Privacy Program Manager

The Privacy Program Manager (PPM) ensures the university’s compliance with global and US privacy regulations, including but not limited to GDPR, FERPA, HIPAA, CCPA, and other regional and global data protection laws. Coordinate efforts between US and global campuses, ensuring consistent application of privacy policies and practices. Collaborate with the Director to manage a university-wide privacy program, addressing both US and global privacy regulations. Participate in the development of privacy policies, frameworks, and risk management protocols consistent across regions and jurisdictions but tailored to specific requirements and cultural contexts. Conduct Privacy Impact Assessments (PIAs) and Data Protection Impact Assessments (DPIAs) to evaluate privacy risks for university programs, third-party services, and international data transfers. Identify risks specific to both US and global data handling activities and develop mitigation strategies. Support the management of privacy incidents across global and US campuses including leading investigations, reporting findings, and recommending improvements to internal controls and compliance protocols. Ensure compliance with federal, state, and global regulations (e.g., GDPR, PIPL) specific to research data. Design and deliver privacy training and awareness programs for faculty, staff, and students across both US and global campuses.

Required Education:
Bachelor's Degree

Preferred Education:
Master's Degree

Required Experience:
5+ years of relevant experience administering compliance or similar programs in a university, government agency, non-profit, corporate environment, or law office, or an equivalent combination of education and experience.

Preferred Experience:
5+ years familiarity with US higher education/government systems and privacy challenges specific to academic institutions. Knowledge of US federal and state regulations regarding data privacy in higher education/government and healthcare. Experience in working with cross-functional teams in a complex, global environment.

Required Skills, Knowledge and Abilities:
Comprehensive knowledge of global and US privacy frameworks. Proven experience in conducting PIAs, DPIAs, and managing privacy incidents across multiple jurisdictions. Certification in privacy (e.g., CIPP/US, CIPP/E, CIPT) or ability to obtain in 12 months. Excellent communication and collaboration skills, particularly in working across regions and with diverse teams. Strong analytical skills with the ability to assess risks, develop mitigation plans, and implement solutions. Experience in training development and promoting privacy awareness in large organizations.

In compliance with NYC's Pay Transparency Act, the annual base salary range for this position is USD $120,000.00 to USD $140,000.00. New York University considers factors such as (but not limited to) scope and responsibilities of the position, candidate's work experience, education/training, key skills, internal peer equity, as well as, market and organizational considerations when extending an offer. This pay range represents base pay only and excludes any additional items such as incentives, bonuses, clinical compensation, or other items.

NYU aims to be among the greenest urban campuses in the country and carbon neutral by 2040. Learn more at nyu.edu/nyugreen.

EOE/AA/Minorities/Females/Vet/Disabled/Sexual Orientation/Gender Identity