring, training and enablement, and oversight of third-party relationships.
• Preferred qualifications:
• Familiarity with modern predictive modeling techniques and the associated governance, privacy, and fairness considerations.
• Strong people leadership experience, with a track record of building, managing, and developing high-performing teams.
• Exceptional communication, negotiation, and presentation skills, with the ability to translate complex risk issues into clear, actionable guidance for both technical and non-technical audiences.
• Current and active certification in Privacy or Information Security (CISA, CISM, CISSP, CIPP, CIPM)

At Upstart, your base pay is one part of your total compensation package.  The anticipated base salary for this position is expected to be within the below range. Your actual base pay will depend on your geographic location–with our “digital first” philosophy, Upstart uses compensation regions that vary depending on location. Individual pay is also determined by job-related skills, experience, and relevant education or training. Your recruiter can share more about the specific salary range for your preferred location during the hiring process.

In addition, Upstart provides employees with target bonuses, equity compensation, and generous benefits packages (including medical, dental, vision, and 401k).

United States | Remote - Anticipated Base Salary Range$195,300—$270,400 USD

Upstart is a proud Equal Opportunity Employer. We are dedicated to ensuring that underrepresented classes receive better access to affordable credit, and are just as committed to embracing diversity and inclusion in our hiring practices. We celebrate all cultures, backgrounds, perspectives, and experiences, and know that we can only become better together. 

If you require reasonable accommodation in completing an application, interviewing, completing any pre-employment testing, or otherwise participating in the employee selection process, please email candidate_accommodations@upstart.com

https://www.upstart.com/candidate_privacy_policy