Lead, Data Privacy

About The Position

Requirements

• Bachelors Degree directly related to the position or equivalent, preferred.
• Degree in Information Technology, Cybersecurity, Risk Management, Business, or related field.
• Minimum seven years experience in data privacy, risk management, compliance, or information security. Experience in financial services or regulated environments preferred.
• CIPP (US or equivalent), CIPM, CIPT, or similar privacy certifications (preferred).
• CISA, CRISC, or CISSP (preferred).
• Ability to organize and manage multiple priorities simultaneously.
• Ability to work well independently or within a team.
• Excellent interpersonal communication skills required.
• Experience in data privacy tooling (e.g., Purview, Varonis, Cyera) preferred.
• Strong understanding of data privacy principles and regulatory requirements.
• Ability to translate legal/regulatory language into technical and operational controls.
• Experience integrating privacy into technology and third-party risk processes.
• Ability to work cross-functionally and influence without direct authority.
• Excellent verbal and written communication skills required.
• Highly organized and detail-oriented; ability to work in a fast-paced, metrics-driven environment required.
• Proficiency in Microsoft Office Suite, Word, Excel, Wiki, collaborative cloud-based programs, and third-party software applications required.
• Commitment to company values.
• Customer Service - Proactive attention to each person.
• Integrity - Do and say what's right.
• Respect - Treat others with dignity.
• Collaboration - Listen and work together.
• Learning - Seek knowledge and strive for improvement.
• Excellence – Deliver the unexpected.
• Work is primarily sedentary; mobility in an office setting.
• Ability to operate standard office equipment and keyboards.
• Regularly required to accurately perceive, distinguish and interpret information received visually and through audio; e.g., words, numbers and other data broadcasted aloud/viewed on a screen, as well as print and other media.
• Travel 5-10%
• Learn new tasks, remember processes, maintain focus, complete tasks independently, and make timely decisions in the context of a workflow.
• This role requires effective adaptation to workplace stressors, including customer service complaints, security responsibilities, and competing priorities.
• Work is primarily performed during the business week, Monday - Friday.

Nice To Haves

• Bachelors Degree directly related to the position or equivalent, preferred.
• Degree in Information Technology, Cybersecurity, Risk Management, Business, or related field.
• Experience in financial services or regulated environments preferred.
• CIPP (US or equivalent), CIPM, CIPT, or similar privacy certifications (preferred).
• CISA, CRISC, or CISSP (preferred).
• Experience in data privacy tooling (e.g., Purview, Varonis, Cyera) preferred.

Responsibilities

• Lead the development, implementation, and continuous improvement of the enterprise Data Privacy Program aligned with regulatory requirements and risk frameworks.
• Partner with Information Security to mature the Data Loss Prevention Program.
• Provide direction and monitor that privacy requirements are embedded into IT systems, processes, and business operations.
• Monitor and interpret evolving data privacy laws and regulations (e.g., GLBA, CCPA/CPRA, state privacy laws, FTC expectations).
• Translate regulatory requirements and company policies into actionable controls, procedures, and business requirements.
• Support regulatory exams, audits, and assessments related to data privacy.
• Maintain documentation and evidence to demonstrate compliance with privacy obligations.
• Develop and implement privacy policies, standards, and procedures governing data handling, classification, retention, and protection.
• Lead efforts to identify and maintain data inventories and data flow mappings across systems and third parties.
• Partner with Data Governance on data classification, data lineage and data lifecycle management.
• Classify data based on sensitivity and ensure appropriate controls are applied.
• Partner with IT and business teams to ensure accurate tracking of where data is stored, processed, and transmitted.
• Partner with Information Security to monitor and enhance data masking and encryption policies and enforcement.
• Lead efforts to conduct NIST Privacy Assessments.
• Partner with IT Governance and Vendor Management to ensure third parties meet privacy requirements throughout the vendor lifecycle.
• Support processes for handling data subject rights requests (e.g., access, deletion, correction). Partner with Compliance and IT teams to ensure timely and accurate responses.
• Collaborate with Information Security and Incident Management teams to assess privacy impact of security incidents, support breach notification processes, ensure regulatory reporting obligations are met.
• Assess privacy risks associated with AI, machine learning, and data-driven technologies.
• Partner with IT Governance and AI teams to align AI use with privacy regulations and ethical standards.
• Identify privacy risks and recommend mitigation strategies aligned with enterprise risk tolerance.
• Integrate privacy risk into the broader Enterprise Risk Management Program and Risk Register.
• Develop and maintain privacy metrics and KPIs/KRIs (e.g., assessment completion, data inventory coverage, incidents).
• Report on privacy risks, issues, and program maturity to leadership.
• Develop and deliver privacy awareness and training programs for employees and stakeholders.
• Promote a culture of data protection and responsible data handling across the organization.
• Provide guidance to business units on privacy best practices and compliance expectations.
• Evaluate and recommend data privacy tools and technologies to enhance data discovery, consent management, etc.

Benefits

• medical
• dental
• vision
• life insurance
• AD&D
• LTD
• 401(k) with employer match