Senior Staff Data Security Privacy Engineer

About Coursera

Coursera was founded in 2012 by Stanford professors Andrew Ng and Daphne Koller to make world-class learning accessible to everyone, everywhere. Today, over 190 million learners and 375+ university and industry partners use our platform to gain skills in fields like AI, data science, technology, and business. As a Delaware public benefit corporation and Certified B Corp, we’re driven by the belief that learning can transform lives through learning.

Why Join Us

At Coursera, we’re looking for inventors, innovators, and lifelong learners ready to shape the future of education. You’ll help build global programs and tools that power online learning for millions turning bold ideas into real impact. People who thrive here are customer-first builders who move fast, simplify ruthlessly, and iterate relentlessly on the metrics that matter. 

We’re a globally distributed team and let you choose the best way you work, whether it's from home, a Coursera hub, or a co-working space near you. Our virtual hiring and onboarding make it easy to join us and start making an impact from anywhere. If you’re ready to make a global impact, scale unique products exclusive to Coursera, and expand your career horizons, apply below.

Job Overview:

As a Sr. Staff Engineer, Data Security and Privacy, you will play a critical role in designing, building, and scaling the systems, processes, and controls that protect the company and our users’ data and ensure trust in our products. Working as part of the Information Security team, you will partner closely with Engineering,  Legal, and cross-functional stakeholders to embed privacy-by-design principles into our infrastructure and translate regulatory requirements into scalable technical solutions.

This is a hands-on role for a senior individual contributor who thrives at the intersection of security, privacy, and data infrastructure. You will shape how we discover, classify, and protect information, lead privacy risk mitigation efforts, and help evolve our data security capabilities as the company grows.

Responsibilities:

Privacy by Design and Technical Enablement

• Partner with Engineering, Legal, Product, IT, and other cross-functional stakeholders (Stakeholders) to design and embed privacy and data protection principles across the entire organization, from product development to operations.
• Partner with Stakeholders to translate legal and regulatory obligations into actionable technical requirements, policies, and controls.
• Develop privacy-enhancing capabilities such as data minimisation, anonymisation, and access-control frameworks that scale with our infrastructure.

Data Discovery, Classification, and Mapping

• Design and implement data classification and handling frameworks to provide appropriate protection throughout the data lifecycle.
• Build and maintain comprehensive data inventories and data flow maps, identifying where data resides and how it is processed across systems.
• Collaborate with Engineering teams to apply appropriate controls at every point in the data pipeline.

Risk Assessment, Monitoring, and Compliance Execution

• Conduct technical risk assessments of internal and third party systems and applications to identify, evaluate, and mitigate privacy and data security risks, including vulnerabilities, misuse, and compliance gaps.
• Contribute to Data Protection Impact Assessments (DPIAs) by assessing the technical and security implications of new processing activities.
• Partner with Legal to transform evolving regulatory frameworks (e.g., GDPR, CCPA, NIST, ISO) into secure, scalable engineering solutions that drive compliance and build user trust.

Incident Response and Breach Management

• Lead and coordinate the company’s technical response to data breaches or security incidents, including those impacting personal information (Incidents), enabling timely investigation, effective mitigation, and root-cause analysis.
• Design and implement processes and tooling to detect, investigate, and remediate, Incidents in compliance with applicable laws.

Privacy Automation and Process Enablement

• Partner with Stakeholders to design and implement automated workflows and tools to streamline privacy operations, including data subject rights requests and data deletion workflows.
• Deploy and manage data loss prevention (DLP) capabilities across endpoints, applications, and infrastructure to prevent unauthorised disclosure of sensitive data.
• Implement continuous auditing, monitoring, and alerting to track compliance posture and surface security and operational privacy risks proactively.

Cross-Functional Collaboration and Enablement

• Act as a trusted advisor to Stakeholders on the technical implementation of privacy and security controls.
• Provide strategic input on product design decisions and architectural choices to enable alignment with privacy and security best practices.
• Partner with cross functional teams to develop and execute  vendor risk assessments, establishing processes that address technical, security and privacy requirements across the entire vendor lifecycle.

Additional Responsibilities

• Collaborate with Legal on technical aspects of contractual reviews with enterprise customers,partners, vendors, and other third parties.
• Contribute to the development of internal policies, standards, and procedures based on technical best practices.

Skills and Qualifications

• 10+ years of hands-on experience in information security, privacy engineering, or related roles.
• Strong understanding of global data protection laws and regulations (e.g. GDPR, CCPA) and their technical implications.
• Proven experience in incident response, data protection engineering, and risk assessments.
• Familiarity with data classification, mapping, and governance methodologies.
• Experience with DLP technologies and implementing privacy workflows and automation.
• Familiarity with workflow automation tools and ticketing systems (e.g. Jira, ServiceNow).
• Experience in using third party privacy automation tooling is a plus.
• Strong analytical, problem-solving, and communication skills, with the ability to work effectively across cross-functional teams.
• Industry certifications (e.g. CISSP, CISA, CISM) are a plus.

Compensation 

This role is available in the following US Pay Zones:

Zone 1: $250,200 - $271,320

Zone 2: 220-000 - $259,200

Zone 3: $210,000 - $240,635

Zone 4: $200,000- $224,080

At Coursera, we offer competitive, zone-based pay aligned to your location, experience, and role level across four U.S. pay zones. Our total rewards package goes beyond salary, with comprehensive health and wellness benefits, bonus and RSU equity programs, and global perks designed to help you grow and thrive wherever you are.

US Pay Zones:

• US-Z1: Bay Area
• US-Z2: NYC and Seattle Metro
• US-Z3: CA, WA, NY, NJ, CO, CT, DC, GA, IL, MA, MD, OR, RI, TX, VA
• US-Z4: AK, AZ, DE, FL, HI, ID, IN, IA, KS, KY, MI, MN, MO, MT, NC, NV, NH, OH, OK, PA, SC, TN, UT, VT, WI

Coursera is an Equal Opportunity Employer committed to building a welcoming and inclusive workplace. We consider all qualified applicants without regard to legally protected characteristics and provide reasonable accommodations upon request at accommodations@coursera.org. Learn more in our CCPA Applicant Notice and GDPR Recruitment Notice.