PitchMeAI
Clay

GRC Analyst, Privacy

Clay · Buffalo-Niagara Falls Area

  • On site
  • Full-time
  • $95,000 / year
  • Buffalo-Niagara Falls Area

Job highlights

  • Manage privacy compliance and data subject requests.
  • Interpret and apply privacy regulations like GDPR.
  • Assist with customer security inquiries and questionnaires.
  • Utilize Vanta for compliance maintenance and remediation.
  • Collaborate with legal, engineering, and customer success teams.

About the role

About Clay

Our mission is to help organizations turn any growth idea into reality.

We see growth as a creative practice, not a formula. Finding and reaching your best-fit customers takes unique ideas and constant iteration. As AI makes execution faster and tactics easier to copy, creativity is the only lasting advantage. We're already helping thousands of customers — including Anthropic, Notion, Google, and Ramp — go to market with unique data, signals, and AI research.

In 2025, we raised a $100M Series C backed by world-class investors including Sequoia, CapitalG, and First Round — and crossed $100M in revenue.

In 2026, we announced our second employee tender offer in 9 months at a new $5B valuation. We also launched a community equity round, for our customers, agency partners, and club members.

Some Things To Know About Us

  • Our community includes 11,000+ customers, 150+ integration partners, 125+ agencies, 50+ Clay clubs, and 30k members on Slack.
  • Our culture is unique inside and outside of work. Our team members are also DJs, activists, writers, clowns, marathoners, skydivers, psychedelic therapists, social workers, and more.
  • All employees can work for free with world-class coaches who specialize in creativity, management, and more.
  • Our operating principles — including negative maintenance and non-attached action — guide our work. Read more about them here.
  • Read about us in the NYT, Forbes, First Round Review, and more.
  • Hear from our employees directly on our Glassdoor page!

Job Summary

We are seeking a detail-oriented GRC (Governance, Risk, and Compliance) Analyst with a strong emphasis on privacy to join our team. In this role, you will play a critical part in maintaining our compliance posture by handling regulatory data subject requests, understanding and applying relevant privacy frameworks, assisting with customer security inquiries, and managing remediation efforts through our compliance platform. The ideal candidate is proactive, knowledgeable in privacy regulations, and capable of collaborating with cross-functional teams to uphold data security and compliance standards.

Key Responsibilities

  • Data Subject Request Management: Execute and optimize processes for handling data subject requests, including data deletion, opt-out from data sharing, and access inquiries, ensuring timely and accurate responses in line with legal requirements
  • Privacy and Compliance Expertise: Stay current with and interpret various privacy and compliance frameworks (e.g., GDPR, CCPA/CPRA, and applicable state laws) to guide company practices and ensure ongoing adherence
  • Customer Security Support: Assist in responding to security and privacy questionnaires from prospective and existing customers, with a particular focus on privacy, data protection, and compliance-related questions
  • Compliance Maintenance and Remediation: Monitor and maintain compliance using our platform (Vanta), including uploading evidence of controls, refreshing policies as needed, and escalating technical issues to engineering teams for remediation when flagged
  • Third-Party Risk Management: Work with our partners and vendors to identify and monitor third-party risk, and guide them to improve over time
  • Risk Assessment and Reporting: Conduct regular reviews of privacy risks, contribute to internal audits, and prepare reports on compliance status for leadership
  • Cross-Functional Collaboration: Work closely with legal, engineering, and customer success teams to integrate privacy-by-design principles and resolve compliance gaps efficiently

Qualifications

  • Bachelor's degree in Information Security, Law, Business, or a related field; relevant certifications (e.g., CIPP, CIPM, or CISSP) are highly preferred
  • 2+ years of experience in GRC, privacy, or compliance roles, ideally in a SaaS or tech environment handling sensitive personal data
  • 2+ years of experience in managing high-volume data subject access requests (DSARs) and opt-out processes under GDPR, CCPA, and similar regulations
  • Familiarity with compliance tools like Vanta or similar platforms for evidence management and policy updates
  • Experience responding to customer security questionnaires and vendor risk assessments

