Apply on Employer Site

Nordstrom · 1 week ago

Director, Privacy Operations and Governance (Hybrid - Seattle)

Seattle, WA

Full-time

Hybrid

Director/Executive

$200K/yr - $332K/yr

10+ years exp

Nordstrom is a leading retail company, and they are seeking a Director of Privacy Operations and Governance. In this role, you will lead the design and implementation of privacy and governance programs, ensuring compliance with U.S. privacy regulations while managing cybersecurity governance risks across the enterprise.

E-CommerceFashionRetail

Responsibilities

Lead the design, implementation, and management of enterprise-wide privacy and governance operations

Build and scale privacy operations processes including Privacy Impact Assessments (PIA), data subject rights workflows, and privacy-by-design reviews

Develop governance frameworks defining roles, responsibilities, and accountability structures for data privacy risk

Own lifecycle management of privacy and cybersecurity policies: creation, review, approval, and updates

Ensure compliance with U.S. privacy laws (CCPA/CPRA, Colorado CPA, Virginia VCDPA, Connecticut, Utah, and emerging state laws)

Establish a comprehensive governance model to measure and track the maturation of the overall cybersecurity program on a regular basis

Create governance reporting mechanisms and executive dashboards for program maturity and risk posture

Lead incident response for privacy breaches, including investigation, documentation, and regulatory reporting

Define KPIs and KRIs for privacy and cybersecurity governance programs with regular leadership reporting

Conduct maturity assessments and gap analyses to identify improvement opportunities

Develop and deploy privacy and governance training programs with role-based curricula

Oversee vendor privacy risk assessments and ensure appropriate contractual terms (DPAs, BAAs)

Implement data classification schemes, ownership models, and lifecycle management processes

Serve as operational privacy and governance expert across departments, partnering with Legal and Cybersecurity to ensure program alignment

Develop and manage a roadmap informed by governance insights to prioritize initiatives and allocate resources effectively

Build relationships with business leaders as a trusted advisor on privacy and governance matters

Qualification

Privacy Operations ManagementGovernance FrameworksU.S. Privacy RegulationsCybersecurity GovernanceData ProtectionRisk ManagementGRC Tools ProficiencyVendor ManagementTraining DevelopmentStakeholder EngagementAnalytical SkillsLeadership SkillsCollaboration SkillsCommunication SkillsPresentation Skills

Required

Bachelor's degree; JD, MBA, or relevant advanced degree preferred or equivalent experience

10+ years in privacy, data protection, governance, compliance, or risk management, with 8+ years in leadership roles

Experience building governance frameworks in complex, multi-functional organizations

Strong knowledge of U.S. privacy regulatory landscape and practical operationalization experience

Expertise in governance frameworks, policy management, and program execution

Deep understanding of the retail business domain, including experience with online, phone order, and physical store sales channels

Knowledge of how privacy and regulatory requirements can be met across a diverse set of technical environments—from legacy mainframe computers to containers in the cloud

Strong bias for results and can operate with autonomy to address bottlenecks, provide escalation management, anticipate and make trade-offs, and encourage behavior to maximize business benefit

Highly collaborative skillsets and can build and leverage relationships with internal and external stakeholders

Proven ability to lead cross-functional teams and enterprise initiatives

Excellent written and verbal communications, including presentation skills, and proven ability to effectively communicate with all levels of the organization, including executive leadership