Coursera was launched in 2012 by Andrew Ng and Daphne Koller with a mission to provide universal access to world-class learning. It is now one of the largest online learning platforms in the world, with 183 million registered learners as of June 30, 2025. Coursera partners with over 350 leading university and industry partners to offer a broad catalog of content and credentials, including courses, Specializations, Professional Certificates, and degrees. Coursera’s platform innovations enable instructors to deliver scalable, personalized, and verified learning experiences to their learners. Institutions worldwide rely on Coursera to upskill and reskill their employees, citizens, and students in high-demand fields such as GenAI, data science, technology, and business. Coursera is a Delaware public benefit corporation and a B Corp.
Join us in our mission to create a world where anyone, anywhere can transform their life through access to education. We’re seeking talented individuals who share our passion and drive to revolutionize the way the world learns.

BASIC QUALIFICATIONS:

• 10+ years’ of working experience in an Information Security, Privacy and Compliance role and a strong understanding of privacy laws and regulations (e.g., GDPR, CCPA).
• Experience with incident response planning and execution. Industry standard security certification(s) a Plus: CISSP, CISA, CISM, etc.
• Knowledge of data breach notification procedures and knowledge of relevant industry standards and best practices.Experience with data classification frameworks and governance programs and experience with data mapping methodologies and data discovery tools and exposure to configuring and managing DLP solutions and familiarity with workflow automation tools and ticketing systems (e.g., Jira, ServiceNow).

PREFERRED QUALIFICATIONS:

• Ability to analyze and interpret data and identify potential vulnerabilities.
• Excellent communication and interpersonal skills.
• Strong analytical and problem-solving skills.Experience with privacy risk assessments and data protection impact assessments (DPIAs)

Responsibilities:

• Develop and Implement Privacy Programs: This includes creating and maintaining policies, procedures, and protocols related to data security and privacy.
• Data Classification and Handling: Develop and implement data classification policies, procedures, and guidelines for proper handling, storage, and disposal of different information categories.
• Data Identification and Mapping: Create and maintain comprehensive data inventories identifying where sensitive information resides throughout the organization, ensuring appropriate controls and protections are applied.
• Conduct Risk Assessments: Identify, evaluate, and mitigate data security and privacy risks, including potential vulnerabilities and threats.
• Incident Response: Lead and coordinate incident response efforts related to data breaches or security incidents, including reporting, communication, and investigation. Ensure Compliance: Stay informed about and ensure compliance with relevant data protection laws and regulations (e.g., GDPR, CCPA, etc.).
• Privacy Training: Develop and deliver training programs to educate employees on data security and privacy best practices and responsibilities.
• Collaboration and Communication: Work with various departments, including Legal/Privacy, Engineering, IT, and Sales/Marketing, to integrate privacy into organizational processes. Vendor Management: Oversee and manage vendor data security and privacy practices to ensure they align with organizational policies and legal requirements.
• Contractual Reviews: Review contracts with Enterprise Customers and Partners to assure compliance with data security and privacy requirements.
• Privacy Process Automation: Consult with relevant stakeholders to design and implement automated workflows for privacy and data security operations (e.g., data subject access requests, right to be forgotten requests) to ensure timely and consistent processing.
• Data Loss Prevention: Implement and manage DLP controls across various endpoints and systems to prevent unauthorized disclosure of sensitive information.
• Auditing and Monitoring: Conduct regular audits and monitoring to assess compliance and identify areas for improvement.
• Advise and Consult: Provide guidance and advice to management and other stakeholders on data security and privacy matters.
• Data Protection Impact Assessments (DPIAs): Review and advise on DPIAs to assess the potential impact of data processing activities on privacy right