Relocation Benefits Available
Generic Position Summary
As a member of the professional staff, contributes a high level of specialized knowledge and skill in a discipline (e.g., Accounting, Finance, Human Resources, Inventory, Revenue Management, Information Resources, Operations Planning & Support, Sales & Marketing) area to support department and/or function objectives. Generally, works with considerable independence, developing operating plans and related operational processes for own department in alignment with broader business objectives.
Business Context
Marriott Vacations Worldwide (MVW) is a leading global vacation company that offers vacation ownership, exchange, rental and resort and property management, along with related businesses, products, and services. The Company has over 120 vacation ownership resorts and approximately 700,000 owner families in a diverse portfolio that includes some of the most iconic vacation ownership brands. The Company also operates exchange networks and membership programs comprised of nearly 3,200 affiliated resorts in over 90 countries and territories, as well as provides management services to other resorts and lodging properties.
As a leader and innovator in the vacation ownership industry, the Company upholds the highest standards of excellence in serving its customers, investors and associates while maintaining exclusive, long-term relationships with Marriott International, Inc. and Hyatt Hotels Corporation for the development, sales and marketing of vacation ownership products and services.
The vision of MVW is to strive to build long-lasting relationships with their Owners, Members, customers, and associates to help them live their lives to the fullest. Innovation. Integrity. Excellence. This is the story of MVW. And while the company spans brands and businesses, decades and continents, their shared inspiration continues to drive them forward: delivering unforgettable experiences that make vacation dreams come true.
Global Technology (GT) Context
The Global Privacy Office (GPO) is part of the Global Technology (GT) team at Marriott Vacations Worldwide (MVW), which is on a multi-year journey to modernize technical and digital products and platforms across all business lines. As part of the GT team, the GPO is continuing to mature and morph to align to the changing eco-system.
Specific Job Summary
The Assistant Vice President, Privacy Operations, reports to the VP, Data Privacy (acting as the Chief Privacy Officer) to lead and manage the Global Privacy (GP) Operations program (the “program”), and provide compliance oversight of global privacy laws and regulations. The role maintains awareness of federal, state, and international privacy laws and standards and applies this knowledge to MVW business processes and systems including information privacy automation technologies and tools.
The AVP, Privacy Operations manages the planning, implementation, and management of privacy operations program in all countries where MVW operates, approx. 80 countries. Operations include DSARs (data subject access requests), assessments, data mapping, etc., with metrics to proactively enhance the company’s GP Operations privacy program. Responsibilities includes, but are not limited to, managing daily operations of the program, development, implementation and maintenance of policies and procedures, DPIAs (data privacy impact assessments), records of processes, investigations, and tracking of required reporting to promote customer trust through transparency and ensuring customers’ rights are upheld.
As a leadership role within the GPO, this position will interact with departments globally across the enterprise. This includes management to senior leadership levels at corporate and site-based locations. This candidate will possesses deep knowledge and expertise in interpreting and applying global laws and regulations pertaining to data protection and privacy, with a nuanced understanding of jurisdictional differences in the approach to regulation.
Key Results
MVW privacy policies aligned with brand-specific processing activities and implemented across all brands.
Data subject requests processed across all brands in a manner compliant with the appropriate regulation.
Internal and external privacy risks identified through privacy investigations.
Operational metrics developed that support continuous improvement of the various programs.
Comprehensive consent and preference centers aligned to each brands specific needs while focusing on empowering business operations.
Working Relationships
Resort Operations Leaders
Marketing & Sales Leaders
Global Technology Functional Leaders
Data & Analytics
Internal Audit
Legal Counsel
Risk Management
Finance & Accounting
Procurement
Human Resource Leaders
External Privacy Regulators
Generic Expected Contributions
Develops operating plans and workable business processes for own department in alignment with function strategy.
Manages business processes and/or projects, setting priorities and measurable objectives, monitoring and reporting on the process, progress and results.
Responds to, solves, and makes decisions on business requests that have broad department impact and/or moderate risk.
Presents alternative solutions to business issues by collaborating with internal business and IT partners.
Responsible for individual work and contributing to team, department, and/or business results.
Directs work of non-management staff. Typically influences work of cross-functional or extended teams.
Assists more senior associates in achieving business results by:
acting in a consultative fashion to implement programs impacting the organization
assisting in the development and communication of organizational goals
achieving results against budget within scope of responsibility
taking calculated risks to move the department or team forward
developing and using systems to organize and keep track of information
balancing the interests of own group with the interests of the organization
working with others to identify and remove barriers to success
Readily critiques own behavior to acknowledge mistakes and improve future leadership performance and acts independently to improve and increase skills and knowledge.
Performs other duties as appropriate.
Specific Expected Contributions
Develops and implements processes to identify and address evolving privacy and data protection risks inherent in the Company’s operations and in the development of new products and services.
Designs, implement and execute company-wide data privacy processes and procedures. Continually updating such processes and procedures, as necessary.
Ensures organizational compliance and conformance with privacy / data protection principles and highlight key risk areas to the board.
Provides development guidance and assists in the identification, implementation, and maintenance of organization information privacy policies and procedures in coordination with key stakeholders such as legal.
Maintains and establishes a register of data owners for sets of information and educate the data owners on their responsibilities (what is data, how is it used, who has access to it).
Maintains data flow maps as necessary.
Initiates, facilitates, and promotes activities to foster information privacy awareness within the organization and related entities.
