Join the Nova Group, a fast-growing, innovative logistics and services group expanding into North America! We are opening a new privacy and data protection function to support our business units in the USA and Canada.

We are looking for a Privacy / Data Protection Officer to play a key role in building and operationalizing our privacy programs. This is a full-time, remote position from Ukraine, reporting directly to the Head of Data Protection and collaborating closely with NOVA’s dynamic business teams.

Key Responsibilities

1. Privacy Compliance & Operational Support

• Develop, implement, and maintain privacy and data protection policies, procedures, and standards in line with GDPR, CCPA/CPRA, PIPEDA, and other local regulations.
• Provide day-to-day operational support to business units for compliant processing of personal data.

2. Assessment & Risk Management

• Conduct Data Protection / Privacy Impact Assessments (DPIA/PIA) for new services, products, and processes.
• Identify privacy risks in business processes and propose practical mitigation measures.

3. Incident & Data Subject Request Handling

• Coordinate response to data breaches and incidents in compliance with local laws.
• Manage data subject requests (access, deletion, correction, etc.).

4. Documentation & Communication

• Maintain RoPA, data retention/deletion schedules, DPAs, and internal documentation.
• Deliver clear, structured, and concise guidance to business teams without unnecessary “fluff.”

5. Marketing & Advertising Compliance

• Ensure compliance of marketing communications with US/Canada regulations:
• USA: CAN-SPAM, TCPA, CCPA, behavioral advertising frameworks
• Canada: CASL, PIPEDA, provincial privacy laws
• Control opt-in/opt-out mechanisms for email, SMS, and digital advertising campaigns.

6. Cross-Functional Collaboration

• Work closely with legal, IT, information security, and product teams to implement privacy-by-design in projects and services.
• Conduct internal workshops and training for business teams on privacy requirements.

Requirements

• Bachelor’s degree in Law, IT, Information Security, or related fields.
• 2+ years of experience in privacy / data protection, including US and Canadian local laws.
• Experience developing policies, procedures, and documentation, supporting RoPA and DPAs.
• Knowledge of GDPR, CCPA/CPRA, PIPEDA, CAN-SPAM, TCPA, GLBA, CASL, behavioral advertising frameworks.
• Experience conducting DPIAs, managing risks, and handling incidents and data subject requests.
• Strong communication skills: ability to express ideas clearly, concisely, and practically.
• Ability to work cross-functionally and provide operational guidance to business units.

Preferred

• IAPP certifications (CIPP/US, CIPP/C, CIPM, CIPT).
• Experience implementing ISO 27001 / ISO 27701 standards.
• Experience with international projects and transnational operations.

Languages

• English - professional working proficiency (spoken and written)
• Ukrainian - fluent