About Clay
Our mission is to help organizations turn any growth idea into reality.
We see growth as a creative practice, not a formula. Finding and reaching your best-fit customers takes unique ideas and constant iteration. As AI makes execution faster and tactics easier to copy, creativity is the only lasting advantage. We're already helping thousands of customers — including Anthropic, Notion, Google, and Ramp — go to market with unique data, signals, and AI research.
In 2025, we raised a $100M Series C backed by world-class investors including Sequoia, CapitalG, and First Round — and crossed $100M in revenue.
In 2026, we announced our second employee tender offer in 9 months at a new $5B valuation. We also launched a community equity round, for our customers, agency partners, and club members.
Some things to know about us:
Our community includes 11,000+ customers, 150+ integration partners, 125+ agencies, 50+ Clay clubs, and 30k members on Slack.
Our cultureis unique inside and outside of work. Our team members are also DJs, activists, writers, clowns, marathoners, skydivers, psychedelic therapists, social workers, and more.
All employees can work for free with world-class coaches who specialize in creativity, management, and more.
Our operating principles — including negative maintenance and non-attached action — guide our work. Read more about them here.
Read about us in the NYT, Forbes, First Round Review, and more.
Hear from our employees directly on our Glassdoor page!
Job Summary
We are seeking a detail-oriented GRC (Governance, Risk, and Compliance) Analyst with a strong emphasis on privacy to join our team. In this role, you will play a critical part in maintaining our compliance posture by handling regulatory data subject requests, understanding and applying relevant privacy frameworks, assisting with customer security inquiries, and managing remediation efforts through our compliance platform. The ideal candidate is proactive, knowledgeable in privacy regulations, and capable of collaborating with cross-functional teams to uphold data security and compliance standards.
Key Responsibilities
Data Subject Request Management: Execute and optimize processes for handling data subject requests, including data deletion, opt-out from data sharing, and access inquiries, ensuring timely and accurate responses in line with legal requirements
Privacy and Compliance Expertise: Stay current with and interpret various privacy and compliance frameworks (e.g., GDPR, CCPA/CPRA, and applicable state laws) to guide company practices and ensure ongoing adherence
Customer Security Support: Assist in responding to security and privacy questionnaires from prospective and existing customers, with a particular focus on privacy, data protection, and compliance-related questions
Compliance Maintenance and Remediation: Monitor and maintain compliance using our platform (Vanta), including uploading evidence of controls, refreshing policies as needed, and escalating technical issues to engineering teams for remediation when flagged
Third-Party Risk Management: Work with our partners and vendors to identify and monitor third-party risk, and guide them to improve over time
Risk Assessment and Reporting: Conduct regular reviews of privacy risks, contribute to internal audits, and prepare reports on compliance status for leadership
Cross-Functional Collaboration: Work closely with legal, engineering, and customer success teams to integrate privacy-by-design principles and resolve compliance gaps efficiently
Qualifications
Bachelor's degree in Information Security, Law, Business, or a related field; relevant certifications (e.g., CIPP, CIPM, or CISSP) are highly preferred
2+ years of experience in GRC, privacy, or compliance roles, ideally in a SaaS or tech environment handling sensitive personal data
2+ years of experience in managing high-volume data subject access requests (DSARs) and opt-out processes under GDPR, CCPA, and similar regulations
Familiarity with compliance tools like Vanta or similar platforms for evidence management and policy updates
Experience responding to customer security questionnaires and vendor risk assessments
Required Skills
Strong understanding of global privacy laws and frameworks, with the ability to apply them practically
Excellent analytical and problem-solving skills, with attention to detail in documenting processes and evidence
Proficiency in escalating technical compliance issues and collaborating with engineering teams
Effective communication skills for interacting with customers, stakeholders, and internal teams
Ability to work independently in a fast-paced environment while prioritizing compliance tasks
Preferred Skills
Knowledge of additional compliance standards (e.g., ISO 27001, SOC 2)
Experience with data mapping, privacy impact assessments (PIAs), or incident response in a privacy context
Technical aptitude for understanding SaaS infrastructure and data flows
