Director of Privacy and GRC

About The Position

Requirements

• Bachelor's degree in a relevant field (e.g., Law, Computer Science, Business Administration).
• 10+ years of experience in privacy, compliance, and risk management roles.
• 5+ years of management experience leading cross-functional teams.
• Deep knowledge of global privacy regulations and frameworks.
• Strong understanding of information security principles and technologies.
• Experience implementing and managing GRC programs in complex organizations.

Nice To Haves

• Advanced degree (J.D., Master's) in relevant field.
• Professional certifications such as CIPP, CIPM, CRISC, or CGEIT.
• Experience in technology and/or online retail companies.
• Background in audit, risk management, or consulting.
• International business experience.

Responsibilities

• Design and execute the company's global privacy strategy, ensuring compliance with international privacy regulations including GDPR, CCPA, PIPL, and other applicable jurisdictions.
• Lead privacy impact assessments, data protection impact assessments, and privacy risk assessments.
• Develop and maintain privacy policies, procedures, and standards.
• Serve as the primary point of contact for privacy-related inquiries from internal stakeholders and regulatory bodies.
• Partner with Legal, IT, Security, and business units to implement privacy requirements into operations and products.
• Oversee the organization's GRC program, including the development and maintenance of governance structures, risk management frameworks, and compliance processes.
• Collaborate with Enterprise Risk team to evaluate and monitor technology ecosystem risks.
• Establish and maintain relationships with regulatory bodies, external auditors, and other relevant stakeholders.
• Drive the implementation of GRC tools and technologies to enhance program effectiveness.
• Develop and maintain a new data governance policy and charter for the function.
• Lead the implementation of new data governance platform.
• Oversee the data mapping and tagging according to the data classification policy.
• Collaborate with the Data Engineering and Data Platform teams to articulate technologies in a seamless manner.
• Directly manage and mentor a team of specialists, including: Privacy Lead, Data Governance Lead, Continuous Monitoring Lead.
• Build and maintain a high-performing team through coaching, professional development, and performance management.
• Foster collaboration between team members and across organizational boundaries.
• Develop and track key metrics for privacy and GRC programs.
• Provide regular reports to senior management and the Board on program status, risks, and initiatives.
• Lead the planning and execution of the annual privacy and GRC strategy.
• Manage program budgets and resource allocation.

Benefits

• Comprehensive medical, vision, and dental coverage.
• Supplemental life, short-term, and disability insurance.
• Free access to health coaches, therapists, and an onsite fitness center.
• Health savings account & 401k with company match.
• Incentive bonus program.
• Access to top-quality beauty & wellness products.
• Flexible work arrangements and a generous vacation policy.
• Generous maternity and paternity leave.