Director, Privacy Operations and Governance (Hybrid - Seattle)

About The Position

Requirements

• Bachelor's degree; JD, MBA, or relevant advanced degree preferred or equivalent experience
• 10+ years in privacy, data protection, governance, compliance, or risk management, with 8+ years in leadership roles
• Experience building governance frameworks in complex, multi-functional organizations
• Strong knowledge of U.S. privacy regulatory landscape and practical operationalization experience
• Expertise in governance frameworks, policy management, and program execution
• Deep understanding of the retail business domain, including experience with online, phone order, and physical store sales channels
• Knowledge of how privacy and regulatory requirements can be met across a diverse set of technical environments—from legacy mainframe computers to containers in the cloud
• Strong bias for results and can operate with autonomy to address bottlenecks, provide escalation management, anticipate and make trade-offs, and encourage behavior to maximize business benefit
• Highly collaborative skillsets and can build and leverage relationships with internal and external stakeholders
• Proven ability to lead cross-functional teams and enterprise initiatives
• Excellent written and verbal communications, including presentation skills, and proven ability to effectively communicate with all levels of the organization, including executive leadership

Nice To Haves

• CIPP/US, CIPM, CGEIT, CRISC, or CISM certifications preferred
• Proficiency with GRC tools and technologies such as Onspring or Archer GRC platforms
• Experience with privacy program automation

Responsibilities

• Lead the design, implementation, and management of enterprise-wide privacy and governance operations
• Build and scale privacy operations processes including Privacy Impact Assessments (PIA), data subject rights workflows, and privacy-by-design reviews
• Develop governance frameworks defining roles, responsibilities, and accountability structures for data privacy risk
• Own lifecycle management of privacy and cybersecurity policies: creation, review, approval, and updates
• Ensure compliance with U.S. privacy laws (CCPA/CPRA, Colorado CPA, Virginia VCDPA, Connecticut, Utah, and emerging state laws)
• Establish a comprehensive governance model to measure and track the maturation of the overall cybersecurity program on a regular basis
• Create governance reporting mechanisms and executive dashboards for program maturity and risk posture
• Lead incident response for privacy breaches, including investigation, documentation, and regulatory reporting
• Define KPIs and KRIs for privacy and cybersecurity governance programs with regular leadership reporting
• Conduct maturity assessments and gap analyses to identify improvement opportunities
• Develop and deploy privacy and governance training programs with role-based curricula
• Oversee vendor privacy risk assessments and ensure appropriate contractual terms (DPAs, BAAs)
• Implement data classification schemes, ownership models, and lifecycle management processes
• Serve as operational privacy and governance expert across departments, partnering with Legal and Cybersecurity to ensure program alignment
• Develop and manage a roadmap informed by governance insights to prioritize initiatives and allocate resources effectively
• Build relationships with business leaders as a trusted advisor on privacy and governance matters

Benefits

• Medical/Vision, Dental
• Retirement and Paid Time Away
• Life Insurance and Disability
• Merchandise Discount and EAP Resources
• 401k
• medical/vision/dental/life/disability insurance options
• PTO accruals
• Holidays