Privacy Analyst
Entry
$60K to $85K
Triage incoming privacy requests (DSARs, deletion, opt-out), maintain the
record of processing activities (ROPA), and support privacy impact assessments.
The execution layer underneath the privacy program.
Key Certifications
IAPP CIPP/US
IAPP CIPP/E
CompTIA Security+
Core Skills
GDPR Article 15-22
CCPA/CPRA
ROPA maintenance
Vendor questionnaires
Plain-language writing
A Day in the Life
Triage 8 new DSARs from the request queue, follow up with engineering
on a delayed deletion, draft the privacy notice update for a new product
feature, sit in on the weekly product privacy review.
Trust & Safety Engineer
Entry
$85K to $130K
Build the tooling that detects, mitigates, and reviews harm on a platform:
abuse classifiers, content moderation pipelines, account integrity systems.
The engineering arm of policy enforcement at internet scale.
Key Certifications
IAPP CIPT
CompTIA Security+
TSPA Foundations (Trust & Safety Pro Assoc.)
Core Skills
Python or Go
ML classifier ops
Policy-to-code translation
Adversarial thinking
Incident handling
A Day in the Life
Tune a CSAM hash-match service, review a false-positive batch from the
spam classifier with the policy team, on-call rotation for a coordinated
inauthentic behavior incident, code review on the appeals pipeline.
Compliance Officer
Mid
$90K to $130K
Own the day-to-day evidence collection, control testing, and audit response
for one or more frameworks (SOC 2, ISO 27001, HIPAA, PCI DSS, FedRAMP).
The person who makes sure the company can prove what it says it does.
Key Certifications
ISACA CISA
CRCM
ISO 27001 Lead Auditor
CCEP (SCCE)
Core Skills
Control mapping
Evidence collection
Audit coordination
Third-party risk
GRC platforms (Vanta, Drata)
A Day in the Life
Walk through SOC 2 evidence with the external auditor, chase down 3
overdue access reviews, update the controls matrix for a new HIPAA
BAA, review a vendor's penetration test report.
Information Governance Manager
Mid
$110K to $150K
Own enterprise records retention, data classification, and litigation hold
processes. The role that decides what the company keeps, for how long, and
how it gets handed over when regulators or courts ask.
Key Certifications
IGP (ARMA)
CIP (AIIM)
CRM (ICRM)
IAPP CIPM
Core Skills
Records retention schedules
Data classification
eDiscovery (EDRM)
Litigation hold
Cross-functional negotiation
A Day in the Life
Run a retention schedule workshop with HR and Finance, scope a litigation
hold for a new lawsuit, approve a data classification tooling rollout,
meet with the cloud team on archival storage tiering.
AI Ethics Officer (Responsible AI Lead)
Senior
$150K to $220K
Build and enforce the responsible-AI program: bias and fairness testing,
model evaluations, red-team protocols, model cards, and the review gate
before high-risk systems ship. Owns the answer to "should we build this?"
Key Certifications
IAPP AIGP (AI Governance Professional)
IAPP CIPP/US
NIST AI RMF familiarity (no exam)
ISO/IEC 42001 Lead Implementer
Core Skills
NIST AI RMF
EU AI Act
Model evaluation design
Bias auditing
Cross-team governance
Public communication
A Day in the Life
Chair the AI risk review board for a new recommender model, brief
legal on EU AI Act high-risk classification, sign off on a model card,
push back on a launch timeline that skipped fairness testing.
Data Protection Officer (GDPR / CCPA)
Senior
$140K to $200K
Statutory role under GDPR Article 37 for organizations doing large-scale
processing. Reports independently to the highest level of management,
advises on DPIAs, and is the single point of contact for supervisory
authorities (CNIL, ICO, etc.) and data subjects.
Key Certifications
IAPP CIPP/E
IAPP CIPM
IAPP CIPT
ISO 27701 Lead Implementer
Core Skills
GDPR (esp. Articles 35, 37-39)
DPIA leadership
Regulator engagement
Cross-border transfer mechanisms (SCCs, BCRs)
Independence under pressure
A Day in the Life
Sign off on a DPIA for a new biometric onboarding flow, draft a response
to a supervisory authority inquiry, brief the CEO on a personal data
breach 72-hour clock, review SCCs for a new US sub-processor.
Privacy Engineer
Mid
$130K to $190K
Engineer privacy into the product: differential privacy budgets, on-device
inference where possible, anonymization pipelines, consent SDKs, deletion
propagation across microservices. Where privacy stops being a policy doc
and becomes code.
Key Certifications
IAPP CIPT
CompTIA Security+
(opt.) AWS / Azure security spec.
Core Skills
Differential privacy
Cryptography fundamentals
Data flow mapping
PETs (Privacy-Enhancing Techs)
Distributed systems
A Day in the Life
Review a differential privacy epsilon budget for analytics, design the
deletion propagation contract across 4 services, pair with infra on
log-redaction defaults, present a PETs roadmap to the CPO.