Maintains current knowledge of applicable privacy laws and accreditation standards, and monitors advancements in information privacy technologies to ensure organizational adaptation and compliance.
Guides staff and project management in conducting documented Privacy Impact Assessments including both risk analysis and mitigation.
Ensures compliance with privacy practices and consistent application of sanctions for failure to comply with privacy policies for all individuals in the organization’s workforce, extended workforce, and for all business associates, in cooperation with Human Resources, the information security officer, administration, and legal counsel as applicable.
Manages all aspects (hiring, training, mentoring, resource management, and termination) of a globally dispersed multi-disciplinary team, contractors, vendors, or other similar resources that collaborate with multiple levels across the organization.
Manages contracts or vendor service agreements. Contributes to establishing organizational business objectives.
Performs other similar duties as assigned.
Generic Candidate Profile
Successful candidates should possess knowledge and experience and demonstrate strong leadership and relationship skills as follows:
Generally, a professional position with specific knowledge and experience in a discipline (e.g., Accounting, Human Resources, Information Technology) as well as associate management experience. College degree and/or relevant experience typically required.
Specific Candidate Profile
Education
Bachelor’s degree required in a related field or equivalent work experience.
Advanced degree in privacy law or related field preferred.
Certifications Required
IAPP CIPP
Certifications Preferred
Data Privacy certification from IAPP (CIPT, CIPM, etc.)
ISACA CRISC or CDPSA
OneTrust Certification
Appropriate HIPAA Privacy certification
Experience
At least 10 years of progressive experience in Information Technology, Security, Privacy, Legal, Audit or related fields of study.
Progressive experience developing and implementing measures to comply with EU data protection requirements in a large global organization strongly preferred.
Experience developing and implementing measures to comply with EU data protection requirements in a large global organization strongly preferred.
Proven ability to distill complex and often ambiguous legal concepts into effective operational solutions.
Demonstrated ability to translate privacy and security regulations and/or standards into workable and implementable solutions
Proven experience with change management and communications in matrix corporate structure operating in international jurisdictions.
Skills/Attributes
Analytical and Strategic Thinking
Develop and execute comprehensive privacy strategies aligned with corporate objectives and regulatory compliance.
Analyze global privacy trends, legal changes, and emerging risks to anticipate their impact on the hospitality industry.
Design metrics and KPIs to measure the effectiveness of privacy policies and initiatives.
Investigation and identify gaps in privacy compliance across operations.
Provide strategic guidance to integrate privacy considerations into new hospitality technologies and customer engagement strategies.
Technical
Deep understanding of privacy laws and regulations, such as GDPR, CCPA, and APPI, and their operational implications.
Familiarity with privacy frameworks, data protection techniques (e.g. pseudonymization, encryption, anonymization, masking, etc.) and privacy-enhancing technologies (PETs).
Expertise in managing Data Subject Requests.
Thorough understanding of privacy notices and policies and required elements for multiple geographies.
Comprehensive understanding of the principles supporting consent
Collaborate with Global Tech teams to implement risk-mitigating controls.
Project Management Skills
Lead cross-functional teams to implement privacy programs across multiple business units and geographic locations.
Develop timelines, milestones, and budgets for privacy compliance projects.
Ensure timely delivery of privacy initiatives, including audits, policy updates, and training programs.
Manage incident response plans for data breaches, ensuring swift resolution and regulatory reporting.
Oversee vendor and third-party privacy compliance assessments.
Interpersonal
Communication:
Proven verbal and written communication skills to convey technical concepts to non-technical stakeholders in easy-to-understand ways.
Able to contribute ideas that challenge assumptions and thinking.
Build relationships with stakeholders across marketing, operations, legal, and IT to foster a culture of privacy.
Communicate complex privacy concepts to non-technical audiences, including executives and frontline employees.
Customer Focus:
Commitment to a strong customer service orientation to understand and address internal client needs effectively.
Ability to build empathy with key stakeholders in the course of their daily work.
Advocate for customer trust and transparency in all privacy-related communications and policies.
Collaboration:
Proven ability to collaborate within the Global Technology organization at all levels, vendors, and Managed Service providers to architect solutions and oversee successful project implementations.
Mediate between teams during privacy disputes or conflicting priorities, ensuring solutions that align with compliance.
Leadership Courage:
Ability to influence at all levels, lead, motivate, and inspire team members, driving successful implementation and adoption of group product features and solutions.
Serve as a trusted advisor to the leadership team on privacy matters, balancing business goals with regulatory requirements.
Additional Attributes
Strong ethical foundation and commitment to upholding customer privacy and data security.
Proactive and adaptable in responding to the dynamic regulatory landscape of the hospitality industry.
Detail-oriented with a focus on accuracy and compliance in all privacy-related documentation.
Coaching and Training: Leadership skills to inspire and mentor a team of privacy professionals as well as the ability to identify critical learning objectives for user groups and partner with learning program designers in support of developing technical training programs and collateral. Proven ability to deliver both in class and on-line technical training sessions. Curiosity and Continuous Learning: Commitment to, staying informed of emerging PETs (Privacy-Enhancing Technologies), privacy standards, and industry best practices.
Adaptability: Flexibility to adapt to changing project requirements and organizational dynamics within a matrixed organizational structure.
Problem-Solving: Proactive approach to identifying and addressing potential issues before they escalate.
Marriott Vacations Worldwide is an equal opportunity employer committed to hiring a diverse workforce and sustaining an inclusive culture.