Tunnl logo

Senior Privacy & Compliance Manager

Tunnl
1 hour ago
Full-time
On-site
United States
Manager

About Tunnl

Tunnl is building a future where artificial intelligence enables organizations to connect meaningfully with the people who matter most. We help organizations conduct research at scale, define the right audiences, surface real-time insights, identify optimal communication channels, and measure changing attitudes over time.

Tunnl serves brands, agencies, and advocacy groups alike - organizations navigating complex communications, reputational, and regulatory landscapes. These teams need smarter, faster ways to make audience-informed decisions that stand up to scrutiny and resonate across stakeholder groups. Whether you're building a brand, shaping public opinion, managing risk, or launching a new initiative, Tunnl empowers you to move from insight to impact with clarity & confidence.

About the Role

As Tunnl's Senior Privacy & Compliance Manager, you'll be the operational backbone of our privacy program — translating legal and regulatory requirements into day-to-day processes, managing consumer opt-out operations, maintaining our data inventory, supporting incident response, and keeping our data intelligence and survey research businesses compliant with an evolving patchwork of U.S. privacy law.

You'll work in close collaboration with Tunnl's legal counsel and senior leadership, serving as the internal implementation and coordination hub for privacy across all of Tunnl's products and operations. This role reports directly to senior leadership and is a hands-on, execution-focused position suited for someone who thrives on building structure in a fast-moving environment.

What You'll Do

Privacy Program Operations

  • Support the day-to-day operations of Tunnl's privacy compliance program, working in close coordination with legal counsel and leadership to ensure requirements are understood and consistently applied across the organization.

  • In collaboration with counsel and leadership, translate legal and regulatory obligations into actionable policies, procedures, and controls — and partner with cross-functional stakeholders to implement them.

  • Draft, update, and maintain privacy and data protection policies, procedures, standards, and guidelines.

  • Maintain a privacy compliance calendar; flag upcoming registration deadlines and regulatory implementation timelines to leadership.

  • Collaborate with Marketing and RevOps to implement the appropriate updates to policies hosted on the Tunnl website.

  • Support the preparation of privacy reporting — dashboards, management reports, and KPIs — to track program maturity and compliance posture.

  • Scale privacy awareness internally: build practical guidance and training that helps employees understand their obligations and handle data appropriately.

Consumer Rights & Opt-Out Operations

  • Own and operate Tunnl's consumer opt-out, deletion, and data subject rights program — intake, processing, recordkeeping, and timely fulfillment in accordance with applicable law.

  • Build and maintain opt-out and individual rights request workflows that scale as regulatory requirements and consumer volume grow.

  • Serve as the primary point of contact for consumer privacy inquiries, complaints, and escalations.

  • Support consent management practices across Tunnl's data collection and survey channels.

  • Respond to privacy and security questionnaires from clients, partners, and vendors — coordinating with legal, engineering, and ops as needed.

Regulatory Compliance — Data Broker & Privacy Laws

  • Manage Tunnl's data broker registrations and renewals across all applicable states (California, Texas, Oregon, Vermont, and others as new requirements take effect).

  • Maintain working knowledge of applicable U.S. state privacy laws (CCPA/CPRA, CPA, VCDPA, etc.), FTC regulations, TCPA, CAN-SPAM, and other marketing privacy requirements — and support implementation of new obligations in collaboration with counsel.

  • Conduct privacy gap analyses and risk assessments; develop action plans to mitigate identified risks and track remediation to completion, in collaboration with Tunnl counsel and leadership.

  • Support privacy impact assessments (PIAs/DPIAs) for new products, features, data partnerships, and processing activities.

  • Coordinate Tunnl's participation in audits, due diligence processes, and client privacy reviews.

  • Support privacy due diligence for any mergers, acquisitions, or significant organizational changes.

Data Mapping & Inventory

  • Build, maintain, and ensure the accuracy of Tunnl's data inventories and data flow maps — covering all systems, vendors, processing purposes, and business operations.

  • Use data inventory information to support PIAs, vendor risk reviews, and internal compliance assessments.

  • Partner with product and engineering to incorporate data mapping into new product development and vendor onboarding.

