Position Summary
As a member of the professional staff, contributes a high level of specialized knowledge and skill in a discipline (e.g., Accounting, Finance, Human Resources, Information Technology, Operations Planning & Support, Sales & Marketing) area to support department and/or function objectives. Generally, works with considerable independence, developing operating plans and related operational processes for own department in alignment with broader business objectives.
Specific Job Summary
The Director, Data Privacy, will report to and assist the AVP Privacy Compliance & Risk Management to ensure compliance with privacy laws and regulations globally. The role maintains an awareness of federal, state, and international privacy laws and standards and applies this knowledge to MVWC business processes and systems including information privacy automation technologies and tools.
The role is responsible for responding to and proactively managing privacy various aspects of the global privacy program. The privacy program is responsible for ensuring privacy is part of the MVW fabric which stretches across 80+ countries. The role should have a solid understanding of key privacy laws across the globe such as GDPR, APPI, CCPA, and PDPA to name a few. Ares of involvement may range from privacy operations (DSRs, Incident Response, Notice & Policy), Privacy Compliance and Risk (PIA, TIA, DPIA, ROPA), Privacy Architecture and Engineering (Cookies, OneTrust, PET enablement, PbD), as well as AI risk assessments. This includes, but is not limited to, managing others daily work, overseeing key programs, development, implementation and maintenance of policies and procedures to ensure MVW is operating transparently and building trust with our customers.
The position will interact with departments globally across the enterprise. This includes management to senior leadership levels at corporate and site-based locations.
Expected Contributions
- Performs more complex quantitative and qualitative analysis for business processes and/or projects. Often manages small projects, business processes or parts of larger ones.
- Responds to, solves and makes decisions on more complex/non-routine business requests with limited to moderate risk.
- Responsible for own work and contributing to team, department and/or business results. May direct work of non-management staff.
- Assists more senior associates in achieving business results by:
- identifying opportunities to enhance the effectiveness of business processes.
- providing training and technical guidance to less senior staff, where appropriate, and serving as point-of-contact for problem resolution.
- participating in setting department operating plans.
- recognizing and celebrating team successes.
- achieving results against budget within scope of responsibility.
- Demonstrates an awareness of personal strengths and areas for improvement and acts independently to improve and increase skills and knowledge.
- Performs other duties as appropriate.
Expected Contributions
- Oversee privacy related business process data mapping for global regulations (including GDPR and CCPA as examples)
- Oversee privacy reviews of new systems, applications, and third-party data sharing relationships
- Manage contract reviews and input for privacy-related engagements
- Maintain and update privacy process and related documentation across the enterprise
- Assist in the drafting, implementation and maintenance of the company’s information privacy policies and procedures
- Manage recertification process of privacy policies, and global regulation documentation (including GDPR and CCPA as examples)
- Development and maintenance of Privacy Office SharePoint site for the enterprise
- Facilitate development and maintenance of privacy training materials and other communications to raise awareness and drive cultural change for data privacy awareness with associates and third parties
- Partner with Information Security, Procurement, Human Resources, Global Technology, Law department, and Business Relationship Managers to conduct investigations, privacy by design reviews, intake assessments and recommend opportunities for improvements
- Optimize, configure, and manage the technology tools used to support global privacy program
- Recommend improvements and automation in privacy processes that can be enhanced through technology
- Lead MVW’s efforts to improve customers’ data transparency needs
- As needed, perform initial and ongoing privacy risk assessments (e.g. TIAs, PIAs, DPIAs, AI Risk Assessments) and conduct related ongoing compliance and risk monitoring activities in coordination with the entity’s other compliance and operational assessment functions.
- As needed, lead and/or support privacy investigations.
- Act as a key advisor in the development of risk management and risk treatment plans while aligning with Business risk appetite, and work with relevant Risk Control owners for implementation and ongoing treatment, as required.
- Assist in the drafting, implementation and maintenance of the company’s information privacy policies and procedures
- Monitor adherence to MVWC’s risk management framework and measuring compliance risk ensuring that reviews are conducted consistently across the enterprise on a regular basis to confirm that controls identified are operating effectively
- Design and implement complex analyses of comparative and historical data, related to current status and identify trends.
- Maintain an enterprise record of processing activities (ROPAs)
- Assist in maintaining and enhancing global cookie and similar technology compliance.
