Director, Privacy Compliance (Remote, US)

Openly

1d•Remote

About The Position

The Privacy Program Director is responsible for overseeing the company’s privacy compliance program in alignment with applicable federal and state privacy laws, insurance regulations, and industry best practices. This role ensures that the company protects personal information entrusted by policyholders, employees, agents, and business partners, and that privacy risks are effectively managed throughout the organization’s operations. This is a critical, high-impact leadership position focused on refining and maturing our enterprise-wide Data Privacy framework. The Privacy Director will drive cross-functional collaboration to continuously enhance policies and controls, mitigate regulatory and reputational risk, and embed a culture of responsible innovation throughout the company.

Requirements

Bachelor’s degree in Law, Business, Information Management, or related field; JD or Master’s preferred
7+ years of experience in privacy, data protection, compliance, or related regulatory roles, including at least 4 years working directly on privacy/data protection initiatives, preferably in the insurance services sector
Experience implementing or managing privacy programs under frameworks such as CCPA/CPRA, GLBA, or ISO/IEC 27701
In-depth understanding of U.S. privacy and data protection laws and regulations and impact in the insurance or financial services industry
Understanding of technologies used to protect sensitive data and monitor compliance
Proficiency in privacy program governance, risk assessments, and third-party oversight tools
Excellent organization and project management skills, with the ability to influence and collaborate effectively with people at all levels of the company
Attention to detail and documentation discipline
Strategic thinking with hands-on execution capability
Extremely comfortable operating with ambiguity and addressing complex business questions
Strong communication skills, both written and oral
Strong analytical and research skills

Nice To Haves

CDPSE, CIPP/US, CISA, CIPM, or CISM certification

Responsibilities

Oversee the privacy program and compliance framework, including policies, standards, and controls for applicable privacy laws
Provides advice and support on privacy-related implications, data-handling practices, and solution design.
Oversee privacy impact assessments (PIAs) and risk assessments for new products, systems, and vendors
Reviews, drafts, and maintains privacy notices, policies, procedures, consents
Oversee privacy training, promote privacy awareness culture, and serve as the privacy subject matter expert for leadership
Monitor statutes, regulations, case law, and other resources for changes and recommend program updates to ensure ongoing compliance with a focus on compliance with U.S. regulatory frameworks.
Provides guidance in support of cybersecurity incident investigation and response
Oversee consumer rights request processes (access, correction, deletion, opt-out) and ensure timely, compliant handling
Review and provide advice relative to data privacy terms in vendor contracts and business associate agreements
Independently manage multiple privacy initiatives under tight timelines with changing priorities and limited resources
Perform all other tasks and activities assigned from time to time

Benefits

Competitive Salary & Equity
Comprehensive Medical, Dental, and Vision Plan Offerings
Life and disability coverage including voluntary options
Parental Leave - up to 8 weeks (320 hours) of paid parental leave based on meeting eligibility requirements
401K Company Contribution
Work-from-home stipend
Annual Professional Development Fund
Be Well Program
Paid Volunteer Service Hours
Referral Program and Reward