Sr Mgr, Online Tracking, AM, CBT Partner

About The Position

Requirements

• Bachelor’s degree in Information Systems, Computer Science, Engineering, Business, or equivalent experience.
• Typically 8+ years experience spanning IT, digital platforms, enterprise systems, risk/compliance, or privacy operations (or equivalent combination of education and experience).
• Demonstrated experience working within or alongside IT organizations (e.g., product, platform, engineering, architecture, SDLC).
• Proven ability to act as a business‑facing technology owner, bridging regulatory needs and technical execution.
• Strong understanding of global privacy concepts related to: Online tracking and consent, System inventories and data mapping, ROPAs and Data Subject Rights enablement.

Nice To Haves

• Prior experience in enterprise IT roles (product owner, platform lead, systems manager, architect, or equivalent).
• Experience with privacy or GRC tooling (e.g., OneTrust), consent management platforms, or large‑scale digital estates.
• Comfort operating in matrixed global organizations with complex stakeholder ecosystems.
• Privacy credentialing (e.g., IAPP) is a plus.

Responsibilities

• Own the end‑to‑end governance, operation, and evolution of the Company’s global Cookie Consent Management Program, ensuring compliance with online tracking, transparency, and choice requirements across jurisdictions.
• Oversee the technical implementation and operational use of consent tooling (e.g., OneTrust or successor platforms) across all global digital assets, including websites, applications, and emerging digital engagement channels.
• Establish global standards for: Cookie classification and taxonomy, Consent models and user interface patterns, Banner configuration, localization, and deployment, Consent record retention, auditability, and reporting.
• Partner with Legal, Digital, Marketing, Medical, and regional privacy leaders to ensure consistent deployment without fragmenting consent logic or creating unmanaged local solutions.
• Drive modernization initiatives to address complex digital ecosystems, including multi‑domain environments, tag management, third‑party technologies, and evolving regulatory interpretation.
• Serve as GPO’s global owner of the Privacy Asset Management capability, ensuring the Company maintains a comprehensive, accurate, and usable inventory of systems and assets that process personal data.
• Ensure each asset has: A clearly defined asset owner, Complete visibility into types of personal data processed, Alignment with data categories, processing purposes, and jurisdictions, Ongoing lifecycle tracking (new, changed, retired systems).
• Establish asset management as a foundational dependency for: Records of Processing Activities (ROPAs), Data Subject Rights fulfillment, Incident response and impact analysis, Privacy Impact Assessments and compliance reviews.
• Partner closely with CBT to embed privacy asset identification into SDLC and change processes, ensuring new or modified systems are captured by design, not retroactively.
• Act as the primary accountable GPO interface to CBT for privacy technology platforms, roadmaps, demand intake, prioritization, and delivery execution.
• Translate privacy strategy, process requirements, and regulatory obligations into clear, actionable technology requirements for CBT product and engineering teams.
• Drive disciplined governance for: Technology demand management, Enhancement prioritization and sequencing, Release planning and change control, Post‑deployment stabilization and adoption.
• Partner with CBT to ensure privacy platforms are scalable, resilient, secure, and integrated within the broader enterprise architecture (e.g., SDLC, IRIS, digital platforms).
• Ensure GPO has strong ownership without building shadow IT, maintaining clear RACI boundaries between GPO (process/product ownership) and CBT (build/run responsibilities).
• Ensure Cookie, Asset, and Platform capabilities are instrumented for meaningful metrics, including adoption, completeness, quality, and operational risk indicators.
• Conduct recurring performance reviews with CBT and GPO stakeholders to drive data‑based improvement decisions.
• Lead structured modernization efforts to reduce manual effort, eliminate rework, and improve regulator‑ready transparency across digital and asset inventories.