Director, Privacy Operations and Governance (Hybrid - Seattle)

Nordstrom-posted 2 days ago
Full-time • Director
Hybrid • Seattle, WA
5,001-10,000 employees
Resume
Match Score
Upload and Match ResumeTrack Jobs with Teal

As a Director of Privacy Operations and Governance within Nordstrom's Governance, Risk, and Compliance (GRC) team, you will lead the design, implementation, and execution of Nordstrom's Privacy and Governance programs. You will ensure compliance with U.S. privacy regulations, manage cybersecurity governance risks, and embed best practices across the enterprise to enhance Nordstrom's security posture and protect customer data. In this role, you will act as the operational engine behind privacy and governance initiatives, partnering closely with Legal, HR, Marketing, Finance, and other business units. You will work across departments and functional lines on a variety of programs that range in scope, risk, and complexity. Are you a strategic leader who is passionate about building robust governance and privacy programs? Do you think about ways to operationalize complex privacy regulations into business-friendly practices? Do you want to shape governance culture and influence executive decision-making on customer trust and data stewardship? Join our team and be part of a company that is on the cutting edge of retail technology geared at getting consumers the products they love in a safe and secure environment. A day in life... Lead the design, implementation, and management of enterprise-wide privacy and governance operations Build and scale privacy operations processes including Privacy Impact Assessments (PIA), data subject rights workflows, and privacy-by-design reviews Develop governance frameworks defining roles, responsibilities, and accountability structures for data privacy risk Own lifecycle management of privacy and cybersecurity policies: creation, review, approval, and updates Ensure compliance with U.S. privacy laws (CCPA/CPRA, Colorado CPA, Virginia VCDPA, Connecticut, Utah, and emerging state laws) Establish a comprehensive governance model to measure and track the maturation of the overall cybersecurity program on a regular basis Create governance reporting mechanisms and executive dashboards for program maturity and risk posture Lead incident response for privacy breaches, including investigation, documentation, and regulatory reporting Define KPIs and KRIs for privacy and cybersecurity governance programs with regular leadership reporting Conduct maturity assessments and gap analyses to identify improvement opportunities Develop and deploy privacy and governance training programs with role-based curricula Oversee vendor privacy risk assessments and ensure appropriate contractual terms (DPAs, BAAs) Implement data classification schemes, ownership models, and lifecycle management processes Serve as operational privacy and governance expert across departments, partnering with Legal and Cybersecurity to ensure program alignment Develop and manage a roadmap informed by governance insights to prioritize initiatives and allocate resources effectively Build relationships with business leaders as a trusted advisor on privacy and governance matters

  • Lead the design, implementation, and management of enterprise-wide privacy and governance operations
  • Build and scale privacy operations processes including Privacy Impact Assessments (PIA), data subject rights workflows, and privacy-by-design reviews
  • Develop governance frameworks defining roles, responsibilities, and accountability structures for data privacy risk
  • Own lifecycle management of privacy and cybersecurity policies: creation, review, approval, and updates
  • Ensure compliance with U.S. privacy laws (CCPA/CPRA, Colorado CPA, Virginia VCDPA, Connecticut, Utah, and emerging state laws)
  • Establish a comprehensive governance model to measure and track the maturation of the overall cybersecurity program on a regular basis
  • Create governance reporting mechanisms and executive dashboards for program maturity and risk posture
  • Lead incident response for privacy breaches, including investigation, documentation, and regulatory reporting
  • Define KPIs and KRIs for privacy and cybersecurity governance programs with regular leadership reporting
  • Conduct maturity assessments and gap analyses to identify improvement opportunities
  • Develop and deploy privacy and governance training programs with role-based curricula
  • Oversee vendor privacy risk assessments and ensure appropriate contractual terms (DPAs, BAAs)
  • Implement data classification schemes, ownership models, and lifecycle management processes
  • Serve as operational privacy and governance expert across departments, partnering with Legal and Cybersecurity to ensure program alignment
  • Develop and manage a roadmap informed by governance insights to prioritize initiatives and allocate resources effectively
  • Build relationships with business leaders as a trusted advisor on privacy and governance matters
  • Bachelor's degree; JD, MBA, or relevant advanced degree preferred or equivalent experience
  • 10+ years in privacy, data protection, governance, compliance, or risk management, with 8+ years in leadership roles
  • Experience building governance frameworks in complex, multi-functional organizations
  • Strong knowledge of U.S. privacy regulatory landscape and practical operationalization experience
  • Expertise in governance frameworks, policy management, and program execution
  • Deep understanding of the retail business domain, including experience with online, phone order, and physical store sales channels
  • Knowledge of how privacy and regulatory requirements can be met across a diverse set of technical environments—from legacy mainframe computers to containers in the cloud
  • Strong bias for results and can operate with autonomy to address bottlenecks, provide escalation management, anticipate and make trade-offs, and encourage behavior to maximize business benefit
  • Highly collaborative skillsets and can build and leverage relationships with internal and external stakeholders
  • Proven ability to lead cross-functional teams and enterprise initiatives
  • Excellent written and verbal communications, including presentation skills, and proven ability to effectively communicate with all levels of the organization, including executive leadership
  • CIPP/US, CIPM, CGEIT, CRISC, or CISM certifications preferred
  • Proficiency with GRC tools and technologies such as Onspring or Archer GRC platforms
  • Experience with privacy program automation
  • Medical/Vision, Dental
  • Retirement and Paid Time Away
  • Life Insurance and Disability
  • Merchandise Discount and EAP Resources
  • 401k
  • medical/vision/dental/life/disability insurance options
  • PTO accruals
  • Holidays
Track Jobs with Teal

Job Search Resources

Resume Builder
Resume Examples
Cover Letter Examples

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service