Director Cybersecurity, Data Privacy, & Compliance

About The Position

Requirements

• 4-year degree in Computer Science, Systems Engineering, Information Technology, Management Information Systems, or a related discipline, or an additional 2+ years of training/experience in lieu of degree
• 8+ years of experience in information security, data privacy, data governance, or a related field
• 4+ years in a leadership role
• 2+ years of experience developing and implementing data governance frameworks, policies, and standards.
• 2+ years of experience with data governance tools and platforms (e.g., data catalogs, metadata management, DLP solutions)
• 2+ years of experience with privacy management platforms and DSAR automation tools
• Deep technical expertise in technology infrastructure, networking, cybersecurity, cloud computing, and enterprise systems architecture is a must
• Demonstrated knowledge of data privacy regulations (e.g., CCPA/CPRA, state privacy laws, GDPR) and experience building or managing a privacy compliance program is also required
• Ability to work well under pressure, prioritize projects, meet deadlines, and maintain flexibility
• High level of integrity and ethics, able to handle sensitive and/or proprietary information with discretion and confidentiality
• Self-starter must have a positive attitude and strong desire for success
• Strong attention to detail, organization, and time management skills
• Ability to translate complex regulatory and technical requirements into actionable business policies and procedures
• Strong knowledge of privacy laws, data protection regulations, and compliance frameworks (NIST, ISO 27001, PCI DSS, SOC 2)
• Proven leadership and managerial skills, with the ability to inspire, motivate, and develop high-performing teams.
• Excellent oral and written communication skills, with the ability to present to executive leadership, regulators, and cross-functional teams
• Strong analytical and problem-solving abilities, with a focus on driving continuous improvement and innovation in technology systems and processes.
• Ability to work with individuals and teams at all levels in the organization
• Strong stakeholder management skills with the ability to influence without direct authority across business units
• Exemplifies Breeze's safety culture, values, and mission

Nice To Haves

• Industry certification in security (e.g., CISSP, CISM, CISA, and/or GIAC)
• Industry certification in privacy (e.g., CIPP/US, CIPP/E, CIPM, CIPT)
• Familiarity with aviation industry regulatory requirements (DOT, TSA, FAA) as they relate to data and technology
• Experience developing AI/ML governance frameworks or responsible AI policies
• Experience in a regulated industry (aviation, financial services, healthcare, etc.)

Responsibilities

• Set the strategy for new technologies and information security products that will support information security requirements for the company and its customers, business partners, and vendors.
• Establish the strategy to mitigate information security risks within the organization.
• Collaborate closely with senior-level technology leaders to develop and plan the information security architecture strategy.
• Lead ongoing threat and vulnerability assessments and substantive testing of information security controls.
• Work closely with other teams, including network engineers, data engineers, software engineers, and business teams to achieve common goals.
• Serve as the escalation point and information security expert for solution designs and technical consulting services.
• Direct complex information security principles and requirements into business initiatives that securely drive innovation, improve customer experience, and control costs
• Oversee and perform technology security risk assessments
• Perform due diligence reviews and manage the remediation efforts of SOC 1/SOC 2 reports, penetration tests, and PCI audits.
• Develop, implement, and maintain the enterprise data privacy program, including privacy policies, standards, and procedures aligned with applicable laws and regulations (CCPA/CPRA, state privacy laws, GDPR where applicable, and emerging federal privacy legislation)
• Guide to the Data Subject Access Request (DSAR) and individual rights management process.
• Lead Privacy Impact Assessments (PIAs) and Data Protection Impact Assessments (DPIAs) for new systems, applications, vendor engagements, and business initiatives
• Champion privacy-by-design and privacy-by-default principles across technology, business partners and business projects.
• Direct the organization's data breach notification and incident response process in coordination with Legal, Communications, and executive leadership, ensuring compliance with all applicable breach notification requirements.
• Manage and deliver enterprise-wide privacy awareness training and education programs.
• Evaluate and manage privacy risks associated with third-party vendors, business partners, and data processors through contractual controls and ongoing monitoring.
• Establish and lead the enterprise data governance framework, including data ownership, data stewardship, and accountability models across business units.
• Define, develop, and implement data security and governance standards including data classification, encryption, data loss prevention, data access governance for structured and unstructured data, and monitoring to prevent data-related security incidents.
• In coordination with the data analytics team, refine data quality standards, and partner with business and technology teams to ensure data integrity across critical systems.
• Develop and implement policies and frameworks for the responsible and ethical use of artificial intelligence and machine learning technologies across the organization.
• Assess and manage risks related to AI/ML models, including data bias, algorithmic fairness, transparency, and explainability.
• Ensure AI/ML initiatives comply with emerging regulatory requirements and industry best practices for responsible AI.
• Collaborate with data science, business teams, data and software engineering, to embed governance controls into the AI/ML development lifecycle.
• Ensure compliance with aviation-specific regulatory requirements related to data, technology, and cybersecurity, including DOT, TSA, and FAA mandates.
• Monitor and assess the impact of evolving federal, state, and international regulations on the organization's cybersecurity, privacy, and data governance posture.
• Create, update, and improve upon key performance indicators gauging the company's level of compliance and provide reports to leadership.
• Maintain strong oversight of third parties and business partners to safeguard against undue risk and ensure contractual and regulatory compliance.
• Coordinate with Legal and other departments on regulatory examinations, audits, and inquiries related to cybersecurity, data privacy, and data governance.
• Other duties as assigned by the VP of Technology.
• Achieve performance measures and adhere to established standards in conjunction with Breeze Aviation Group Values of Safety, Kindness, Integrity, Ingenuity and Excellence.

Benefits

• Health, Vision and Dental
• Health Savings Account with Breeze Employee Match
• 401K with Breeze Employee Match
• PTO
• Travel on Breeze and other Airlines too!