Digital Affairs & DPO Senior Specialist
Job description
About Nu
Nu is the leading digital bank in Latin America, serving 135 million customers across Brazil, Mexico, and Colombia. The company has been leading an industry transformation by leveraging data and proprietary technology to develop innovative products and services.
Guided by its mission to fight complexity and empower people, Nu caters to customers’ complete financial journey, promoting financial access and advancement with responsible lending and transparency. The company is powered by an efficient and scalable business model that combines low cost to serve with growing returns.
Nu’s impact has been recognized in multiple awards, including Time 100 Most Influential Companies, Fast Company’s Most Innovative Companies, and Forbes World’s Best Banks.
Visit our institutional page: https://www.nu.com/2026-en
About Us
Nu is one of the largest digital financial platforms in the world, with more than 127 million customers across Brazil, Mexico, and Colombia. Guided by our mission to fight complexity and empower people, we are redefining financial services in Latin America and this is still just the beginning of the purple future we're building.
Listed on the New York Stock Exchange (NYSE: NU), we combine proprietary technology, data intelligence, and an efficient operating model to deliver financial products that are simple, accessible, and human.
Our impact has been recognized by global rankings such as Time 100 Companies, Fast Company’s Most Innovative Companies, and Forbes World’s Best Bank. Visit our institutional page https://international.nubank.com.br/careers/
About the role
As a Digital Affairs & DPO Senior Specialist based in the United States, you will play a senior role in Nubank’s global privacy function, acting as a key point of contact for complex privacy, data protection and AI topics in the US while supporting our global privacy governance program.
You will bridge high‑level legal strategy and day‑to‑day program execution, combining hands‑on product counseling with ownership of core privacy governance workflows (RoPA, DPIAs/PIAs, DSRs, incident response, third‑party risk, metrics) across multiple jurisdictions.
Protecting personal data is fundamental to maintaining the fanatical trust our customers place in us. This role ensures that as Nubank expands its footprint and launches data‑intensive products (including in the US), our privacy and AI governance remain compliant, scalable, business‑enabling and deeply embedded into our technology and product lifecycle.
You will respond to the Global DPO and work closely with Legal, Compliance, IT Security, Data, Risk, and Products teams to identify and close privacy and AI‑related gaps, design pragmatic controls, and translate complex regulatory expectations (e.g., US federal and state privacy laws, LGPD, GDPR) into simple, repeatable mechanisms that enable innovation.
You'll be responsible for:
Product Legal Counseling (Privacy, Data Protection & AI)
Provide clear, fast and actionable legal guidance to product, engineering, data and business teams on US and global privacy, data protection, AI and cybersecurity questions, with focus on data‑intensive products and internal tools.
Conduct legal risk assessments for new and existing products, features and AI/ML use cases (including automated decision‑making, profiling, biometrics, fraud/credit models), aligning recommendations with Nubank’s risk appetite and product strategy.
Draft, review and negotiate privacy‑relevant documentation (e.g., DPAs, data sharing agreements, vendor addenda, privacy and AI notices, in‑product disclosures, terms of service and consent flows), including cross‑border data transfer mechanisms.
Translate complex and evolving US and international privacy/AI requirements into simple, operational guidance and design patterns for squads, avoiding “legal black boxes” and enabling self‑service where possible.
Privacy Governance & Program Management
Work closely with the Global DPO to co‑lead the execution of the global privacy governance roadmap, ensuring clear ownership, milestones, and visibility to leadership.
Own or co‑own key pillars of the Privacy Governance Program as they relate to the US and global scope, including:
Record of Processing Activities (RoPA) and personal data mapping;
Privacy and data protection risk management and controls;
DPIAs/PIAs and other privacy risk assessments at scale;
Global data