Print / Save PDF Back to job

Senior GRC Analyst, Privacy

Benevity · Calgary, Alberta

How to use this kit

Ground every answer in facts on this page and the original listing. We never invent Glassdoor-style reviews or salaries that are not in our data.

Company facts (cached)

Website: benevity.com

Benevity is a Calgary-based company that provides charitable donation-management, volunteer-management and grant-management platforms. Benevity is one of Western Canada's largest startups. Its customers include Nike, Coca-Cola, Microsoft, Google, and Apple, and about 250 of the Fortune 1000 as of 2017.

Public cache only — not an employee review.

Role overview (listing rewrite)

Benevity is hiring a remote Senior GRC Analyst, Privacy to lead and elevate our data protection program across an intricate, multi-jurisdictional regulatory environment. Based out of Calgary, Alberta, this full-time role puts you at the center of how Benevity earns and keeps the trust of clients, employees, and communities. About the Role As Senior GRC Analyst, Privacy, you will own the architecture, day-to-day operation, and ongoing maturity of Benevity's privacy compliance program. Your remit covers GDPR, UK-GDPR, CPRA/CCPA, PIPEDA, CASL, and a growing set of global frameworks. Embedded alongside Legal, Security, Engineering, Product, and Data Governance, you will translate dense regulatory requirements into pragmatic, business-ready controls and bake Privacy by Design into how Benevity builds. Key Responsibilities Maintain Records of Processing Activities (ROPA) under both controller and processor regimes, aligned with GDPR Article 30 and equivalent rules. Author and refresh privacy policies, notices, standards, and control frameworks spanning GDPR, UK-GDPR, CPRA/CCPA, PIPEDA, CASL, and emerging laws (India DPDP, Swiss FADP, AU Privacy Act). Design and run DSAR intake, triage, and response workflows within statutory deadlines (30 days GDPR, 45 days CPRA). Operationalize and continuously improve the Data Protection Impact Assessment (DPIA) process and subprocessor governance under GDPR Article 28. Support the DPO function, including breach-notification readiness and supervisory-authority engagement in step with Legal. Review Data Processing Agreements and transfer mechanisms (SCCs, UK IDTAs), and monitor the global regulatory horizon. Enhance privacy workflows in GRC tooling (e.g., OneTrust), deliver executive dashboards, and use AI to scale output without scaling headcount. Build privacy awareness and training, and advise teams as a trusted cross-functional partner. Qualifications 5+ years in privacy, data protection, GRC, or a related field, ideally in SaaS or high-growth tech. Deep, hands-on command of GDPR, UK-GDPR, CPRA/CCPA, PIPEDA, and CASL, plus familiarity with India DPDP, Swiss FADP, and AU Privacy Act reforms. Proven experience building ROPAs, running DSARs, conducting DPIAs, and maintaining subprocessor inventories. Background supporting a DPO function and reviewing DPAs and transfer mechanisms with Legal. Practical use of privacy/GRC platforms (OneTrust, Hyperproof, or similar) and a track record of applying AI and automation as a force multiplier. Clear…

Full job on Get A Job.AI

Questions to ask them

Generated for personal interview prep · 2026-07-16 UTC · getajob.ai