Director, Privacy Program

The Director, Privacy Program leads the university's global and US privacy compliance program. Develop and implement a strategic plan for the privacy program leveraging subject matter expertise, to ensure the university safeguards personal information and adheres to all applicable privacy regulations, including but not limited to GDPR, FERPA, HIPAA, CCPA, PIPL, and other regional and global data protection laws. Lead the management of privacy incidents across global and US campuses. Ensure timely and thorough incident investigations, with appropriate documentation and regulatory notifications. Report on privacy program performance, compliance status, and incident response activities to the Chief Privacy & Data Officer. Serve as a liaison advising on privacy-related risks and initiatives to foster a strong privacy-centric culture across the organization. Develop a comprehensive education and training program to ensure the NYU community has a foundational understanding of the privacy rights of individuals and their responsibilities and obligations as a member of the NYU community. Manage the University Privacy Managers, students, and vendors to coordinate privacy efforts across all university campuses, both domestic and international. This includes developing and maintaining comprehensive privacy policies, frameworks, and risk management protocols that are tailored to the unique requirements and cultural contexts of each region. Develop and implement a privacy by design (PbD) program with responsibility for personal information through the full data life cycle.

Required Education:
Bachelor's Degree

Preferred Education:
Master's Degree

Required Experience:
10+ years of experience in a privacy compliance-related discipline, or equivalent combination of education and experience. Must include experience drafting and implementing short and long-term program strategy including developing and implementing policies, programs, and procedures to guide university and unit privacy compliance initiatives. 3+ years of experience in information/cybersecurity.

Preferred Experience:
2+ years of experience with risk rating and modeling. Experience conducting risk-based compliance assessments and root cause analysis. Experience working directly with internal or external auditors and with committee structures and forming committees. Prior experience with management systems and business analysis activities. Experience working in higher education.

Required Skills, Knowledge and Abilities:
Demonstrated understanding of privacy frameworks and their applicability to higher education or similar industries. Ability to identify and assess privacy risks and navigate a decentralized environment. Ability to develop strategy and activities and milestones to support strategy. Ability to partner with a technology team to assess, recommend, and implement strategies to ensure data is accessible, reliable, and protected through the technology lifecycle. Strong critical thinking skills and analysis to solve problems. Effective communication skills with internal stakeholders, team members, peers, and leadership. Excellent written and verbal communication skills and interpersonal skills. Strong analytical and organizational skills, including demonstrated effective project, task, and time management skills. Demonstrated ability to respond and communicate with stakeholders during urgent situations and to create after-action plans and follow-ups. Knowledge of the legislative process and the regulatory environment that influence higher education and R01 institutions. Ability to interpret and explain complex privacy regulations and translate legal and regulatory requirements into clear and effective communications, policies, processes, and practices. Willingness to engage on difficult issues and work with others with transparency and fairness. In-depth knowledge of privacy frameworks and best practices (e.g. GDPR, CCPA, FERPA, HIPAA). Proven track record of developing and leading comprehensive privacy programs in complex, global organizations. Excellent communication, collaboration, and leadership skills to work effectively with cross-functional teams. Strong analytical and problem-solving abilities to assess risks, develop mitigation strategies, and implement solutions. Experience in training development and promoting privacy awareness across an organization. Privacy certification (e.g. CIPP/US, CIPP/E, CIPT) or ability to obtain within 12 months.

In compliance with NYC's Pay Transparency Act, the annual base salary range for this position is USD $155,000.00 to USD $195,000.00. New York University considers factors such as (but not limited to) scope and responsibilities of the position, candidate's work experience, education/training, key skills, internal peer equity, as well as, market and organizational considerations when extending an offer. This pay range represents base pay only and excludes any additional items such as incentives, bonuses, clinical compensation, or other items.

NYU aims to be among the greenest urban campuses in the country and carbon neutral by 2040. Learn more at nyu.edu/nyugreen.

EOE/AA/Minorities/Females/Vet/Disabled/Sexual Orientation/Gender Identity