Digital Affairs & DPO Senior Specialist

About Us

Nu is one of the largest digital financial platforms in the world, with more than 127 million customers across Brazil, Mexico, and Colombia. Guided by our mission to fight complexity and empower people, we are redefining financial services in Latin America and this is still just the beginning of the purple future we're building.

Listed on the New York Stock Exchange (NYSE: NU), we combine proprietary technology, data intelligence, and an efficient operating model to deliver financial products that are simple, accessible, and human.

Our impact has been recognized by global rankings such as Time 100 Companies, Fast Company’s Most Innovative Companies, and Forbes World’s Best Bank. Visit our institutional page https://international.nubank.com.br/careers/  

 

About the role

• As a Digital Affairs & DPO Senior Specialist  based in the United States, you will play a senior role in Nubank’s global privacy function, acting as a key point of contact for complex privacy, data protection and AI topics in the US while supporting our global privacy governance program.
• You will bridge high‑level legal strategy and day‑to‑day program execution, combining hands‑on product counseling with ownership of core privacy governance workflows (RoPA, DPIAs/PIAs, DSRs, incident response, third‑party risk, metrics) across multiple jurisdictions.
• Protecting personal data is fundamental to maintaining the fanatical trust our customers place in us. This role ensures that as Nubank expands its footprint and launches data‑intensive products (including in the US), our privacy and AI governance remain compliant, scalable, business‑enabling and deeply embedded into our technology and product lifecycle.
• You will respond to the Global DPO and work closely with Legal, Compliance, IT Security, Data, Risk, and Products teams to identify and close privacy and AI‑related gaps, design pragmatic controls, and translate complex regulatory expectations (e.g., US federal and state privacy laws, LGPD, GDPR) into simple, repeatable mechanisms that enable innovation.

You'll be responsible for:

 Product Legal Counseling (Privacy, Data Protection & AI)

• Provide clear, fast and actionable legal guidance to product, engineering, data and business teams on US and global privacy, data protection, AI and cybersecurity questions, with focus on data‑intensive products and internal tools.
• Conduct legal risk assessments for new and existing products, features and AI/ML use cases (including automated decision‑making, profiling, biometrics, fraud/credit models), aligning recommendations with Nubank’s risk appetite and product strategy.
• Draft, review and negotiate privacy‑relevant documentation (e.g., DPAs, data sharing agreements, vendor addenda, privacy and AI notices, in‑product disclosures, terms of service and consent flows), including cross‑border data transfer mechanisms.
• Translate complex and evolving US and international privacy/AI requirements into simple, operational guidance and design patterns for squads, avoiding “legal black boxes” and enabling self‑service where possible.

Privacy Governance & Program Management 

• Work closely with the Global DPO to co‑lead the execution of the global privacy governance roadmap, ensuring clear ownership, milestones, and visibility to leadership.
• Own or co‑own key pillars of the Privacy Governance Program as they relate to the US and global scope, including:
• Record of Processing Activities (RoPA) and personal data mapping;
• Privacy and data protection risk management and controls;
• DPIAs/PIAs and other privacy risk assessments at scale;
• Global data subject rights (DSR) strategy and processes;
• Training, awareness and privacy metrics.
• Design and implement projects to simplify and automate privacy governance wherever possible (e.g., templates, workflows, playbooks, self‑service tools), balancing regulatory expectations with business velocity.

Data Subject Rights, Transparency & US‑Focused Governance

• Maintain and enhance how Nubank handles data subject rights requests across geographies, with particular focus on US privacy rights (e.g., access, deletion, correction, portability, opt‑out mechanisms, sensitive data rules under state laws).
• Partner with CS/Ops and engineering teams to scale DSR handling, ensuring consistent identity verification, response quality and SLA adherence without increasing operational headcount.
• Support the design and continuous improvement of privacy notices, in‑product privacy UX and choice mechanisms for US users, ensuring alignment with global standards and local requirements.

Third‑Party & Data Sharing Governance

• Assess third parties and new data‑sharing arrangements (including US vendors and cross‑border engagements) from a privacy and AI‑governance perspective, recommending proportionate controls and contractual protections.
• Enhance end‑to‑end third‑party due diligence and oversight flows together with Procurement, Security, Risk and Data, ensuring that privacy controls are embedded in onboarding, monitoring and off‑boarding.

