Strava is Swedish for “strive,” which epitomizes our attitude and ambition: We’re a passionate and committed team, unified by our mission to build the most engaged community of athletes in the world. Every day, we’re searching for new ways to inspire athletes and make the sports they love even more fun. But it’s not only about achieving – we’re an inclusive team, dedicated to elevating each other and the members of our community. That balanced approach has helped us revolutionize our industry, and we’re just getting started. Millions of athletes are on Strava, millions more will come. When you’re ready for a challenge and a team that will support you along the way, join us.
About this role:
We are looking for a part-time Data Protection Officer (DPO). The DPO will report to the Legal Department. DPO responsibilities include advising on our compliance with GDPR and local data protection laws, monitoring our adherence to GDPR standards and acting as a point of contact internally and with supervisory authorities and data subjects regarding data protection. As Strava’s DPO, you will be responsible for managing our data protection program and policies as the laws around data protection develop and change, ensuring compliance and delivering GDPR trainings to our staff to increase awareness of data protection measures.
To be successful in this role, you should have knowledge of GDPR and local data protection laws and be familiar with our industry and the nature of its data processing activities. A successful DPO at Strava will facilitate GDPR compliance through transparent data protection policies, systems and procedures. You should also be familiar with performing compliance audits to our current procedures. This is a part-time exempt role based in our Denver, CO office.
- Act as point of contact with EU residents, supervisory authorities, and internal teams
- Evaluate and improve Strava’s data processing activities, including developing appropriate documentation and guides
- Manage Strava’s Data Protection Impact Assessment (DPIA) protocol, together with our product teams
- Monitor data management procedures and compliance
- Ensure privacy by design at all levels of product development, including assistance with engaging in appropriate product review process
- Maintain records of data processing operations
- Ensure queries from data subjects are addressed appropriately and timely
- Liaise with other organizations that process data on our behalf
- Perform routine data protection audits
- Act as internal point of contact regarding potential data breaches, working closely with our product managers and Trust team
- Provide training on GDPR compliance for employees
- Maintain compliance as laws and regulations change
- Bachelor’s degree
- Minimum 3 years in relevant work experience in data protection, regulatory compliance, information systems and technology, internal audit, risk & control, fraud, information security, business contingency, and data protection
- Passion for compliance and data protection
- Solid knowledge of GDPR and national data protection laws
- Knowledge of data processing operations
- Trustworthiness in handling confidential information
- Ethical, with the ability to remain impartial and report every instance of noncompliance
- Organizational skills with attention to detail
- Strong analytical and problem solving skills
- Ability to work effectively with others
Backed by Sequoia Capital, Madrone Partners and Sigma Partners, Strava is expanding in order to exceed the needs of our growing community of global athletes. By joining our team, you will help push Strava forward in fresh, innovative ways. You will engage in interesting and challenging work that will improve the lives of our athletes every day. And in the same way that Strava is deeply committed to unlocking the potential of our athletes, we are dedicated to providing a world-class workplace where our employees can grow and thrive. Join us!
Strava is an equal opportunity employer. In keeping with the values of Strava, we make all employment decisions including hiring, evaluation, termination, promotional and training opportunities, without regard to race, religion, color, sex, age, national origin, ancestry, sexual orientation, physical handicap, mental disability, medical condition, disability, gender or identity or expression, pregnancy or pregnancy-related condition, marital status, height and/or weight.