Required Skills

  • Strong understanding of global privacy laws and frameworks, with the ability to apply them practically
  • Excellent analytical and problem-solving skills, with attention to detail in documenting processes and evidence
  • Proficiency in escalating technical compliance issues and collaborating with engineering teams
  • Effective communication skills for interacting with customers, stakeholders, and internal teams
  • Ability to work independently in a fast-paced environment while prioritizing compliance tasks

Preferred Skills

  • Knowledge of additional compliance standards (e.g., ISO 27001, SOC 2)
  • Experience with data mapping, privacy impact assessments (PIAs), or incident response in a privacy context
  • Technical aptitude for understanding SaaS infrastructure and data flows

Key skills/competency

  • GRC Analyst
  • Privacy Compliance
  • Data Subject Requests
  • GDPR
  • CCPA/CPRA
  • Vanta
  • Risk Assessment
  • Third-Party Risk Management
  • Information Security
  • Compliance Audits

Skills & topics

  • GRC Analyst
  • Privacy Analyst
  • Compliance Analyst
  • Data Privacy
  • GDPR
  • CCPA
  • Vanta
  • Risk Management
  • Information Security
  • SaaS Compliance

How to get hired

  • Tailor your resume: Highlight GRC, privacy, and compliance experience, specifically mentioning DSARs, GDPR, CCPA, and Vanta.
  • Showcase relevant skills: Emphasize analytical abilities, attention to detail, and cross-functional collaboration experience.
  • Prepare for technical questions: Be ready to discuss privacy frameworks and compliance tools like Vanta.
  • Demonstrate understanding of SaaS: Showcase knowledge of SaaS infrastructure and data flows if applicable.
  • Research Clay's culture: Align your application with their emphasis on creativity and unique operating principles.

Technical preparation

Review GDPR, CCPA/CPRA, and state privacy laws.,Familiarize yourself with Vanta compliance platform features.,Practice responding to data subject access requests.,Understand SaaS infrastructure and data flow basics.

Behavioral questions

Describe a complex compliance issue you resolved.,How do you prioritize multiple urgent compliance tasks?,How do you collaborate with engineering teams?,How do you stay updated on evolving privacy laws?

Frequently asked questions

What specific privacy regulations does Clay prioritize for the GRC Analyst, Privacy role?
Clay prioritizes adherence to major global privacy regulations such as GDPR and CCPA/CPRA, as well as applicable state laws. The GRC Analyst, Privacy will be instrumental in interpreting and applying these frameworks to company practices.
What experience level is required for the GRC Analyst, Privacy position at Clay?
Clay is seeking candidates with a minimum of 2 years of experience in GRC, privacy, or compliance roles, ideally within a SaaS or tech environment. Experience managing high-volume data subject access requests (DSARs) is also a key requirement.
Is experience with specific compliance platforms like Vanta necessary for the GRC Analyst, Privacy role?
Familiarity with compliance tools like Vanta is highly preferred for the GRC Analyst, Privacy role, as it's used for evidence management, policy updates, and maintaining compliance. Experience with similar platforms will also be considered.
What kind of collaboration can I expect as a GRC Analyst, Privacy at Clay?
As a GRC Analyst, Privacy, you will collaborate closely with legal, engineering, and customer success teams. This cross-functional collaboration is essential for integrating privacy-by-design principles and resolving compliance gaps efficiently.
Does Clay offer opportunities for professional development for a GRC Analyst, Privacy?
Yes, Clay fosters a culture that supports professional development. All employees have access to world-class coaches specializing in areas like management, and the company values continuous learning, which would extend to roles like GRC Analyst, Privacy.
What is the educational background preferred for the GRC Analyst, Privacy role at Clay?
A Bachelor's degree in Information Security, Law, Business, or a related field is preferred for the GRC Analyst, Privacy position. Relevant certifications such as CIPP, CIPM, or CISSP are highly valued.
How does Clay's unique culture impact the GRC Analyst, Privacy role?
Clay's culture emphasizes creativity and unique operating principles. While the GRC Analyst, Privacy role is detail-oriented, expect to work in an environment that values diverse approaches and continuous improvement, encouraging innovative solutions within compliance frameworks.