Data Privacy

Role description

We are seeking a self-motivated compliance and data privacy analyst to support National Pen's compliance and data privacy program. We are looking for an individual familiar with SOX ITGC compliance and with major data privacy laws to include GDPR and CCPA/CPRA, possessing good experience in these areas.

About Cimpress:

Led by founder and CEO Robert Keane, Cimpress invests in and helps build customer-focused, entrepreneurial mass customization businesses. Through the personalized physical (and digital) products these companies create,we empower over 17 million global customers to make an impression. Last year, Cimpress generated $3.5B in revenue through customized print products, signage, apparel, packaging and more. The Cimpress family includes a dynamic, international group of businesses and central teams, all working to solve problems, build businesses, innovate and improve.

Business Unit: National Pen

As a National Pen brand, provides custom marketing solutions to 22 countries worldwide, fostering global connections between businesses and their customers. We specialize in personalized promotional products, including writing instruments, stationery, drinkware, bags, gifts, and trade show accessories. Our operations are supported by a network of 9 facilities across North America, Europe, Africa, and India. This global presence underscores our commitment to the timely delivery of our products and services to customers across the markets we serve.

About the Role:

Primary Responsibilities:

• Supporting the Data Privacy and Compliance lead and Manager with compliance and privacy initiatives aligned to SOX-ITGC, GDPR, and CCPA/CPRA.

• Reviewing quarterly SOX user testing / access review submissions to ensure accuracy and completeness of data, as well as appropriate formatting per known SOPs and guidelines.

• Helping in vendor & 3rd party risk assessment.

• Reviewing vendor contracts, MSA, SOC2 type 2 report and ISO certification validation etc.

• ROPA: Record or processing activities assessment

• Supporting technical implementation of data privacy initiatives to include website cookie preference banners, Global Privacy Control (GPC) sensing and data tagging, and customer opt-out from 3rd party data sales and sharing. This involves close coordination with Nationa Pen's technical product teams.

Preferred Experience and Skills:

• 2+ years of experience in a compliance and/or data privacy analyst role, focusing on SOX – ITGC and/or GDPR/CCPA/CPRA.
• Data protection impact assessment
• ROPA: Record or processing activities assessment
• Vendor and third-party risk assessment
• Information Technology background, with an understanding of common networking, encryption, computing, and communication technologies at a technical level.

Preferred Attributes and Qualifications:

• Ability to excel in a dynamic environment with rapidly changing priorities.

• Discretion with respect to best practices in information security.

• Discretion in communication with respect to audience and nature of information communicated.

• CIPT, CIPP (US/E) or (EU), ISO/IEC 27001 Lead Auditor (LA) , PCI-DSS v4.0 Compliance any of these certifications are preferred

• NIST Cybersecurity Framework (CSF) Familiarity

What You'll Gain – Privacy & Compliance Analyst

• Hands-on experience with enterprise-grade privacy frameworks, compliance tools, and regulatory workflows.
• Mentorship from privacy and compliance leads.
• Exposure to real-world scenarios involving GDPR, CCPA/CPRA, and data protection impact assessments SOX-ITGC controls.
• A clear growth path toward roles such as Privacy & Compliance Lead.

Remote First-Culture:

In 2020, Cimpress adopted a Remote-First operating model and culture. We heard from our team members that having the freedom, autonomy and trust in each other to work from home and, the ability to operate when they are most productive, empowers everyone to be their best and most brilliant self. Cimpress also provides collaboration spaces for team members to work physically together when it's safe to do so or believe in office working will deliver the best results. Currently we are enabled to hire remote team members in over 20 US States as well as several countries in Europe: Spain, Germany, UK, Czech Republic, the Netherlands and Switzerland.

Skills

• Supporting the Data Privacy and Compliance lead and Manager with compliance and privacy initiatives aligned to SOX-ITGC, GDPR, and CCPA/CPRA.
• SOX user testing
• Helping in vendor & 3rd party risk assessment.
• Reviewing vendor contracts, MSA, SOC2 type 2 report and ISO certification validation etc.
• Data protection impact assessment
• NIST Cybersecurity Framework (CSF) Familiarity

About Cimpress

Founded in 1994, Cimpress (Computer Integrated Manufacturing Press) empowers individuals and businesses worldwide to make their mark through customized, high-quality products. With a $5 billion market cap and a presence in 24 countries, Cimpress is a market leader in mass customization—offering a wide range of personalized items, including print, signage, apparel, and packaging. Cimpress India (CI) supports Cimpress businesses by providing top-tier talent and operational solutions, advancing its mission to deliver value through personalization. Operating as a "talent container" model, CI simplifies hiring, payroll, HR, and logistics, allowing businesses to focus on their ambitious goals. Currently, Cimpress India hosts over 2,400 team members across 14 Cimpress brands, with key hubs in Ahmedabad, Bengaluru, and Mumbai. Our teams play a vital role in Cimpress's commitment to mass customization and innovation, making custom products accessible and impactful.