Mosaic Group is a mobile app developer with an award-winning portfolio of brands and products—including iTranslate, RoboKiller, and Daily Burn. We build and acquire best-in-class mobile applications, providing creators with a platform to reach global audiences along with the inspiration, support, and resources to innovate new products. Owned and operated by IAC (NASDAQ: IAC), Mosaic Group is a global company headquartered in New York City with offices across the US as well as Austria, Belarus, China, and Ireland. Learn more at


This is an excellent opportunity for a Data Privacy Analyst/ Data Privacy Compliance Manager to join our rapidly growing team, and to support our company in the ongoing enhancement and day-to-day management of our privacy compliance program. The Data Privacy Analyst / Data Privacy Compliance Manager reports to Privacy Counsel and is expected to work across multiple business functional teams, liaising with Legal, Compliance and Information Security.

The role ensures successful and consistent delivery of privacy compliance program activities, policies, and procedures, facilitates privacy-compliant business decision making, and serves to advise and give guidance to the business on how to align with various privacy and data protection requirements. Particular focus areas will include supporting Privacy Counsel, Legal Compliance, and Information Security colleagues with third party risk management (including due diligence of prospective service providers, vendors, etc.), responding to client requests for information regarding our own privacy and security processes, and supporting the legal team in the performance of data privacy impact assessments to help our growing and evolving business identify and mitigate privacy and security risks as they emerge.

To be successful in this role, you will have proven ability and at least 3 years’ experience in promoting awareness, understanding, and practical application of privacy and data protection principles and best practices across organizations, enabling them to align their operations with the requirements of global privacy laws and regulations, such as the EU General Data Protection Regulation (GDPR), and California Consumer Privacy Act (CCPA).

You will have an in-depth knowledge of these regulations, industry standards, and compliance-related frameworks. Familiarity with the technology industry, mobile applications and the nature of their data processing activities would be a significant plus, as would experience with implementing or managing privacy compliance programs or key domains within them. Experience with contract and data processing addendum reviews, Information Security controls testing or IT audit, and communication of policies and procedures would all also be helpful to the successful candidate.

Duties and Responsibilities

  • Support Privacy Counsel in continual identification, documentation, and evaluation of the company’s data processing activities and data flows.
  • Maintaining and updating Privacy Policies and Cookie Policies for the organisation’s various products and applications.
  • Assist with the documentation of the organisation’s Records of Processing (GDPR Article 30), identifying areas of risk or non-compliance and supporting in mitigation and/or remediation.
  • Conduct formally documented Data Protection Impact Assessments (DPIAs) in collaboration with Privacy Counsel and business stakeholders, to help manage risks introduced by evolving business activities processing sensitive personal information.
  • Assist with the onboarding assessment of new vendors from a privacy and security perspective.
  • Identify new and existing vendors requiring privacy agreements and track the completion and implementation status of data processing agreements and transfer agreements with those vendors.
  • Support Privacy Counsel, Legal, Compliance, and Information Security in performing due diligence and contracting with new third parties. This will involve assessing privacy and information security controls and standards, reviewing and recommending privacy and data protection contractual requirements, and coordinating across the business to communicate and remediate risks associated with new third party relationships.
  • Support in management of Data Subject Request program, helping Privacy Counsel in responding to privacy requests made by data subjects wishing to exercise their rights (for example under GDPR and CCPA/CPRA).
  • Act as point of contact with internal teams to promote awareness and understanding of privacy regulatory requirements, as well as company policies and procedures.
  • Support Privacy Counsel in identifying business processes or aspects of the privacy compliance program that will require the drafting, updating, and communicating of new or enhanced privacy and data protection policies. This will serve to strengthen the privacy compliance program, and extend its reach within our business.
  • Offer support to Privacy Counsel and Information Security teams in responding to incidents or suspected privacy breaches.
  • Support in the ongoing delivery of training on GDPR, CCPA, CPRA, VCDPA and other emerging privacy laws for employees.
  • Support Privacy Counsel in further developing our Privacy and Security Rules compliance program.
  • Other duties as assigned by Legal or Information Security.


  • Minimum 3 years of experience in data privacy program management and legal compliance.
  • Experience in third party risk management.
  • Excellent communication (verbal and written), facilitation, and interpersonal skills, including the ability to face off across all levels of an organizations.
  • Experience in performing data protection impact assessments, or similar privacy risk analysis.
  • Solid knowledge of/experience with global privacy regulations and how they apply to data processing operations in the medical device or healthcare sector.
  • Familiarity with computer security systems/critical security controls and related industry standards for privacy and security.
  • Demonstrated ability to build relationships, establish trust, and form effective alliances across teams and functions to ensure optimal end-to-end delivery.
  • Ethical, with the ability to remain tactful, impartial and escalate all instances of noncompliance through established reporting channels.
  • Demonstrated commitment to high quality and attention to detail

Additional Skills/Certifications (preferred)

  • Privacy certifications such as CIPP/US, CIPP/E, CIPM, CIPT, or FIP.
  • Paralegal or other experience working within a Legal department (e.g. contract review).
  • Experience with OneTrust Tool or prior data privacy-related consulting experience.
  • Security or IT Audit certifications such as CISSP, CIPM, CISA, or CRISC.

