Upbound Group

 

Senior Principal, Privacy 

 

Job Description

The Senior Principal of Privacy is responsible for proactively overseeing and managing the organization’s privacy program, ensuring compliance with all applicable privacy laws and regulations and implementation of best practices. This role involves developing and implementing policies and procedures, conducting privacy impact assessments, providing internal training and ensuring organizational awareness, implementing remediation and enhancements, coordinating effectively across departments and providing guidance on privacy-related issues. The Senior Principal of Privacy will work closely with various departments to promote a culture of privacy and ensure the protection of personal data. This role requires a deep understanding of privacy principles, industry best practices, and the ability to translate complex legal and regulatory requirements into actionable business strategies.

 

Responsibilities:

Develop and implement a robust privacy program, including policies, procedures, and standards aligned with domestic and international privacy regulations Oversee the broader policies and standards program for the cybersecurity team. Provide proactive, hands-on leadership for the daily operations of the privacy program, including data breach response, risk assessments, and compliance audits and response to customer data requests Ensure the organization’s compliance with State and Federal privacy laws. Monitor the development and implementation of State privacy laws Work closely with the product team and other internal stakeholders to understand their perspectives, processes, applications, projects, and technologies to ensure compliance with applicable privacy laws, regulations, and industry best practices Conduct privacy impact assessments (PIAs) to assess the privacy implications of new products, services, and systems. Oversee data protection activities, including data mapping, classification, and retention policies. Lead the effort for data classification and retention of structured and unstructured data Manage and respond to data subject access requests (DSARs) and privacy-related inquiries. Collaborate with legal, IT, and business teams to ensure compliance with privacy regulations. Develop and execute privacy training programs for employees, contractors, and business partners. Conduct privacy risk assessments and develop mitigation strategies. Monitor and analyze the privacy landscape to identify emerging risks and trends. Build and maintain strong relationships with data protection authorities (DPAs). Serve as the primary privacy contact for internal and external stakeholders. Develop and implement a privacy incident response plan Develop and maintain metrics to measure the effectiveness of the privacy program. Prepare regular reports for senior management and Board on privacy risks, compliance status, and program effectiveness metrics Depending on the candidate and company needs, potentially lead and manage other privacy team members Fulfill other responsibilities that may be assigned from time to time by the Chief Cybersecurity Officer

Qualifications:

Bachelor’s degree in law, business administration, information technology, or a related field; advanced degree preferred. Minimum of 7-10 years of experience in privacy, data protection, or a related field. In-depth knowledge of global privacy laws and regulations. Strong analytical and problem-solving skills. Ability to manage multiple projects and priorities simultaneously. Experience with privacy impact assessments and data protection impact assessments. Strong leadership skills with the ability to influence and drive change. Experience developing and implementing structure and best practices while maximizing productivity in a fast-growing corporate environment. Able to communicate security and risk-related concepts to both technical and non-technical audiences Ability to inspire and motivate cross-functional, interdisciplinary teams to achieve tactical and strategic goals, an innovative leader, problem solver, and consultant. Ability to evangelize privacy compliance and IT security to make it a critical part of business operations; build trust and respect for the security function. Excellent written and verbal communication, interpersonal and collaborative skills. Experienced with contract and vendor negotiations. Ability to effectively prioritize and execute tasks in high-pressure situations. Knowledge of security, risk and control frameworks and standards Understanding cloud, SaaS, and IoT architectures and their implications on privacy compliance and information security strategy. Security acumen and experience including but are not limited to governance, risk, compliance, privacy, SOX, and PCI Ability to handle confidential matters Professional privacy and security management certification is strongly desirable, such as Certified Information Privacy Professional (CIPP), Certified Information Privacy Manager, Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or other similar credentials. Knowledge of common information security management frameworks like NIST, 800-53, and Cybersecurity Framework is strongly desirable.  Occasional travel may be required for conferences, training, store visits and other Upbound locations This position is based in Plano with required in-office presence

#JD-LI1