Reflection

Legal

DataGovernanceLead

New York, New York, United States FULL TIME

Market Sentiment

HIGH DEMAND

Neural analysis suggests this role is
optimal for Senior candidates.

The Brief

“Data Governance Lead at Reflection. Skills: Data governance, Data privacy, DPIAs, GDPR. Produce audit-ready data provenance records. Produce training-data summaries”

What You'll Achieve.

Satisfy auditors; Satisfy enterprise customers; Satisfy regulators; Meet EU AI Act expectations; Meet GDPR expectations; Enable timely responses to data subject requests; Enable accurate responses to data subject requests; Make audits straightforward; Make customer security reviews straightforward; Make audits fast; Make customer security reviews fast; Report residual risk on regular cadence; Help teams make confident decisions; Help teams make compliant decisions

Industry & Context.

Legal

What They're Looking For.

Must Have

5+ years in data governance, 5+ years in data privacy, Meaningful experience at a technology company, Experience handling large-scale datasets, Experience handling sensitive datasets, Hands-on experience conducting DPIAs, Hands-on experience owning DPIAs, Hands-on experience conducting privacy assessments, Hands-on experience owning privacy assessments, Hands-on experience conducting data protection documentation, Hands-on experience owning data protection documentation, Deep working knowledge of GDPR, Deep working knowledge of CCPA/CPRA, Deep working knowledge of EU AI Act, Experience with training data provenance, Experience with dataset licensing, Experience with consent management in ML/AI context, Experience building risk registers, Experience maintaining risk registers, Experience building evidence stores, Experience maintaining evidence stores, Experience building audit documentation, Experience maintaining audit documentation, Demonstrated ability to drive cross-functional alignment, Builder's mindset

Nice to Have

Experience with DPIAs reviewed by external auditors, Experience with DPIAs reviewed by regulators, Experience translating regulatory requirements into policies, Experience translating regulatory requirements into controls, Familiarity with compliance-as-code approaches, Experience with automated data validation gates, Experience with policy-enforcement pipelines, Experience with pre-deployment checks tied to data quality, Experience with pre-deployment checks tied to compliance metadata, Technical fluency with cloud data infrastructure, Technical fluency with data warehouses, Technical fluency with data cataloging tools, Technical fluency with lineage tools, Experience influencing without formal authority, Relevant certifications (CDMP), Relevant certifications (CIPP/E)

What You'll Do.

Produce audit-ready data provenance records

Produce training-data summaries

Document data quality

Own Data Protection Impact Assessments (DPIAs) end-to-end

Drive DPIAs to completion with Legal

Enforce prohibited-source controls

Enforce license controls at data intake

Maintain verified provenance log

Maintain approval log for vendor datasets

Produce lineage reports

Map model outputs to source data

Map model outputs to subject controls

Assemble evidence bundles

Maintain evidence bundles

Log data findings in risk register

Drive remediation with owners

Report residual risk to governance forums

Report residual risk to senior leadership

Partner to establish data ownership structures

Partner to establish access controls

Partner to establish stewardship practices

Champion data literacy culture

Champion responsible data use culture

Build intake checklists

How You'll Work.

Team & Collaboration

Partner with Research; Partner with Engineering; Partner with Legal; Partner with Security; Drive cross-functional alignment

Full Job Description

OUR MISSION Reflection’s mission is to build open superintelligence and make it accessible to all. We’re developing open weight models for individuals, agents, enterprises, and even nation states. Our team of AI researchers and company builders come from DeepMind, OpenAI, Google Brain, Meta, Character.AI, Anthropic and beyond. About this role - Own dataset provenance, training-data summaries, DPIAs, and the privacy and compliance posture of Reflection AI's training and evaluation data — so that every model we ship has auditable, regulator-grade evidence of its data lineage, licensing, privacy posture, and risk mitigations. What You’ll Do - Produce audit-ready data provenance records and training-data summaries for every production model — documenting origin, transformations, labeler provenance, and data quality so we can satisfy auditors, enterprise customers, and regulators on demand. - Own Data Protection Impact Assessments (DPIAs) end-to-end: drive them to completion with Legal, and publish DPIA outputs alongside model documentation to meet EU AI Act and GDPR expectations. - Enforce prohibited-source and license controls at data intake — preventing risky or non-compliant data from ever reaching a training run — and maintain a verified provenance and approval log for all vendor datasets. - Keep the company DSAR-ready by producing lineage reports that map model outputs back to source data and subject controls, enabling timely and accurate responses to data subject requests. - Assemble and maintain defensible evidence bundles — data manifests, DPIAs, consent and license records — into the enterprise evidence store so that audits and customer security reviews are straightforward and fast. - Log data findings in the risk register, drive remediation with the relevant owners, and report residual risk to governance forums and senior leadership on a regular cadence. - Partner with Research, Engineering, Legal, and Security to establish data ownership structures, access co

Free ATS check

Applying for this Data Governance Lead role?

Most applicants get filtered before a human reads their resume. See if yours makes the cut.

Should you apply? AI reads your resume vs this job — match score, gaps to address, ATS keywords.

SKILL SIGNAL 57 detected · ranked by frequency

DPIAs ×6

Privacy posture ×6

GDPR ×5

Data lineage ×4

Data quality ×4

Compliance metadata ×4

Data ownership structures ×4

Access controls ×4

Stewardship practices ×4

Data literacy ×4

Responsible data use ×4

Data governance ×3

Data privacy ×3

Data provenance ×3

Training-data summaries ×3

Licensing ×3

Risk mitigations ×3

Transformations ×3

Labeler provenance ×3

CCPA/CPRA ×3

EU AI Act ×3

Regulatory requirements ×3

Operationalizable policies ×3

Operationalizable controls ×3

ML context ×3

AI context ×3

Model accountability ×3

Compliance ×3

Automated data validation ×3

Policy enforcement ×3

Pre-deployment checks ×3

Data quality metadata ×3

BEHAVIOURAL

Cross-functional alignmentInfluencing without formal authorityBuilder's mindsetPragmatic

Role Details

Experience 5–10 yrs

Level Senior

Type FULL TIME

Category legal

AI-Extracted Insights

Domain Areas

eu-ai-actgdprccpa-cpraml-contextai-context

Certifications

CDMPCIPP/E

How to Apply on Ashby

Ashby is a fast modern ATS — most applications take under 3 minutes.
The resume parser is strong; verify parsed experience dates and job titles.
Custom screening questions are often scored algorithmically — answer completely.
Location field affects geo-based screening; use your actual metro area.

ANONYMOUS · UNFILTERED

What do employees actually say about Reflection?

Real rants from real employees. Read before you apply.

Read Company Rants →