Chief Data Protection and Privacy Officer

AXIS (AXIS Capital)•Alpharetta, GA

4d•$145,000 - $245,000•Hybrid

About The Position

The Chief Data Protection and Privacy Officer (CDPPO) serves as the authority for all data privacy and protection matters within AXIS Capital’s global insurance and reinsurance operations. This leadership role is responsible for designing and leading a comprehensive privacy strategy that ensures full compliance with the evolving legal landscapes of the EU (GDPR), the UK (UK GDPR/Data Protection Act), and US federal and state laws. The CDPPO directs the professional privacy team within the Data Protection and Privacy Office as well as works with other departments, leaders and Privacy Champions to embed privacy protection into our global insurance operations and lead our response to complex data challenges, including AI governance and cross-border data transfers. The successful candidate will be able to take on the challenge of coordinating and driving others to think about, engage in and ensure compliance.

Requirements

7-10 years of experience in data privacy, legal, or compliance, with management experience a plus.
Deep, verifiable knowledge of EU GDPR, UK GDPR, and US privacy laws (e.g., CCPA, HIPAA).
Experience in the highly regulated insurance or financial services sector is strongly preferred.
Bachelor’s degree in business, accounting, finance operations, risk management or other related field.
Juris Doctor (JD) or Master’s degree with a post graduate focus on Privacy or Data Protection is highly preferred.
Familiarity with AI governance frameworks (e.g., EU AI Act).
Strong analytical skills, with ability to quickly assess key elements of legal and regulatory risk, coupled with good technical drafting and negotiation skills.
Strong interpersonal, written, and oral communication skills with ability to translate technical concepts to a non-technical audience, gain confidence of business colleagues and perform as an effective team player.

Nice To Haves

IAPP certifications: CIPP/E (Europe), CIPP/US (United States), and CIPM (Management) preferred.

Responsibilities

Establish, drive implementation and maintain a global privacy compliance and compliance framework that aligns with diverse international regulations while supporting business growth and innovation.
Monitor and ensure adherence to the GDPR (EU), UK GDPR, and major US laws. Act as the primary liaison with global supervisory authorities and data protection regulators.
Oversee the execution of Data Protection Impact Assessments (DPIAs), Record of Processing Activities (ROPA) and Privacy Impact Assessments (PIAs), among other risk management activities. Also alignment and collaboration with Enterprise Risk Management (identifying and mitigating privacy risks as related to the business of AXIS).
Provide guidance on and be an integral collaborator with regards to the introduction and embedding of AI governance into the workspace.
Engage with others key stakeholders to respond to data privacy breaches, including determination of notification requirements across multiple jurisdictions as applicable.
Partner with the CISO to align privacy and security programs and work with product teams to integrate ‘privacy by design’ into the entire insurance lifecycle.
Affirmatively foster a "culture of privacy" through organization-wide training and represent the company’s privacy interests in industry and legislative forums. Should include third party data processing management and international data transfers etc.… (legal and contractual management tasks)