Principal Compliance and Privacy Advisor
About The Position
Duke University’s Office of Audit, Risk & Compliance (OARC) is seeking a Principal Advisor for Institutional Compliance and Privacy to help guide and strengthen Duke’s enterprise‑wide privacy and compliance programs. In this highly visible role, you’ll partner with leaders across the university and health system to address complex privacy, data protection, and regulatory challenges in a dynamic academic and research environment. You’ll play a key role in advancing privacy governance, evaluating risk, and delivering independent advisory services that support Duke’s mission. From privacy assessments and vendor reviews to research protocol evaluations and regulatory analysis, your work will directly influence how Duke manages data responsibly, ethically, and in compliance with evolving laws.
Requirements
- Bachelor's degree in business, economics, management information systems or related field; advanced degree in public policy, information governance, privacy or law highly desirable.
- Professional license and/or certification in privacy, data protection, project management, compliance, investigation or other relevant professional credentials are strongly preferred.
- Successful candidates will possess solid business acumen, well-developed analytical skills, risk and control understanding, strong relationship management abilities and the desire to achieve value-added project outcomes.
- Position requires at least four years' experience in compliance, privacy risk management, or related operational roles, including responsibility for project/engagement planning, executing and delivery.
- Ability to advise on privacy‑by‑design, data minimization, data retention, and lawful processing
- Experience reviewing third‑party/vendor data processing agreements and privacy terms
- Ability to interpret and assess compliance with FERPA, U.S. state privacy laws, and international regulations (e.g., GDPR)
- Strong documentation and report‑writing skills
Nice To Haves
- Experience in higher education, health systems, research environments, or professional services is preferred.
Responsibilities
- Execute privacy program operations, including privacy inbox triage, data‑subject rights requests, privacy assessments, and records of processing activities
- Advise stakeholders on privacy governance and data protection practices
- Conduct privacy and compliance reviews of third‑party vendors and service providers
- Review IRB research protocols to identify and mitigate privacy risks
- Perform privacy and compliance program assessments based on OARC’s strategic plan
- Evaluate governance, internal controls, and risk mitigation strategies across Duke
- Analyze compliance with applicable privacy and data protection regulations
- Prepare clear workpapers, reports, and executive summaries for leadership
- Perform independent advisory and compliance assurance engagements
- Collaborate with OARC colleagues and university partners to achieve effective outcomes
Benefits
- Duke offers a collaborative culture, opportunities for professional growth, and a competitive benefits package designed to support your health, career, and long‑term success: https://hr.duke.edu/benefits/
- Duke provides comprehensive and competitive medical and dental care programs, generous retirement benefits, and a wide array of family-friendly and cultural programs to eligible team members. Learn more at: https://hr.duke.edu/benefits/
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Mid Level
Number of Employees
101-250 employees