*We embrace diversity and strive to create an inclusive and equitable environment for all.


Apply for this Job

* Required

When autocomplete results are available use up and down arrows to review
+ Add Another Education

U.S. Equal Opportunity Employment Information (Completion is voluntary)

Individuals seeking employment at Mosaic Group are considered without regards to race, color, religion, national origin, age, sex, marital status, ancestry, physical or mental disability, veteran status, gender identity, or sexual orientation. You are being given the opportunity to provide the following information in order to help us comply with federal and state Equal Employment Opportunity/Affirmative Action record keeping, reporting, and other legal requirements.

Completion of the form is entirely voluntary. Whatever your decision, it will not be considered in the hiring process or thereafter. Any information that you do provide will be recorded and maintained in a confidential file.

Race & Ethnicity Definitions

If you believe you belong to any of the categories of protected veterans listed below, please indicate by making the appropriate selection. As a government contractor subject to Vietnam Era Veterans Readjustment Assistance Act (VEVRAA), we request this information in order to measure the effectiveness of the outreach and positive recruitment efforts we undertake pursuant to VEVRAA. Classification of protected categories is as follows:

A "disabled veteran" is one of the following: a veteran of the U.S. military, ground, naval or air service who is entitled to compensation (or who but for the receipt of military retired pay would be entitled to compensation) under laws administered by the Secretary of Veterans Affairs; or a person who was discharged or released from active duty because of a service-connected disability.

A "recently separated veteran" means any veteran during the three-year period beginning on the date of such veteran's discharge or release from active duty in the U.S. military, ground, naval, or air service.

An "active duty wartime or campaign badge veteran" means a veteran who served on active duty in the U.S. military, ground, naval or air service during a war, or in a campaign or expedition for which a campaign badge has been authorized under the laws administered by the Department of Defense.

An "Armed forces service medal veteran" means a veteran who, while serving on active duty in the U.S. military, ground, naval or air service, participated in a United States military operation for which an Armed Forces service medal was awarded pursuant to Executive Order 12985.

Form CC-305

OMB Control Number 1250-0005

Expires 05/31/2023

Voluntary Self-Identification of Disability

Why are you being asked to complete this form?

We are a federal contractor or subcontractor required by law to provide equal employment opportunity to qualified people with disabilities. We are also required to measure our progress toward having at least 7% of our workforce be individuals with disabilities. To do this, we must ask applicants and employees if they have a disability or have ever had a disability. Because a person may become disabled at any time, we ask all of our employees to update their information at least every five years.

Identifying yourself as an individual with a disability is voluntary, and we hope that you will choose to do so. Your answer will be maintained confidentially and not be seen by selecting officials or anyone else involved in making personnel decisions. Completing the form will not negatively impact you in any way, regardless of whether you have self-identified in the past. For more information about this form or the equal employment obligations of federal contractors under Section 503 of the Rehabilitation Act, visit the U.S. Department of Labor’s Office of Federal Contract Compliance Programs (OFCCP) website at

How do you know if you have a disability?

You are considered to have a disability if you have a physical or mental impairment or medical condition that substantially limits a major life activity, or if you have a history or record of such an impairment or medical condition.

Disabilities include, but are not limited to:

  • Autism
  • Autoimmune disorder, for example, lupus, fibromyalgia, rheumatoid arthritis, or HIV/AIDS
  • Blind or low vision
  • Cancer
  • Cardiovascular or heart disease
  • Celiac disease
  • Cerebral palsy
  • Deaf or hard of hearing
  • Depression or anxiety
  • Diabetes
  • Epilepsy
  • Gastrointestinal disorders, for example, Crohn's Disease, or irritable bowel syndrome
  • Intellectual disability
  • Missing limbs or partially missing limbs
  • Nervous system condition for example, migraine headaches, Parkinson’s disease, or Multiple sclerosis (MS)
  • Psychiatric condition, for example, bipolar disorder, schizophrenia, PTSD, or major depression

1Section 503 of the Rehabilitation Act of 1973, as amended. For more information about this form or the equal employment obligations of Federal contractors, visit the U.S. Department of Labor's Office of Federal Contract Compliance Programs (OFCCP) website at

PUBLIC BURDEN STATEMENT: According to the Paperwork Reduction Act of 1995 no persons are required to respond to a collection of information unless such collection displays a valid OMB control number. This survey should take about 5 minutes to complete.