GRC Specialist I

Who we are: 

Want to make an impact? Join our pack and come work (and play!) with us.

We believe everyone deserves the unconditional love of a pet—and at Rover, our mission is to make it easier to experience that love. Founded in 2011, the Rover app and website connect dog and cat parents with loving pet sitters and dog walkers in neighborhoods across the US, Canada, and Europe. We empower our community of trusted pet sitters and dog walkers to run their own pet care businesses on Rover with the tools and security of a global company to back them.

Headquartered in Seattle, Washington, we work closely with our teams in Barcelona, San Antonio, Spokane, and remote locations. We’ve got a reputation for being a great place to work, having been named among the 100 Best Companies to Work For in Seattle Business Magazine and Washington’s Best Workplaces in the Puget Sound Business Journal. We're an agile, fast-growing company, and our leadership comes from some of the world's most respected tech companies. 

At Rover, our furry coworkers are just as important as our human ones—and we wouldn’t have it any other way. Along with making the joys of pet parenthood more accessible, we’re committed to fostering a diverse, inclusive, and welcoming community of pet people—and that starts with our employees.

This role is based in our Barcelona office and is hybrid, one day in office per week (Thursday)

Who We're Looking For:

We are seeking a detail-oriented and proactive GRC Specialist to join our team at Rover. This role will support our efforts to ensure proper data governance, policy development, and regulatory adherence with a specific focus on global privacy regulations, including CCPA, GDPR, and other privacy laws. The ideal candidate will work closely with our legal and cybersecurity to ensure that our GRC practices are robust, effective, and compliant.

• Manage and Respond to Data Subject Requests Escalations (DSRs): Handle customer escalations from CX around requests for data access, rectification, erasure, restriction, portability, and objections to processing, ensuring timely and compliant responses under CCPA, GDPR, and other regulations.
• Assist in Privacy Expertise and Guidance: Offer insights and best practices to internal stakeholders on privacy compliance, supporting a culture of privacy and data protection within the organization and new Rover companies.
• Policy and Procedure Development: Contribute to the development and maintenance of privacy and data governance policies, ensuring they are up-to-date with evolving regulatory requirements.
• Maintain Training Records and Key Learning Indicators: Track key learning indicator measures related to privacy compliance and maintain training records to ensure continuous improvement and awareness among staff.
• Assist in Developing Metrics to Track Success of Program: Specifically, we need someone who can help to develop strong metrics to track and report on the health/success of our privacy programs.  This will be done in conjunction with our Privacy Program Manager to be reported out to our executives on the success or failure of the programs we develop.
• Assist with Record of Data Processing Activities (ROPA): Work with Legal counterparts to develop and maintain the ROPA, ensuring accurate documentation of data processing activities.
• Assist in Configuration and Customize Ketch Platform: Assist in configuration and customization to the Ketch privacy management platform, with Data Security Engineer, to meet the needs of the privacy program, including creating and refining workflows, assessments, and reports.
• Assist in Compliance Monitoring: Monitor and track compliance activities, including the effectiveness of privacy and data security controls, and provide regular reports to management.
• Support Data Privacy Audits: Assist in or conduct data privacy audits to identify and address vulnerabilities in data privacy processes, ensuring alignment with regulatory requirements.
• Governance Activities: Support the GRC team in maintaining records of data processing activities, conducting privacy impact assessments, and ensuring documentation is compliant with CCPA, GDPR, and other relevant regulations.
• Assist in Conducting Privacy Impact Assessments (PIAs) and Data Protection Impact Assessments (DPIAs): Collaborate with Legal and Privacy Program Manager to evaluate and mitigate privacy  risks through PIAs and DPIAs, supporting the privacy program’s risk management efforts.
• Collaborate on Privacy Law Compliance: Partner with Legal and Privacy Program Manager counterparts and to ensure compliance with existing and emerging privacy regulations, providing insights on changes that impact the organization.
• Training and Awareness: Assist in developing training materials and programs to enhance employee awareness regarding privacy practices, data protection requirements, and internal policies.
• Incident Response Support: As necessary, aid in the documentation and investigation of data breaches or other security incidents, ensuring a swift and compliant response in collaboration with the Data Security Engineer and other stakeholders.

• Education: Bachelor’s degree in Information Security, Risk Management, Compliance, Business Administration, or a related field.
• Experience: 0-2 years of experience in governance, risk management, compliance, or a related field, with a focus on privacy regulations (e.g., GDPR, CCPA).
• Knowledge of Privacy Management Platforms: Familiarity with platforms like Ketch or similar tools for managing data subject rights and automating privacy workflows.
• Regulatory Understanding: Strong understanding of global privacy laws and regulations, including GDPR, CCPA, and industry standards for data protection.
• Communication Skills: Excellent written and verbal communication skills, with the ability to clearly present complex privacy concepts to stakeholders at all levels.
• Attention to Detail: Meticulous attention to detail, particularly in documentation, policy development, and audit processes.
• Collaborative Mindset: Ability to work effectively in cross-functional teams, collaborating with legal, cybersecurity, and business units.

• Certifications: Privacy certifications such as CIPP/US, CIPP/E, or CIPM are highly desirable.
• Experience with GRC Tools: Experience with GRC software or platforms for tracking compliance and developing metrics.
• Knowledge of Data Security Practices: Understanding of encryption, data anonymization, and data protection practices to support data privacy initiatives.

• Competitive Compensation: A comprehensive package, including a 401(k), equity, and flexible PTO.
• Professional Development: Opportunities for growth and professional certification support.
• Collaborative Environment: Work in a team-oriented environment where you’ll have the opportunity to engage with multiple departments, including Legal, IT, and Cybersecurity.
• Unique Benefits: From dog-friendly offices to regular team events, Rover offers a fun and inclusive culture that values work-life balance.

Rover is an equal-opportunity employer committed to promoting a diverse, inclusive, and inventive environment with the best employees. We’re driven by seeing our people succeed and grow, and we work to ensure everyone contributes to their fullest potential. We consider all qualified applicants without regard to age, race, color, ancestry, national origin, religion, disability, protected veteran status, sex, gender identity or expression, sexual orientation, or any other protected status in accordance with applicable laws, regulations, and ordinances.