About this role
Job Details
The Privacy Program Director responsible for the oversight of the company’s privacy compliance program in alignment with applicable federal and state privacy laws, insurance regulations, and industry best practices. This role ensures that the company protects personal information entrusted by policyholders, employees, agents, and business partners, and that privacy risks are effectively managed throughout the organization’s operations.
This is a critical, high-impact leadership position focused on refining and maturing our enterprise-wide Data Privacy framework. The Privacy Director will drive cross-functional collaboration to continuously enhance policies and controls, mitigate regulatory and reputational risk, and embed a culture of responsible innovation throughout the company.
Key Responsibilities
Oversee the privacy program and compliance framework, including policies, standards, and controls for applicable privacy laws
Provides advice and support on privacy-related implications, data-handling practices, and solution design.
Oversee privacy impact assessments (PIAs) and risk assessments for new products, systems, and vendors
Reviews, drafts, and maintains privacy notices, policies, procedures, consents
Oversee privacy training, promote privacy awareness culture, and serve as the privacy subject matter expert for leadership
Monitor statutes, regulations, case law, and other resources for changes and recommend program updates to ensure ongoing compliance with a focus on compliance with U.S. regulatory frameworks.
Provides guidance in support of cybersecurity incident investigation and response
Oversee consumer rights request processes (access, correction, deletion, opt-out) and ensure timely, compliant handling
Review and provide advice relative to data privacy terms in vendor contracts and business associate agreements
Independently manage multiple privacy initiatives under tight timelines with changing priorities and limited resources
Perform all other tasks and activities assigned from time to time
Requirements
Bachelor’s degree in Law, Business, Information Management, or related field; JD or Master’s preferred
7+ years of experience in privacy, data protection, compliance, or related regulatory roles, including at least 4 years working directly on privacy/data protection initiatives, preferably in the insurance services sector
Experience implementing or managing privacy programs under frameworks such as CCPA/CPRA, GLBA, or ISO/IEC 27701
In-depth understanding of U.S. privacy and data protection laws and regulations and impact in the insurance or financial services industry
Understanding of technologies used to protect sensitive data and monitor compliance
Proficiency in privacy program governance, risk assessments, and third-party oversight tools
Excellent organization and project management skills, with the ability to influence and collaborate effectively with people at all levels of the company
Attention to detail and documentation discipline
Strategic thinking with hands-on execution capability
Extremely comfortable operating with ambiguity and addressing complex business questions
Strong communication skills, both written and oral
Strong analytical and research skills
Preferred
CDPSE, CIPP/US, CISA, CIPM, or CISM certification