Senior Data Governance & Compliance Engineer

We’re seeking a Data Governance and Compliance Engineer to play a pivotal role in shaping the privacy and compliance posture of our cutting-edge vehicle security and threat detection solutions. This is more than a compliance role—it's an opportunity to influence the strategic direction of our privacy framework, partnering closely with engineering, product, and legal teams to build a robust and scalable data governance program.

Your work will have a direct and outsized impact on our business, ensuring customer trust, regulatory alignment, and operational excellence as we redefine the future of automotive security. You'll take ownership of privacy and compliance workflows, enabling us to proactively address evolving security and compliance challenges while helping to shape an industry-leading approach to data protection. If you're a hands-on problem solver who thrives on building collaborative partnerships and driving meaningful change, we’d love to hear from you.

Responsibilities:

Privacy Compliance Operations & Management:

• Support the development and maintenance of the company’s privacy compliance framework by integrating elements from GDPR, CCPA, CPRA, NIST 800-53, and other relevant regulations.
• Assess regulatory requirements and help shape a unified approach tailored to the company’s privacy and security standards.
• Ensure visibility over compliance activities, ensuring assets, data processing activities, vendors, and third parties align with the company’s evolving privacy framework.

Data Mapping & Inventory Management:

• Maintain an up-to-date inventory of data processing activities, data flows, and business processes.
• Ensure all data assets and processing operations comply with regulatory and internal data governance requirements.

Privacy Risk Assessment & Remediation Tracking:

• Conduct privacy impact assessments (PIAs) and vendor risk assessments to evaluate compliance risks.
• Ensure mitigation strategies are documented, assigned, and tracked effectively.
• Work with security and engineering teams to remediate compliance gaps.

Regulatory Monitoring & Compliance Reporting

• Track and document changes in global data privacy regulations and assess their impact on company operations.
• Prepare compliance reports for internal and external stakeholders, including auditors and regulators.

Cross-functional Collaboration

• Partner with Engineering, Security, Legal, and Procurement teams to implement and operationalize privacy controls.
• Integrate company needs with priorities of corporate parent as directed by Legal.
• Provide hands-on support in integrating privacy requirements into product development and business workflows.

Requirements

• 5+ years of experience in data governance, data privacy, or compliance engineering, with expertise in implementing and maintaining data governance frameworks.
• Bachelor's degree in Computer Science, Information Systems, Data Management, or a related field (or equivalent practical experience).
• Strong understanding of data privacy regulations and frameworks (e.g., GDPR, CCPA, CPRA, NIST 800-53) and the ability to interpret regulatory requirements into internal compliance frameworks.
• Proficiency in OneTrust (mandatory)—ability to configure, manage, and track compliance workflows within the platform.
• Proven experience with privacy management tools, compliance automation, and risk assessment platforms, including managing data processing inventories, vendor risk assessments, and privacy impact assessments (PIAs).
• Ability to evaluate data flows, third-party relationships, and internal processes for privacy risks and implement appropriate privacy controls.
• Experience working cross-functionally with legal, security, engineering, and procurement teams to operationalize compliance through workflows, automation, and policy implementation.
• Familiarity with privacy engineering concepts, security best practices, and compliance-related automation.
• Strong skills in documenting and reporting compliance status, risks, and remediation efforts.

Preferred Qualifications:

• Background in cybersecurity, risk management, or privacy engineering.
• Certifications such as CIPP/E, CIPT, or CIPM (or similar privacy-related credentials).
• Experience with SOC 2, ISO 27001, or other security compliance programs.
• Reside within the Detroit area or nearby, with the ability to work in a hybrid environment and regularly commute to our Detroit office as needed.

Benefits

• Comprehensive medical benefits coverage, dental plans and vision coverage.

• Health care and dependent care spending accounts.
• Employee and Family Assistance Program (EAP).
• Employee discount programs.
• Retirement plan with a generous company match.
• Generous Paid Time Off, Sick, and Holidays
• Family Leave (Maternity, Paternity)
• Short- and long-term disability.
• Life insurance and accidental death & dismemberment insurance.

Compensation Range

Compensation may vary depending on skills and experience.

Base Salary: $98,500 - $137,700

Diversity, Equity and Inclusion: At Canopy, we're on a mission to end theft from vehicles and revolutionize vehicle security by building cutting-edge technology. We will achieve this by prioritizing individuals and staying attuned to the evolving needs of our people, users, and industry trends. We foster a workplace culture that embraces diversity and authenticity, enabling us to flourish as a team of exceptional individuals working towards a common purpose. We gain a deeper understanding of our users' experiences by continuously improving our skills and expanding our knowledge. A more diverse, equitable, and inclusive Canopy leads to greater innovation and success.

Equal Opportunity:  Canopy does not discriminate on the basis of race, sex, color, religion, age, national origin, marital status, disability, veteran status, genetic information, sexual orientation, gender identity or any other reason prohibited by law in provision of employment opportunities and benefits.