About this role- Own dataset provenance, training-data summaries, DPIAs, and the privacy and compliance posture of Reflection AI's training and evaluation data - so that every model we ship has auditable, regulator-grade evidence of its data lineage, licensing, privacy posture, and risk mitigations.
What You'll Do- Produce audit-ready data provenance records and training-data summaries for every production model - documenting origin, transformations, labeler provenance, and data quality so we can satisfy auditors, enterprise customers, and regulators on demand.
- Own Data Protection Impact Assessments (DPIAs) end-to-end: drive them to completion with Legal, and publish DPIA outputs alongside model documentation to meet EU AI Act and GDPR expectations.
- Enforce prohibited-source and license controls at data intake - preventing risky or non-compliant data from ever reaching a training run - and maintain a verified provenance and approval log for all vendor datasets.
- Keep the company DSAR-ready by producing lineage reports that map model outputs back to source data and subject controls, enabling timely and accurate responses to data subject requests.
- Assemble and maintain defensible evidence bundles - data manifests, DPIAs, consent and license records - into the enterprise evidence store so that audits and customer security reviews are straightforward and fast.
- Log data findings in the risk register, drive remediation with the relevant owners, and report residual risk to governance forums and senior leadership on a regular cadence.
- Partner with Research, Engineering, Legal, and Security to establish data ownership structures, access controls, and stewardship practices across all training, evaluation, and internal data assets.
- Champion a culture of data literacy and responsible data use - building runbooks, intake checklists, and guidelines that help teams make confident, compliant decisions without bottlenecking on you
What We're Looking For:- 5+ years in data governance, data privacy, or a closely related discipline - with meaningful experience at a technology company handling large-scale or sensitive datasets.
- Hands-on experience conducting and owning DPIAs, privacy assessments, and data protection documentation - ideally in a context where these were reviewed by external auditors or regulators.
- Deep working knowledge of GDPR, CCPA/CPRA, and the EU AI Act - and the ability to translate regulatory requirements into concrete, operationalizable policies and controls.
- Experience with training data provenance, dataset licensing, and consent management in an ML or AI context - you understand why labeler provenance and data lineage matter for model accountability, not just compliance.
- Familiarity with compliance-as-code approaches: you've worked with or built automated data validation gates, policy-enforcement pipelines, or pre-deployment checks tied to data quality and compliance metadata.
- Technical fluency with cloud data infrastructure (AWS, GCP, or Azure), data warehouses (BigQuery, Snowflake), and data cataloging or lineage tools - enough to design controls and engage credibly with engineering teams.
- Experience building and maintaining risk registers, evidence stores, and audit documentation - you know what "regulator-grade" evidence looks like in practice.
- Demonstrated ability to drive cross-functional alignment across Legal, Security, Research, and Engineering, including influencing without formal authority in a fast-moving environment.
- A builder's mindset: you're energized by 01 work, comfortable creating structure where little exists, and pragmatic enough to ship imperfect-but-useful processes on the way to ideal ones.
- Relevant certifications (CDMP, CIPP/E, or similar) are a plus - but track record and demonstrated impact matter more than credentials.
What We Offer:We believe that to build superintelligence that is truly open, you need to start at the foundation. Joining Reflection means building from the ground up as part of a small talent-dense team. You will help define our future as a company, and help define the frontier of open foundational models.
We want you to do the most impactful work of your career with the confidence that you and the people you care about most are supported.
- Top-tier compensation: Salary and equity structured to recognize and retain the best talent globally.
- Health & wellness: Comprehensive medical, dental, vision, life, and disability insurance.
- Life & family: Fully paid parental leave for all new parents, including adoptive and surrogate journeys. Financial support for family planning.
- Benefits & balance: paid time off when you need it, relocation support, and more perks that optimize your time.
- Opportunities to connect with teammates: lunch and dinner are provided daily. We have regular off-sites and team celebrations.