Survey Research Compliance

  • Ensure Tunnl's survey business operates in accordance with applicable research ethics standards, consent requirements, and data handling obligations.

  • Review survey data collection practices, consent flows, and panel management processes for compliance with federal and state law — including TCPA, CAN-SPAM, and applicable state privacy statutes.

  • Support internal teams and clients with guidance on lawful data use and permissible survey practices, coordinating with legal counsel on complex questions.

AI Governance & Responsible Data Use

  • Support Tunnl's AI governance framework — help ensure alignment with applicable privacy, data protection, and ethical use standards across Tunnl's AI-powered products and internal tooling.

  • Familiar with ISO 42001, direct experience is a plus.

  • Monitor emerging AI-related privacy regulatory developments and flag potential impacts to leadership for direction and response.

  • Support product, engineering, and legal in assessing privacy risks associated with AI and automated decision-making systems prior to deployment.

Incident Response & Third-Party Risk

  • Assist with Tunnl's privacy incident and breach response program — supporting timely intake, assessment, escalation, and resolution of security and privacy incidents in coordination with legal and engineering.

  • Help assess privacy impact following incidents and support determination of regulatory, contractual, and notification obligations, in collaboration with Tunnl counsel and leadership.

  • Coordinate and support third-party vendor privacy risk assessments; help maintain and update data processing agreements and vendor privacy reviews.

  • Collaborate with Tunnl's information security function to ensure security and privacy controls are aligned.

Cross-Functional Partnership & Governance

  • Serve as an internal coordination point for privacy across product, engineering, data, sales, and marketing — supporting privacy-by-design practices for new initiatives.

  • Collaborate with Legal, IT, HR, Finance, and other core functions to route privacy and data governance issues through appropriate channels for investigation, remediation, and reporting.

  • Assist with Tunnl's Document Retention Policy and related data governance efforts.

  • Support the development and delivery of privacy training and awareness programs for internal employees.

What We're Looking For

Required:

  • 7–10 years of progressive privacy and compliance experience, ideally in a data, adtech, market research, or information services environment.

  • Required privacy certification: CIPP/US, CIPM, AIGP, or equivalent.

  • Hands-on experience managing consumer privacy request operations (opt-outs, deletions, access requests) at scale.

  • Experience building and maintaining data inventories and data flow maps.

  • Working knowledge of U.S. state data privacy laws (CCPA/CPRA and the broader state patchwork), the data broker regulatory landscape, TCPA, and CAN-SPAM.

  • Experience conducting privacy risk assessments, PIAs/DPIAs, and vendor privacy reviews.

  • Experience supporting privacy and/or cybersecurity incident response, including breach notification obligations.

  • Experience drafting and maintaining privacy policies, procedures, and standards.

  • Strong project management skills — able to manage and prioritize multiple concurrent initiatives independently in a fast-moving environment.

  • Excellent written and verbal communication — able to translate dense regulatory language into plain-English guidance for internal teams, clients, and partners.

  • Collaborative and solutions-oriented — you support and coordinate rather than work in isolation, and you bring practical paths forward rather than just flagging problems.

  • Proficiency in common business tools (Excel, PowerPoint) and privacy management or GRC platforms; OneTrust experience a plus.

Preferred:

  • Familiarity with survey research regulations and market research industry standards (ESOMAR, MRA).

  • Experience with AI governance frameworks and privacy considerations for automated decision-making systems.

  • Bachelor's degree in law, information management, business, or a related field.

Why You Should Apply:

  • Join a team driven by curiosity, teamwork, integrity, and a shared passion for solving big challenges.

  • A friendly, welcoming, and supportive culture with regular social and team events.

  • Comprehensive benefits with excellent medical, vision, and dental coverage.

  • Health Savings Account (HSA) and Flexible Spending Account (FSA) options.

  • Employer-paid life insurance & short-term & long-term disability, with other voluntary additional coverage available (accident, critical illness, hospital indemnity).

  • Flexible hybrid work policy.

  • Flexible paid vacation plus 80 hours of paid sick leave.

  • 10 paid company holidays per year.

  • 401(k) plan with 100% match up to 3%, plus 50% match up to 5% (subject to IRS limits).

  • Cell phone reimbursement stipend.

  • Monthly parking or commuter stipend for VA-based employees.