Director Cybersecurity, Data Privacy, & Compliance
Breeze Airways™ · Salt Lake City, UT · 2 mo ago
On-siteInformation TechnologyFull-time
About the role
The Director Cybersecurity, Data Privacy, & Compliance leads the enterprise cybersecurity, data privacy, and data governance programs while ensuring regulatory compliance across all operational and commercial functions of Breeze Airways.
Responsibilities
- Set the strategy for new technologies and information security products that will support information security requirements for the company and its customers, business partners, and vendors.
- Establish the strategy to mitigate information security risks within the organization.
- Collaborate closely with senior-level technology leaders to develop and plan the information security architecture strategy.
- Lead ongoing threat and vulnerability assessments and substantive testing of information security controls.
- Work closely with other teams, including network engineers, data engineers, software engineers, and business teams to achieve common goals.
- Serve as the escalation point and information security expert for solution designs and technical consulting services.
- Direct complex information security principles and requirements into business initiatives that securely drive innovation, improve customer experience, and control costs.
- Oversee and perform technology security risk assessments.
- Perform due diligence reviews and manage the remediation efforts of SOC 1/SOC 2 reports, penetration tests, and PCI audits.
- Develop, implement, and maintain the enterprise data privacy program, including privacy policies, standards, and procedures aligned with applicable laws and regulations (CCPA/CPRA, state privacy laws, GDPR where applicable).
- Guide to the Data Subject Access Request (DSAR) and individual rights management process.
- Lead Privacy Impact Assessments (PIAs) and Data Protection Impact Assessments (DPIAs) for new systems, applications, vendor engagements, and business initiatives.
- Champion privacy-by-design and privacy-by-default principles across technology, business partners and business projects.
- Direct the organization's data breach notification and incident response process in coordination with Legal, Communications, and executive leadership, ensuring compliance with all applicable breach notification requirements.
- Manage and deliver enterprise-wide privacy awareness training and education programs.
- Evaluate and manage privacy risks associated with third-party vendors, business partners, and data processors through contractual controls and ongoing monitoring.
- Establish and lead the enterprise data governance framework, including data ownership, data stewardship, and accountability models across business units.
- Define, develop, and implement data security and governance standards including data classification, encryption, data loss prevention, data access governance for structured and unstructured data, and monitoring to prevent data-related security incidents.
- In coordination with the data analytics team, refine data quality standards, and partner with business and technology teams to ensure data integrity across critical systems.
- Develop and implement policies and frameworks for the responsible and ethical use of artificial intelligence and machine learning technologies across the organization.
- Assess and manage risks related to AI/ML models, including data bias, algorithmic fairness, transparency, and explainability.
- Ensure AI/ML initiatives comply with emerging regulatory requirements and industry best practices for responsible AI.
- Collaborate with data science, business teams, data and software engineering, to embed governance controls into the AI/ML development lifecycle.
- Ensure compliance with aviation-specific regulatory requirements related to data, technology, and cybersecurity, including DOT, TSA, and FAA mandates.
- Maintain strong oversight of third parties and business partners to safeguard against undue risk and ensure contractual and regulatory compliance.
- Coordinate with Legal and other departments on regulatory examinations, audits, and inquiries related to cybersecurity, data privacy, and data governance.
Requirements
- 4-year degree in Computer Science, Systems Engineering, Information Technology, Management Information Systems, or a related discipline, or an additional 2+ years of training/experience in lieu of degree
- 8+ years of experience in information security, data privacy, data governance, or a related field
- 4+ years in a leadership role
- 2+ years of experience developing and implementing data governance frameworks, policies, and standards.
- 2+ years of experience with data governance tools and platforms (e.g., data catalogs, metadata management, DLP solutions)
- 2+ years of experience with privacy management platforms and DSAR automation tools
- Deep technical expertise in technology infrastructure, networking, cybersecurity, cloud computing, and enterprise systems architecture is a must
- Demonstrated knowledge of data privacy regulations (e.g., CCPA/CPRA, state privacy laws, GDPR) and experience building or managing a privacy compliance program is also required
- The Director of Cybersecurity must:
- Be a U.S. citizen who is therefore eligible to seek a security clearance at the Secret Level
- Serve as the primary contact for cyber-related intelligence information and cybersecurity-related activities and communications with TSA and the Cybersecurity and Infrastructure Security Agency (CISA)
- Be accessible to TSA and CISA 24-hours a day, seven-days a week
- Coordinate cyber and related security practices and procedures internally
- Work with appropriate law enforcement and emergency response agencies
Qualifications
- Industry certification in security (e.g., CISSP, CISM, CISA, and/or GIAC)
- Industry certification in privacy (e.g., CIPP/US, CIPP/E, CIPM, CIPT)
- Familiarity with aviation industry regulatory requirements (DOT, TSA, FAA) as they relate to data and technology
- Experience developing AI/ML governance frameworks or responsible AI policies
- Experience in a regulated industry (aviation, financial services, healthcare, etc.)
Skills/Talents
- Ability to work well under pressure, prioritize projects, meet deadlines, and maintain flexibility
- High level of integrity and ethics, able to handle sensitive and/or proprietary information with discretion and confidentiality
- Self-starter must have a positive attitude and strong desire for success
- Strong attention to detail, organization, and time management skills
- Ability to translate complex regulatory and technical requirements into actionable business policies and procedures
- Strong knowledge of privacy laws, data protection regulations, and compliance frameworks (NIST, ISO 27001, PCI DSS, SOC 2)
- Proven leadership and managerial skills, with the ability to inspire, motivate, and develop high-performing teams.
- Excellent oral and written communication skills, with the ability to present to executive leadership, regulators, and cross-functional teams
- Strong analytical and problem-solving abilities, with a focus on driving continuous improvement and innovation in technology systems and processes.
- Ability to work with individuals and teams at all levels in the organization
- Strong stakeholder management skills with the ability to influence without direct authority across business units
- Exemplifies Breeze's safety culture, values, and mission
Benefits
- Health, Vision and Dental
- Health Savings Account with Breeze Employee Match
- 401K with Breeze Employee Match
- PTO
- Travel on Breeze and other Airlines too!
Pay
Competitive salary based on experience and qualifications.
Schedule
Full-time position.