- Privacy Operations
- Provide privacy program leadership for Privacy Operations
- Lead and investigate privacy incidents
- Monitor and oversee the management of the Privacy Mailbox
- Collaborate with the Law department and other stakeholders on privacy matters as needed
- Review Data Loss Prevention quarantined files and recommend disposition
- Assist in auditing of required federal subpoenas for Right to Financial Privacy Act
- Manage and document the processes required for Data Subject Access Requests (DSARs) and conduct required follow up.
- Privacy Risk and Compliance
- Provide privacy program leadership for Privacy Compliance & Risk Management
- Lead the documentation of privacy risks
- Oversee that privacy risks in MVWC are effectively identified, measured, monitored, and controlled, in consistent ways with the organization's risk appetite statement and applicable policies and procedures established within the risk management and governance framework
- Collaborate with the Law department and other stakeholders on privacy matters as needed
- Collaborate and develop synergies with the Enterprise Risk Management team and other stakeholders on privacy risk matters as needed
- Lead the design, development and delivery of ongoing privacy metrics as it pertains to privacy compliance and risk management
- Lead as a privacy risk management subject matter expert and consult with internal and external stakeholders on a wide array of initiatives, as it relates to privacy risks
- Manage and maintain Data Privacy Impact Assessments (DPIAs), Transfer Impact Assessments (TIAs), Privacy Impact Assessments (PIAs), AI Risk Assessment on existing and new processing activities of personal information and update flagged risks and mitigating treatment plans as needed
- Manage privacy risks during business decision-making, ensuring the protection of the organization’s reputation and assets, and exercise sound ethical judgment in personal and professional conduct, and transparently escalate, manage, and report control issues
- Privacy Architecture & Engineering
- Lead and manage a team of talented privacy architects and engineers, providing strategic direction and technical expertise.
- Partner with product, engineering, legal, digital brands, global tech, and compliance teams to ensure privacy is embedded throughout the software development lifecycle.
- Lead the design, development, implementation, and integration of the privacy technology stack.
- Develop and implement technical solutions for data privacy, including data anonymization, pseudonymization, and access control mechanisms.
- Oversee the cookie compliance program that ensures that all MVW websites are compliant with the applicable laws.
- Identify and implement technologies that support automation of various privacy functions such as data subject access request, data mapping, and data discovery
- Collaborate with Data Governance to identify and implement technology to support the minimization of regulated data in the lower environment.
- Coordinate and negotiate with vendors and contractors on data privacy technology requirements.
Candidate Profile
Successful candidates should possess knowledge and experience and demonstrate strong leadership and relationship skills as follows:
Generally, a professional position requiring significant knowledge and experience in one or more disciplines and/or business operations as well as associate and/or organizational management experience. College degree and/or relevant experience generally required.
Specific Candidate Profile
Education
- Bachelor’s degree required or at least 7 years privacy experience; advanced degree preferred.
- Data Privacy certification such as Certified Information Privacy Professional (CIPP); or Certified Information Privacy Manager (CIPM); preferred
Experience
- At least 10 years of progressive professional experience in Privacy, Legal, Compliance, Information Security, Technology, Audit, Risk Management or related fields
- Proven experience in the area of Privacy, Information Security, Risk Management, Technology, SOX, or similar field
- Strong personal, analytical and communications skills.
- Demonstrated ability to translate regulations and/or standards into workable and implementable solutions.
- Proven experience with change management in an international organization.
- Experience using the One Trust or other privacy management platform preferred.
- Multilingual capabilities (read, speak and write), a plus.
Skills/Attributes
Successful candidates should possess knowledge and experience and demonstrate strong leadership and relationship skills as follows:
- Demonstrated ability to communicate complex and technical information in an easily understood and actionable manner
- Strong interpersonal and relationship building skills
- Excellent prioritization and pragmatic problem-solving skills
- Organizational skills to manage multiple, concurrent project and task assignments
- High degree of business acumen and analytical thinking
- Project management skills and the ability to work both independently and as part of a team and across levels of the organization
- Ability to work in a team environment and interact with all levels of the organization.
- High attention to detail
- Ability to present complex information to leadership
- Proven ability to lead, implement, and manage change.
- Goal oriented; self-motivated.
Marriott Vacations Worldwide is an equal opportunity employer committed to hiring a diverse workforce and sustaining an inclusive culture.