VP, Privacy
About the role
Job Summary:
The Vice President, Privacy develops and implements policies, governance structures, and operational processes resulting in the responsible collection, use, storage, and protection of personal data. The Vice President, Privacy reports into the Legal Department, while partnering with Compliance, Technology, the People Team, Marketing, and executive leadership to embed privacy into business strategy and operations.
This position will be a strategic contributor to company direction and growth. The position will be adept in stakeholder management and an articulate internal and external communicator. They will have the ability to explain complex issues concisely and answer questions with appropriate detail and understanding.
This role requires strong communication, leadership, and executive presence when representing the firm with executives, employees, and other key parties. The position will work hand in hand with the General Counsel to push for broader, deeper strategic thinking and must be able to deliver compelling ideas in a room with some of the industry’s most experienced and innovative executives.
Essential Job Functions for this role include:
- Privacy Strategy & Governance: Define and execute a comprehensive privacy strategy aligned with business goals, regulatory requirements, and industry best practices.
- Regulatory Compliance: Responsible for compliance with global privacy laws (e.g., SEC Regulation S‑P, GLBA, CCPA/CPRA, GDPR, PIPEDA, state-level privacy laws), including AI tools, models, and workflows. Monitor regulatory changes and lead organizational readiness.
- Policy Development: Create, maintain, and enforce privacy policies, standards, and data-handling procedures across the enterprise, and develop and report on compliance metrics.
- Risk Management: Lead privacy risk assessments, DPIAs, vendor risk reviews, and audits. Identify gaps and drive remediation.
- AI Policies and controls: Develop and implement AI‑specific data‑handling policies and controls, including rules for input restrictions, redaction, anonymization.