Privacy Engineer

Privacy Engineer at Aristocrat

The Privacy Engineer at Aristocrat serves as a vital bridge between complex regulatory requirements and practical technical implementation. In this role, you will be instrumental in developing, implementing, and maintaining robust privacy controls, cutting-edge technologies, and efficient workflows to safeguard personal data and ensure comprehensive organizational compliance. You will engage collaboratively with product, engineering, legal, and various business teams, embedding privacy-by-design principles into the core of systems and processes, while simultaneously driving automation and enhancing operational efficiency. This position is perfectly suited for a proactive problem-solver with a profound passion for privacy and technology, adept at translating intricate regulations into actionable, effective solutions. You will play a crucial role in supporting high-risk projects, strengthening incident response capabilities, and fostering a pervasive culture of privacy awareness across Aristocrat.

Key Responsibilities

• Serve as a domain expert in privacy engineering, providing guidance to teams on compliance, risk, and industry best practices.
• Implement and maintain privacy technologies, primarily TrustArc, to support compliance and streamline privacy operations.
• Embed privacy considerations into system design and product architecture through close collaboration with product, legal, and engineering teams.
• Support the development and implementation of consent management solutions that effectively honor user choices across diverse platforms.
• Contribute actively to incident response protocols for data breaches, focusing on risk containment and ensuring accurate reporting.
• Translate global privacy laws such as GDPR, CPRA, HIPAA, and COPPA into actionable technical and business controls.
• Ensure adherence to recognized industry standards and frameworks, including ISO 27701 and the NIST Privacy Framework.
• Drive regulatory projects and high-risk initiatives, ensuring that potential risks are meticulously mitigated through thoughtful design.
• Manage and optimize Data Subject Access Request (DSAR) workflows (access, deletion, portability) within TrustArc, ensuring accuracy and security.
• Conduct audits and execute remediation plans for cookie compliance findings, including banner and consent configurations.
• Prepare executive-ready presentations and clear, comprehensive process documentation.
• Educate and train both privacy-focused and non-privacy teams on their obligations and the effective use of privacy tools.
• Lead projects independently, meticulously track progress, and communicate updates effectively to all stakeholders.

Required Qualifications

• Bachelor’s or Master’s degree in Computer Science, Information Security, Engineering, or a closely related technical field.
• 3–5+ years of professional experience in privacy engineering, privacy operations, governance, or consulting.
• A strong foundational and practical understanding of key privacy regulations, including GDPR, CPRA, HIPAA, and COPPA, and various privacy frameworks.
• Demonstrated experience in developing or reviewing APIs with a privacy-centric approach.
• Hands-on experience with leading privacy platforms such as TrustArc, OneTrust, or similar solutions.
• A proven track record in developing and operationalizing robust privacy compliance processes.
• Skilled in risk identification, thorough assessment, and effective mitigation strategies.
• Project management experience, including the ability to coordinate diverse teams and manage timelines efficiently.
• Ability to accurately translate complex legal requirements into practical technical workflows.
• Experience with cookie compliance audits and their subsequent implementations.
• Proficiency in creating clear process maps and system diagrams using tools like Visio or Lucidchart.
• Strong communication skills, capable of influencing leadership and training diverse audiences effectively.

Preferred Skills & Certifications

• Certifications such as CDPSE (ISACA), CISSP-Privacy, ISO/IEC 27701 Lead Implementer or Auditor, NIST Privacy Framework training, GIAC GCCC & GLEG.
• Proficiency in programming languages including Python, Java, JavaScript/Node.js, Go, or C++.
• Experience in automating DSAR workflows or Privacy Impact Assessments (PIAs) using APIs or orchestration tools.
• Familiarity with advanced privacy operations tools like TrustArc, OneTrust, or BigID.

Key skills/competency

• Privacy Engineering
• Data Protection
• Compliance Management
• Risk Mitigation
• GDPR
• CPRA
• HIPAA
• TrustArc
• API Review
• Privacy-by-Design