GRC Analyst, Privacy

About Clay

Our mission is to help organizations turn any growth idea into reality.

We see growth as a creative practice, not a formula. Finding and reaching your best-fit customers takes unique ideas and constant iteration. As AI makes execution faster and tactics easier to copy, creativity is the only lasting advantage. We're already helping thousands of customers — including Anthropic, Notion, Google, and Ramp — go to market with unique data, signals, and AI research.

In 2025, we raised a $100M Series C backed by world-class investors including Sequoia, CapitalG, and First Round — and crossed $100M in revenue.

In 2026, we announced our second employee tender offer in 9 months at a new $5B valuation. We also launched a community equity round, for our customers, agency partners, and club members.

Some things to know about us:

• Our community includes 11,000+ customers, 150+ integration partners, 125+ agencies, 50+ Clay clubs, and 30k members on Slack.

• Our culture is unique inside and outside of work. Our team members are also DJs, activists, writers, clowns, marathoners, skydivers, psychedelic therapists, social workers, and more.

• All employees can work for free with world-class coaches who specialize in creativity, management, and more.

• Our operating principles — including negative maintenance and non-attached action — guide our work. Read more about them here.

• Read about us in the NYT, Forbes, First Round Review, and more.

Hear from our employees directly on our Glassdoor page!

Job Summary

We are seeking a detail-oriented GRC (Governance, Risk, and Compliance) Analyst with a strong emphasis on privacy to join our team. In this role, you will play a critical part in maintaining our compliance posture by handling regulatory data subject requests, understanding and applying relevant privacy frameworks, assisting with customer security inquiries, and managing remediation efforts through our compliance platform. The ideal candidate is proactive, knowledgeable in privacy regulations, and capable of collaborating with cross-functional teams to uphold data security and compliance standards.

Key Responsibilities

• Data Subject Request Management: Execute and optimize processes for handling data subject requests, including data deletion, opt-out from data sharing, and access inquiries, ensuring timely and accurate responses in line with legal requirements

• Privacy and Compliance Expertise: Stay current with and interpret various privacy and compliance frameworks (e.g., GDPR, CCPA/CPRA, and applicable state laws) to guide company practices and ensure ongoing adherence

• Customer Security Support: Assist in responding to security and privacy questionnaires from prospective and existing customers, with a particular focus on privacy, data protection, and compliance-related questions

• Compliance Maintenance and Remediation: Monitor and maintain compliance using our platform (Vanta), including uploading evidence of controls, refreshing policies as needed, and escalating technical issues to engineering teams for remediation when flagged

• Third-Party Risk Management: Work with our partners and vendors to identify and monitor third-party risk, and guide them to improve over time

• Risk Assessment and Reporting: Conduct regular reviews of privacy risks, contribute to internal audits, and prepare reports on compliance status for leadership

• Cross-Functional Collaboration: Work closely with legal, engineering, and customer success teams to integrate privacy-by-design principles and resolve compliance gaps efficiently

Qualifications

• Bachelor's degree in Information Security, Law, Business, or a related field; relevant certifications (e.g., CIPP, CIPM, or CISSP) are highly preferred

• 2+ years of experience in GRC, privacy, or compliance roles, ideally in a SaaS or tech environment handling sensitive personal data

• 2+ years of experience in managing high-volume data subject access requests (DSARs) and opt-out processes under GDPR, CCPA, and similar regulations

• Familiarity with compliance tools like Vanta or similar platforms for evidence management and policy updates

• Experience responding to customer security questionnaires and vendor risk assessments

Required Skills

• Strong understanding of global privacy laws and frameworks, with the ability to apply them practically

• Excellent analytical and problem-solving skills, with attention to detail in documenting processes and evidence

• Proficiency in escalating technical compliance issues and collaborating with engineering teams

• Effective communication skills for interacting with customers, stakeholders, and internal teams

• Ability to work independently in a fast-paced environment while prioritizing compliance tasks

Preferred Skills

• Knowledge of additional compliance standards (e.g., ISO 27001, SOC 2)

• Experience with data mapping, privacy impact assessments (PIAs), or incident response in a privacy context

• Technical aptitude for understanding SaaS infrastructure and data flows