Senior Director, Data Privacy

Job Description

The Senior Director of Data Privacy is responsible for the planning, assessment, design, and building of a right-sized data privacy program compliant with industry standards to enable the execution of PBS's digital and marketing strategies for content distribution while mitigating risks to PBS and PBS consumers. Further, this role will maintain and enable PBS to be compliant with data privacy laws and regulations that govern the collection, privacy, and security of consumer information gathered through PBS's digital products.

Key responsibilities will include, but are not limited to:
• Maintain, develop, and implement PBS's privacy program in line with applicable state and federal privacy laws and the resulting privacy policies, procedures, and documentation for the processing of personal data in coordination with appropriate members of the organization (e.g., business process owners, product managers, legal, information security, etc.)
• Establish and work with a multidisciplinary team of external stakeholders, including consulting firms, technology vendors, legal counsel, and others to ensure execution, delivery, and maintenance of PBS's data privacy program.
• Establish and work with a multidisciplinary team of internal stakeholders, including audit, HR, legal, business process owners, product owners, digital and marketing teams, IT, security, and others to ensure enterprise-wide coverage of the privacy discipline.
• Lead organizational change management efforts across all applicable business units to ensure adoption and compliance of new data privacy processes and procedures is achieved.
• Effectively manage a multi-year data privacy program and fixed budget to maximize return on investment and business outputs.

Requirements for success:

Experience r equirement :
• 10 to 1 5 years of experience in privacy, data protection, security, risk management, auditing and/or compliance, preferably in the media and entertainment industry.
• A deep working knowledge of state, federal , and international privacy laws, regulations , and industry best practices.
• Experience in auditing frameworks and international standards, such as the NIST Privacy Framework, ISO/IEC 27701, NIST 800-53, etc. Experience as an auditor is a plus.
• Experience managing multi-year projects, programs, and budgets is desired.

Education and/or certification requirement:
• Bachelor's degree or higher in business administration, finance, accounting, computer science , law , or a related discipline is required .
• An advanced degree in business ( MBA ), information science (MIS), law ( LLM/MSL/ JD) , information security ,
or a related field is highly preferred .
• The ideal candidate will have a combination of a legal or business degree with a technical or computer science degree.
• The candidate has one or more of: Certified Information Privacy Professional (CIPP), Certified Information Privacy Management (CIPM), and/or Certified Information Privacy Technologist (CIPT) ; OR the candidate has two
or more of: Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM) and Certified Information Systems Auditor (CISA).

Skills and abilities:
• Strong analytical and problem resolution skills.
• Sound business judgment, with the ability to think strategically and give practical advice by balancing business needs with legal risks.
• Strong written and verbal communication skills, as well as the ability to work well with a diverse client base.
• Knowledge of the privacy aspects of the product development life cycle, data handling and asset classification, and knowledge of the role of a privacy professional in ensuring that customer data is properly managed .
• Interest in national and international privacy developments, constitutional privacy guarantees, international privacy guidelines and principles, privacy by design, protection by default, data subject's rights, privacy accountability and minimal disclosure.
• Ability to articulate the importance of customer privacy. Comfort with promoting privacy up and down the management chain, including audiences who have varying levels of familiarity with the topic. Ability to maintain proper documentation, relevant records, and archives in an orderly, transparent fashion.
• Knowledge of software development life cycles (SDLCs) is beneficial.

Preferred qualifications :
• Expert knowledge in data discovery, data classification, risk mapping, data retention , cookie and preference management, and subject rights management is required .
• Strong foundational knowledge of US laws and regulations, such as VPPA, COPPA, Gramm-Leach-Bliley Act (GLBA), Privacy Shield certification process, and US (state and federal) privacy laws; to include but not limited to CPPA, CPRA, and VCDPA is desired.
• Basic knowledge
of the EU e-Privacy Directive, the EU's e-Privacy Regulation ( ePR ) and the EU General Data Protection Regulation (GDPR) is beneficial.
• Experience with Standard Contractual Clauses, Binding Corporate Rules, APEC Cross-Border Privacy Rules for international data transfers is beneficial.

PBS is an Equal Opportunity Employer in accordance with the EEOC and the Commonwealth of Virginia.

Jobcode: Reference SBJ-g3712n-18-119-235-189-42 in your application.