Senior Staff Data Security Privacy Engineer

About Coursera

Coursera was founded in 2012 by Stanford professors Andrew Ng and Daphne Koller to make world-class learning accessible to everyone, everywhere. Today, over 190 million learners and 375+ university and industry partners use our platform to gain skills in fields like AI, data science, technology, and business. As a Delaware public benefit corporation and Certified B Corp, we’re driven by the belief that learning can transform lives through learning.

Why Join Us

At Coursera, we’re looking for inventors, innovators, and lifelong learners ready to shape the future of education. You’ll help build global programs and tools that power online learning for millions turning bold ideas into real impact. People who thrive here are customer-first builders who move fast, simplify ruthlessly, and iterate relentlessly on the metrics that matter. 

We’re a globally distributed team and let you choose the best way you work, whether it's from home, a Coursera hub, or a co-working space near you. Our virtual hiring and onboarding make it easy to join us and start making an impact from anywhere. If you’re ready to make a global impact, scale unique products exclusive to Coursera, and expand your career horizons, apply below.

Job Overview:

Sr. Staff Engineer, Data Security and Privacy is responsible for protecting sensitive information from unauthorized access or breaches and ensuring an organization's compliance with data protection laws and regulations. They develop and implement privacy programs, conduct risk assessments, and provide guidance on data security and privacy matters to various departments, ensuring a strong privacy-aware organizational culture.

Responsibilities:

• Develop and Implement Privacy Programs: This includes creating and maintaining policies, procedures, and protocols related to data security and privacy. 


• Data Classification and Handling: Develop and implement data classification policies, procedures, and guidelines for proper handling, storage, and disposal of different information categories.
• Data Identification and Mapping: Create and maintain comprehensive data inventories identifying where sensitive information resides throughout the organization, ensuring appropriate controls and protections are applied.
• Conduct Risk Assessments: Identify, evaluate, and mitigate data security and privacy risks, including potential vulnerabilities and threats.
• Incident Response: Lead and coordinate incident response efforts related to data breaches or security incidents, including reporting, communication, and investigation. Ensure Compliance: Stay informed about and ensure compliance with relevant data protection laws and regulations (e.g., GDPR, CCPA, etc.). 
• Privacy Training: Develop and deliver training programs to educate employees on data security and privacy best practices and responsibilities.
• Collaboration and Communication: Work with various departments, including Legal/Privacy, Engineering, IT, and Sales/Marketing, to integrate privacy into organizational processes. Vendor Management: Oversee and manage vendor data security and privacy practices to ensure they align with organizational policies and legal requirements.
• Contractual Reviews: Review contracts with Enterprise Customers and Partners to assure compliance with data security and privacy requirements.
• Privacy Process Automation: Consult with relevant stakeholders to design and implement automated workflows for privacy and data security operations (e.g., data subject access requests, right to be forgotten requests) to ensure timely and consistent processing.
• Data Loss Prevention: Implement and manage DLP controls across various endpoints and systems to prevent unauthorized disclosure of sensitive information.
• Auditing and Monitoring: Conduct regular audits and monitoring to assess compliance and identify areas for improvement.
• Advise and Consult: Provide guidance and advice to management and other stakeholders on data security and privacy matters.
• Data Protection Impact Assessments (DPIAs): Review and advise on DPIAs to assess the potential impact of data processing activities on privacy rights

Qualifications:

• 10+ years’ of working experience in an Information Security, Privacy and Compliance role and a strong understanding of privacy laws and regulations (e.g., GDPR, CCPA).
• Experience with incident response planning and execution. Industry standard security certification(s) a Plus: CISSP, CISA, CISM, etc.
• Knowledge of data breach notification procedures and knowledge of relevant industry standards and best practices.
• Experience with data classification frameworks and governance programs and experience with data mapping methodologies and data discovery tools and exposure to configuring and managing DLP solutions and familiarity with workflow automation tools and ticketing systems (e.g., Jira, ServiceNow).
  

Nice to haves:

• Ability to analyze and interpret data and identify potential vulnerabilities.
• Excellent communication and interpersonal skills.
• Strong analytical and problem-solving skills.
• Experience with privacy risk assessments and data protection impact assessments (DPIAs)

Compensation 

This role is available in the following US Pay Zones:

Zone 1: $250,200 - $271,320

Zone 2: 220-000 - $259,200

Zone 3: $210,000 - $240,635

Zone 4: $200,000- $224,080

At Coursera, we offer competitive, zone-based pay aligned to your location, experience, and role level across four U.S. pay zones. Our total rewards package goes beyond salary, with comprehensive health and wellness benefits, bonus and RSU equity programs, and global perks designed to help you grow and thrive wherever you are.

US Pay Zones:

• US-Z1: Bay Area
• US-Z2: NYC and Seattle Metro
• US-Z3: CA, WA, NY, NJ, CO, CT, DC, GA, IL, MA, MD, OR, RI, TX, VA
• US-Z4: AK, AZ, DE, FL, HI, ID, IN, IA, KS, KY, MI, MN, MO, MT, NC, NV, NH, OH, OK, PA, SC, TN, UT, VT, WI

Coursera is an Equal Opportunity Employer committed to building a welcoming and inclusive workplace. We consider all qualified applicants without regard to legally protected characteristics and provide reasonable accommodations upon request at accommodations@coursera.org. Learn more in our CCPA Applicant Notice and GDPR Recruitment Notice.