About InvoiceCloud:

InvoiceCloud is a fast-growing fintech leader recognized with 20 major awards in 2025, including USA TODAY and Boston Globe Top Workplaces, multiple SaaS Awards wins for Best Solution for Finance and FinTech, and national customer service honors from Stevie and the Business Intelligence Group. Judges also highlighted our mission to reduce digital exclusion and restore simplicity and dignity to how people pay for essential services, as well as our leadership in AI maturity and responsible innovation. It’s an award-winning, purpose-driven environment where top talent thrives. To learn more, visit InvoiceCloud.com.

We areseekinga highly skilled and results-oriented

Data Protection Officer
to own and operateInvoiceCloud’senterprise privacy and data protection program. This is a senior individual contributor role responsible for translating complex regulatory requirements into pragmatic, scalable controls that protect people and data while enabling the business to move quickly and responsibly.

The Data Protection Officer serves as the company’s authoritative expert on privacy, data governance, and ethical data use. The role partners closely with Legal, Information Security, Product, Data, Engineering, People, and Go-To-Market teams to embed privacy-by-design across systems, data flows, and business processes. While advanced tooling and automation support data protection activities, this role is accountable for ensuring those systems are effectively designed, implemented, and continuously improved.

Operating with a high degree of autonomy, the Data Protection Officer is trusted with privileged andhighly sensitiveinformation and is expected to exercise sound judgment when balancing regulatory risk, contractual obligations, and businessobjectives. Success in this role requires strong ownership, execution discipline, and the ability to influence outcomes without formal authority—establishingclear guardrails that reduce risk without creating unnecessary friction.

This role plays a critical part in strengtheningInvoiceCloud’scompliance posture, improving visibility into data risk, and supporting responsible innovation as the company continues to scale.

Success Profile:

This role is anchored in our company’s core competencies—These competencies reflect the mindsets and behaviors that define success in this role. We outline how each competency translates into real-world actions and outcomes specific to this role.

Results Driven

Establishes and executes a measurable enterprise privacy and data protection program that reduces regulatory, contractual, and operational risk.

Prioritizes high-impact data risks across business units, translating regulatory requirements into actionable plans with clear milestones.

Delivers tangible outcomes across DPIAs, DSARs, incident reporting, and compliance obligations within defined timelines.

Takes Ownership

Operates as the authoritative individual contributor for privacy and data protection, making independent decisions within established risk and regulatory guardrails.

Owns enterprise data governance practices, including data mapping, classification, retention, and lifecycle management.

Serves as the primary point of contact for regulators, data subjects, and internal stakeholders on privacy matters,maintainingtrust and accountability.

Drives Efficiency

Designs andmaintainsscalable, auditable controls that embed privacy-by-design into products, data flows, and operational processes.

Standardizes workflows forRoPA, DPIAs, vendor privacy reviews, and incident response to reduce friction and false positives.

Establishes clear metrics and reporting to provide leadership with visibility into data risk posture and program maturity.

Innovative

Leverages GRC platforms, data governance tooling, and collaboration systems to modernize privacy operations and improve execution quality.

Appliesautomation and GenAI to support activities such as data discovery, classification, policy enforcement, and risk analysis—reducing manual effort while increasing consistency and speed.

Continuously evaluates emerging technologies and practices to strengthen data protection capabilities as the business scales.

Requirements

10+ years of experience in privacy, data protection, governance, GRC, or security engineering, withdemonstratedownership of enterprise programs

Strong working knowledge of GDPR, CCPA/CPRA, and U.S. state privacy laws; familiarity with PCI DSS, SOC 2, and NIST Privacy Framework

Hands-on experience with tools such asDrata, Microsoft Purview, DLP platforms, and data governance solutions

Proven ability to design measurable controls and balance risk reduction with business enablement

High integrity and sound judgment when handling sensitive and confidential information

InvoiceCloud is committed to providing equal employment opportunities to all employees and applicants. We do not tolerate discrimination or harassment of any kind based on race, color, religion, age, sex, nationality, disability, genetic information, veteran or military status, sexual orientation, gender identity or expression, or any other characteristic protected under applicable laws.

This commitment applies to all aspects of employment, including recruitment, hiring, placement, promotion, termination, layoff, recall, transfer, leave, compensation, and training.

If you require a disability-related or religious accommodation during the application or recruitment process, and wish to discuss possible adjustments, please contact jobs@invoicecloud.com.

Click here to review InvoiceCloud’s Job Applicant Privacy Policy.

For recruitment agencies: InvoiceCloud does not accept unsolicited resumes from agencies. Please do not forward resumes to our job aliases, employees, or any other company location. InvoiceCloud is not responsible for any fees associated with unsolicited submissions.

Meet JobCopilot: Your Personal AI Job Hunter