Upbound Group

ABOUT UPBOUND GROUP 

Upbound Group, Inc. (effective February 27, 2023: NASDAQ: UPBD) is an omni-channel platform company committed to elevating financial opportunity for all through innovative, inclusive, and technology-driven financial solutions that address the evolving needs and aspirations of consumers. The Company’s customer-facing operating units include industry-leading brands such as Rent-A-Center, Acima and Brigit that facilitate consumer transactions across a wide range of store-based and digital retail channels, including over 2,400 company branded retail units across the United States, Mexico and Puerto Rico. Upbound Group, Inc. is headquartered in Plano, Texas.  

JOB PURPOSE 

The Privacy Analyst and Technologist support enterprise data protection and compliance by combining regulatory knowledge, technical acumen, and strong analytic and writing skills. This role plays a critical part in translating complex privacy regulations and technical risks into clear, actionable guidance. The analyst researches evolving privacy and AI legislation, drafts internal summaries and reports for executives, and ensures the organization maintains a defensible privacy posture through effective processes, controls, and documentation. 

KEY RESPONSIBILITIES 

• Assist in implement, privacy processes and technology controls in accordance with frameworks such as CCPA/CPRA, CPA, and other applicable U.S. state privacy laws. 

• Conduct Privacy Impact Assessments (PIAs) and Data Protection Impact Assessments (DPIAs) for new systems, vendors, and applications. 

• Collaborate with engineers and system architects to integrate privacy-by-design principles, including data minimization, pseudonymization, and encryption. 

• Monitor data processing activities to ensure compliance with internal policies, data retention requirements, and consent management standards. 

• Manage and support privacy technology solutions, such as consent management, data discovery, and subject rights request platforms (e.g., OneTrust, Securiti.ai, MS Purview). 

• Assist with cybersecurity incident response efforts and breach notification analysis related to personal data. 

• Assist in reviewing, revising, and amending privacy, data protection, and security policies and procedures to reflect new regulations, audit findings, and incident lessons learned. 

• Assit with the deliver privacy training and guidance to cross-functional teams and contribute to security awareness programs. 

• Assit in tracking changes in privacy legislation, AI governance standards, and regulatory guidance to keep internal documentation and risk assessments current. 

• Coordinate with vendors and partners to assess their privacy and security frameworks during due diligence processes. 

• Foster relationships with Privacy stakeholders, Product Managers, and Subject Matter Experts—both business and technical—to define, analyze, prioritize, and refine business  

• Serve as a point of contact for teams when multiple units are assigned to the same project to ensure team actions remain in synergy requirements into an actionable backlog. Establish and manage product roadmaps aligned with the overall vision to guide product development. 

KEY SKILLS 

•  Some understanding of global data privacy laws (especially U.S. state laws, GDPR, and emerging AI/biometric regulations). 

• Technical familiarity with cloud systems (AWS, Azure, APIs, cookies/tracking technologies, and data classification tools. 

• Experience with privacy management solutions (e.g., OneTrust, TrustArc, Securiti, MSPurview) 

• Some knowledge of cybersecurity controls such as encryption, DLP, access management, and incident handling. 

• Strong analytical and investigative skills for breach analysis, data mapping, and risk assessment. 

• Excellent communication skills—able to translate legal and technical requirements for business and executive audiences. 

• Attention to detail with the ability to manage multiple assessments and priorities simultaneously 

• Create and maintain accurate and standardized reporting related to privacy matters. 
  Understand emerging technology trends in the industry and develop strategy based on market trends and customer sentiment. 

JOB REQUIREMENTS 

• Bachelor’s degree in Data Analytics, Business Analytics, Information Technology, Cybersecurity, Law, or a related field  

• Ability to read and comprehend legal materials such as laws, regulations, and regulatory guidance 

• 2+ years of experience in privacy, compliance, or security roles with technical exposure. 

• Self-Starter with ability to manage and prioritize incoming work assignments based on prioritization and potential risk 

• Excellent verbal and written communication skills, with ability to communicate technical concepts to both engineering and non-technical audiences 
  Effective working in a team environment 
  Able to speak up confidently and with authority 
  Able to take feedback and adapt in a fast-paced 

• Understanding of data discovery process, data structure, data governance, and cybersecurity  

Location: This position is an in-office role. It is required to be on-site 5x days per week at our corporate office- Plano.