Ethics & Compliance Officer
Senior
$160K to $230K
Run the enterprise ethics program: code of conduct, anti-corruption (FCPA,
UK Bribery Act), conflicts of interest, whistleblower intake, investigations.
Sits adjacent to legal but with an independent mandate.
Key Certifications
CCEP / CCEP-I (SCCE)
CFE (Certified Fraud Examiner)
ISACA CISA
Core Skills
Investigations management
FCPA / UK Bribery Act
Whistleblower intake
Training program design
Board reporting
A Day in the Life
Review an internal investigation file with outside counsel, approve the
annual code-of-conduct attestation rollout, brief the audit committee on
hotline volume trends, meet with HR on a conflicts-of-interest case.
Chief Privacy Officer (CPO)
Executive
$220K to $400K+
Executive owner of the privacy program. Sets the privacy strategy, owns the
relationship with regulators, and is the public face of the company's data
posture in earnings calls, congressional hearings, and major incidents.
Key Certifications
IAPP CIPP/US
IAPP CIPP/E
IAPP CIPM
JD often preferred (not required)
Core Skills
Executive communication
Regulator and AG engagement
Crisis response
Board governance
Multi-jurisdictional strategy
A Day in the Life
Brief the board on a multi-state AG inquiry, sign off on the next
privacy-engineering investment, prep CEO talking points for a Senate
Commerce hearing, weekly 1:1 with general counsel.
Corporate Counsel (Privacy / Cyber)
Senior
Legal track
$180K to $300K+
In-house attorney specializing in privacy, cybersecurity, and data law.
Advises product on contracts (DPAs, BAAs, SCCs), drafts privacy notices
that hold up in court, and quarterbacks incident response with outside
counsel.
Different path. The credential here is a JD from an
ABA-accredited law school plus bar admission in at least one state.
Practitioners often add a CIPP/US as the practical industry cert, but the
JD and bar are the gating requirement, not the cert. An LL.M. in
privacy / tech law (e.g., Maurer, Fordham CLIP, Berkeley) signals depth
for senior in-house roles.
Path Credentials
JD (ABA-accredited)
State bar admission
IAPP CIPP/US (practical)
LL.M. in tech / privacy law (optional)
Core Skills
Contract drafting (DPA, BAA, SCC)
State and federal privacy law
Breach notification analysis
Regulator response strategy
Negotiation
A Day in the Life
Negotiate a vendor DPA with a Series B startup, advise product on the
legal exposure of a new ad-targeting feature, draft talking points for
outside counsel on a state AG inquiry, review a forensic IR report
before it goes to insurance.
Public Policy Analyst (Cyber / Tech)
Mid
Policy track
$75K to $140K
Translate technology into legislative and regulatory language for Congress,
federal agencies, think tanks (CSIS, Brookings, ITIF, EFF), or industry
associations. Drafts comments to NIST, NTIA, FTC; briefs staffers; testifies
in committee hearings.
Different path. Bachelor's in public policy, political
science, or a technical field, usually paired with a Master's (MPP, MPA,
or technical-policy hybrid like CMU's MSITM, Georgetown's Tech & Policy,
or Harvard Kennedy School). Hill experience as a Congressional staffer or
agency fellowship is the most reliable on-ramp. Certifications are not the
currency in this field; publications, comments filed, and committee
testimony are.
Path Credentials
MPP / MPA / equivalent
Hill or agency fellowship
Published policy writing
Security clearance (often)
Core Skills
Legislative drafting
Regulatory comment writing
NIST / NTIA / FTC processes
Translating tech for non-tech audiences
Coalition building
A Day in the Life
Draft a comment on a proposed FTC rulemaking, brief a House E&C
staffer on encryption policy, attend a CSIS panel, file a coalition
letter on a state privacy bill, prep testimony for a state legislature
hearing.
Technology Ethicist (Academic / Think Tank)
Senior
Academic track
$95K to $200K
Faculty appointment or fellowship at a research center (Berkman Klein, Data
& Society, Stanford HAI, AI Now, Oxford Internet Institute, Markkula).
Publishes peer-reviewed work, teaches the next generation, and shapes the
long-horizon ethical frameworks the rest of the field cites.
Different path. The credential is a PhD (philosophy, STS,
information science, law, computer science with an ethics focus), typically
followed by a postdoc and tenure-track appointment, or a senior fellowship
at a research institute. Industry certifications are not relevant; what
matters is peer-reviewed publication record, citations, and reputational
standing in the field.
Path Credentials
PhD (Philosophy, STS, Info Sci, CS, or Law)
Postdoctoral fellowship (common)
Peer-reviewed publication record
Conference presence (FAccT, AIES, CHI)
Core Skills
Ethical theory (deontology, consequentialism, virtue)
Empirical research methods
Grant writing
Teaching
Public-facing communication
A Day in the Life
Office hours with PhD students, revise a paper for FAccT, advise a
federal agency working group, write an op-ed on a generative-AI
copyright case, review a grant proposal.