Privacy Compliance Director

Bright Horizons Children's Centers•Newton, NE

1d•Hybrid

About The Position

The Privacy Compliance Director owns and governs the global Privacy Compliance program to ensure compliance with legal and regulatory requirements, and the implementation of control frameworks and best practices. This role is accountable for aligning global teams, stakeholders, and external vendors on program roadmaps, and providing guidance to global teams on privacy program requirements, processes, and best practices. The Privacy Compliance Director requires an advanced understanding of Privacy Compliance operations best practices and a demonstrated ability to effectively manage a large portfolio of assessments, and risks, for a global organization. This person must demonstrate advanced analytical skills, an attention to detail, and influencing skills throughout all levels of the organization. This is a hybrid role and requires onsite work 3 days a week in our Newton, MA office. Bright Horizons is a leading education and care company that helps employees thrive at work and at home by partnering with employers to offer high-quality child care, elder care, and educational support. Our workplace reflects this commitment—with collaborative environments, meaningful benefits, and a culture that supports both career growth and personal well-being. Whether you’re caring for children or powering the systems and partnerships that make it all possible, at Bright Horizons, you’re the difference.

Requirements

10 years experience in supporting Privacy Compliance and Risk Management team, managing a large portfolio of asset, vendor, and PIA assessments for a large multi-national corporation with limited oversight
7 years experience using and/or configuring Governance, Risk & Compliance tools such as OneTrust and TrustArc to perform assessments and risk management
Bachelor's Degree in Law, Information Security, Accounting, Information Systems degree. 5+ years of additional experience would be considered in lieu of degree.

Nice To Haves

ISO 27001/27701 and SOC2 audit experience
Certified Information Privacy Manager (CIPM) is required within 12 months - Preferred.
CIPP and AIPP, desired.
Expert-level understanding and application of Privacy and Information Security frameworks (e.g. GDPR, CPRA), best practices, controls and risk management strategies.
Advance program and people leadership skills and experience in team capacity planning, goal setting, coaching, and performance management for internal teams and vendors.
Expert ability to influence internal and external employees, contractors, and vendors

Responsibilities

Owns and drives privacy accountability and compliance across the company by administering effective processes and leadership oversight.
Defines and evolves the enterprise privacy compliance strategy, enterprise-wide standards for global assessment methodologies, risk scoring, and reporting.
Manages, and performs, vendors and asset assessments across all locations.
Collaborates with internal stakeholders, external consultants, and vendors to clarify assessment responses, evaluate risks, and agree treatment plans.
Creates and manages risks for the Privacy and Information Security teams.
Develops and maintains process and procedure documentation for areas of responsibility.
Provides guidance to business partners on the implementation and adherence to privacy by design related concepts, policies and procedures.
Sets direction and oversees the use of Privacy Management Tools (OneTrust, Teams, ADO, SharePoint).
Utilizes the privacy management tools to ensure optimization of documentation of and reporting on the global privacy compliance program.
Guides team with requirements documentation, conduct, coordinate and execute system test plans.
Assists system users on data entry into the privacy management assessments to ensure consistent practices and outputs.
Contributes to the development and maintenance of global Privacy and Information Security policies, procedures, and standards impacting direct areas of responsibility.
Drives process improvements and Privacy & Information Security program quality.
Evaluates quality of data entry and assessment responses.
Develops and implements recommendations to improve data quality for areas of responsibility.
Monitors assessment and other privacy program related processes for potential and realized delays and quality issues.
Proactively partners with key stakeholders to prepare root cause analysis and remediation plans.
Tracks and report on issues and root causes.
Sponsors and leads complex, privacy driven initiatives and activities: Evaluates and partners with Privacy, Security and global business partners to assess and execute plans for regulatory readiness efforts.
Sets direction for privacy compliance audit activities and facilitates risk management program design, remediation analysis, residual risk evaluation, and control documentation updates.
Serves as the senior escalation point for program risks, assessment blockers, vendor issues, and cross‑regional privacy challenges.
Designs and provides management KPIs, performance reports and other insights for areas of responsibility.