Director of Privacy
Virginia Tech · Blacksburg, VA · 2 mo ago
Management$125k–$175k/yrFull-time
Key Responsibilities
- Develop and execute a university-wide privacy strategy aligned with institutional priorities.
- Ensure institutional compliance with applicable federal, state, and international privacy and data protection laws.
- Maintain a comprehensive data privacy governance inventory, including policies, standards, procedures, and internal controls.
- Foster a culture of ethical data stewardship across the university.
- Cultivate relationships with peers and subject matter experts to facilitate anticipatory evaluation of new regulations, enforcement focus, or other compliance initiatives.
- Work collaboratively with various departments, including Information Technology, Legal Counsel, Procurement, and Research Compliance, to ensure a consistent and balanced approach.
- Coordinate privacy risk assessments and the development of action plans to address identified risks through consultative interaction with university partners.
- Initiate and monitor corrective action and process improvement as needed in conjunction with IT and other security stakeholders.
- Identify and develop initiatives to address and resolve areas of compliance concerns or emerging risks.
- Assist in the development of university-wide policies and procedures to ensure compliance with applicable privacy laws, regulations, and best practices.
- Review and evaluate existing policies and recommend improvements.
- Develop and deliver training programs to educate university employees on data privacy standards.
- Promote awareness of data stewardship and shared responsibility.
- Manage and oversee privacy-related investigations and complaints, and the resolutions in collaboration with other compliance leaders, team members, and legal counsel, as appropriate.
- Review and advise on vendor contracts, data sharing agreements, and third-party risk from a privacy perspective, in coordination with IT, Legal Counsel, and Procurement.
- Gather, organize, analyze, and report on privacy-related issues and recommendations that are complex in nature.
Required Qualifications
- An advanced degree in related field, or a combination of a bachelor's degree and significant related experience.
- Experience implementing a privacy program at a large organization.
- Understanding of applicable privacy laws, regulations, industry standards, and related compliance issues.
- Demonstrated ability to establish collaborative partnerships with a wide range of staff across a complex, decentralized organization.
- Demonstrated ability to successfully handle sensitive discussions; strong personal ethics commitment; and demonstrated sound judgment.
- Persuasive communicator, with excellent verbal and written communication skills, and the ability to communicate concisely, engage, influence, and align to achieve the desired results with a wide variety of audiences.
- Experience in developing reports that convey technical and complex concepts in simple language and recommendations derived from data analysis and synthesizing existing and emerging compliance requirements and trends.
- Must successfully complete a criminal background check.
Preferred Qualifications
- Professional experience in a higher education or a not-for-profit organization setting.
- Previous legal, regulatory, audit, and/or compliance experience at large, decentralized organizations.
- Juris Doctorate degree (JD) or a similar combination of legal training and experience.
- Related professional certifications in privacy such as Certified International Privacy Professional/United States (CIPP/US).
- Strong analytical, problem solving, presentation, and interpersonal skills.