Privacy Incident Response & Regulatory Readiness

• Coordinate and continuously improve the global privacy incident response process, focusing on impact assessments, escalation, remediation and documentation that stand up to regulatory scrutiny in the US and abroad.
• Lead or co‑lead privacy/legal workstreams in complex incidents (including those involving US data subjects or US regulators), advising on notification strategy to individuals, DPAs and other authorities.
• Contribute to regulatory‑readiness initiatives (audits, supervisory processes, evidence frameworks) that demonstrate maturity of Nubank’s privacy and AI governance program.

Digital Public Policy & Institutional Positioning (Privacy, Data & AI)

• Support Digital Affairs and Public Policy teams in monitoring, interpreting and prioritizing US and international privacy, data and AI regulatory developments, connecting them with concrete risks and opportunities for Nubank’s products.
• Help craft clear, well‑reasoned positions for Nubank in consultations, hearings, industry forums and regulatory dialogues, ensuring consistency between our public narrative and our internal governance.
• Identify where product, governance and advocacy work should reinforce each other (e.g., aligning DPIA/AI risk frameworks with emerging US and EU AI rules).

Cross‑Functional Leadership & Ways of Working

• Act as a senior, trusted counterpart for leaders in Product, Tech, Data, Security, Risk, Compliance and Operations on privacy and digital governance topics.
• Mentor and upskill peers and more junior team members (in Digital Legal and DPO) on US privacy/AI topics, complex governance problems and stakeholder management, while operating as an individual contributor (IC).
• Use Nubank’s hybrid work model to collaborate effectively across time zones and locations, making extensive use of asynchronous tools (Docs, Slides, Slack, Jira, Confluence, AI tools).

We are looking for a person who has:

Skills and Knowledge (What)

• Outstanding organizational, communication and relationship‑building skills, with the ability to explain complex legal and governance concepts to non‑lawyers in a clear, actionable way.
• Deep, hands‑on knowledge of US privacy and data protection laws (e.g., CCPA/CPRA, sectoral and state privacy laws), and practical familiarity with international data protection regulation, particularly GDPR.
• Strong understanding of AI, data and cyber topics, including automated decision‑making, profiling, model governance and AI‑driven products, and how they intersect with privacy and consumer protection.
• Proven ability to act as an enabler, not a blocker, designing solutions and trade‑offs that let privacy, AI governance and innovation coexist in practice.
• Solid experience with privacy governance frameworks (e.g., privacy management frameworks, DPIAs/PIAs, RoPA, controls and metrics) and corporate risk management methodologies.
• Comfort operating in a lean, global environment, navigating ambiguity and balancing short‑term risk decisions with long‑term governance maturity.
• Strong experience with productivity and collaboration tools (e.g., Jira, Confluence, Slack, Google Workspace) and openness to using AI tools to enhance efficiency (drafting, analysis, documentation).
• Excellent written and verbal communication skills in English; Portuguese or Spanish is a plus.

 

Achievements and Experience (What, How, Where)

• 8+ years of post‑qualification experience in privacy, data protection and/or technology law, with a significant portion dedicated to digital products and/or fintech/financial services, or equivalent experience in house or in top law firms / consultancies.
• Demonstrated track record of leading complex privacy and/or AI matters end‑to‑end, such as:
• Launching or significantly redesigning data‑intensive products under US and international privacy rules;
• Implementing or maturing a privacy governance or AI governance framework;
• Leading or advising on complex data or AI incidents and regulatory interactions.
• Experience working closely with engineering and data teams, ideally in a product‑counsel or privacy‑by‑design capacity.
• Experience interfacing with or supporting interactions with regulators, DPAs or supervisory authorities (US or international) is strongly preferred.
• Law degree (JD or equivalent) and active license in at least one US jurisdiction, or equivalent senior in‑house/regulatory experience; relevant privacy certifications (e.g., CIPP/US, CIPP/E, CIPM, EXIN DPO) are a plus

 

Our Benefits

• Opportunity of earning equity at Nu
• Medical Insurance
• Dental and Vision Insurance
• Life Insurance and AD&D
• Extended maternity and paternity leaves 
• Nucleo - Our learning platform of courses
• NuLanguage - Our language learning program
• NuCare - Our mental health and wellness assistance program
• 401K
• Saving Plans - Health Saving Account and Flexible Spending Account
• Work-from-home Allowance
• Relocation Assistance Package, if applicable.

Work Model for this Role

• Option 1: Hybrid 2-3 times/week: Our hybrid work model brings us to the office at least twice a week, on strategic days designed to maximize team connection and collaboration. For more details, visit https://building.nubank.com/nu-hybrid-work-model/