Job Description

Position Summary

As a member of the professional staff, contributes a high level of specialized knowledge and skill in a discipline (e.g., Accounting, Finance, Human Resources, Information Technology, Operations Planning & Support, Sales & Marketing) area to support department and/or function objectives. Generally, works with considerable independence, developing operating plans and related operational processes for own department in alignment with broader business objectives. 

Specific Job Summary

The Director, Data Privacy, will report to and assist the AVP, Privacy Operations to ensure compliance with privacy laws and regulations globally. The role maintains an awareness of federal, state, and international privacy laws and standards and applies this knowledge to MVWC business processes and systems including information privacy automation technologies and tools.

The role is responsible for responding to and proactively managing privacy various aspects of the global privacy program. The privacy program is responsible for ensuring privacy is part of the MVW fabric which stretches across 80+ countries. The role should have a solid understanding of key privacy laws across the globe such as GDPR, APPI, CCPA, and PDPA to name a few. Ares of involvement may range from privacy operations (DSRs, Incident Response, Notice & Policy), Privacy Compliance and Risk (PIA, TIA, DPIA, ROPA), Privacy Architecture and Engineering (Cookies, OneTrust, PET enablement, PbD), as well as AI risk assessments. This includes, but is not limited to, managing others daily work, overseeing key programs, development, implementation and maintenance of policies and procedures to ensure MVW is operating transparently and building trust with our customers.

The position will interact with departments globally across the enterprise. This includes management to senior leadership levels at corporate and site-based locations.

Expected Contributions

Performs more complex quantitative and qualitative analysis for business processes and/or projects. Often manages small projects, business processes or parts of larger ones.Responds to, solves and makes decisions on more complex/non-routine business requests with limited to moderate risk. Responsible for own work and contributing to team, department and/or business results. May direct work of non-management staff.Assists more senior associates in achieving business results by:identifying opportunities to enhance the effectiveness of business processes.providing training and technical guidance to less senior staff, where appropriate, and serving as point-of-contact for problem resolution.participating in setting department operating plans.recognizing and celebrating team successes.achieving results against budget within scope of responsibility.Demonstrates an awareness of personal strengths and areas for improvement and acts independently to improve and increase skills and knowledge.Performs other duties as appropriate.

Expected Contributions

Oversee privacy related business process data mapping for global regulations (including GDPR and CCPA as examples)Oversee privacy reviews of new systems, applications, and third-party data sharing relationshipsManage contract reviews and input for privacy-related engagementsMaintain and update privacy process and related documentation across the enterpriseAssist in the drafting, implementation and maintenance of the company’s information privacy policies and proceduresManage recertification process of privacy policies, and global regulation documentation (including GDPR and CCPA as examples)Development and maintenance of Privacy Office SharePoint site for the enterpriseFacilitate development and maintenance of privacy training materials and other communications to raise awareness and drive cultural change for data privacy awareness with associates and third partiesPartner with Information Security, Procurement, Human Resources, Global Technology, Law department, and Business Relationship Managers to conduct investigations, privacy by design reviews, intake assessments and recommend opportunities for improvementsOptimize, configure, and manage the technology tools used to support global privacy programRecommend improvements and automation in privacy processes that can be enhanced through technologyLead MVW’s efforts to improve customers’ data transparency needsAs needed, perform initial and ongoing privacy risk assessments (e.g. TIAs, PIAs, DPIAs, AI Risk Assessments) and conduct related ongoing compliance and risk monitoring activities in coordination with the entity’s other compliance and operational assessment functions.As needed, lead and/or support privacy investigations.Act as a key advisor in the development of risk management and risk treatment plans while aligning with Business risk appetite, and work with relevant Risk Control owners for implementation and ongoing treatment, as required.Assist in the drafting, implementation and maintenance of the company’s information privacy policies and proceduresMonitor adherence to MVWC’s risk management framework and measuring compliance risk ensuring that reviews are conducted consistently across the enterprise on a regular basis to confirm that controls identified are operating effectivelyDesign and implement complex analyses of comparative and historical data, related to current status and identify trends.Maintain an enterprise record of processing activities (ROPAs)Assist in maintaining and enhancing global cookie and similar technology compliance.Privacy OperationsProvide privacy program leadership for Privacy OperationsLead and investigate privacy incidentsMonitor and oversee the management of the Privacy MailboxCollaborate with the Law department and other stakeholders on privacy matters as neededReview Data Loss Prevention quarantined files and recommend dispositionAssist in auditing of required federal subpoenas for Right to Financial Privacy ActManage and document the processes required for Data Subject Access Requests (DSARs) and conduct required follow up.Privacy Risk and ComplianceProvide privacy program leadership for Privacy Compliance & Risk ManagementLead the documentation of privacy risksOversee that privacy risks in MVWC are effectively identified, measured, monitored, and controlled, in consistent ways with the organization's risk appetite statement and applicable policies and procedures established within the risk management and governance frameworkCollaborate with the Law department and other stakeholders on privacy matters as neededCollaborate and develop synergies with the Enterprise Risk Management team and other stakeholders on privacy risk matters as neededLead the design, development and delivery of ongoing privacy metrics as it pertains to privacy compliance and risk managementLead as a privacy risk management subject matter expert and consult with internal and external stakeholders on a wide array of initiatives, as it relates to privacy risksManage and maintain Data Privacy Impact Assessments (DPIAs), Transfer Impact Assessments (TIAs), Privacy Impact Assessments (PIAs), AI Risk Assessment on existing and new processing activities of personal information and update flagged risks and mitigating treatment plans as neededManage privacy risks during business decision-making, ensuring the protection of the organization’s reputation and assets, and exercise sound ethical judgment in personal and professional conduct, and transparently escalate, manage, and report control issuesPrivacy Architecture & EngineeringLead and manage a team of talented privacy architects and engineers, providing strategic direction and technical expertise.Partner with product, engineering, legal, digital brands, global tech, and compliance teams to ensure privacy is embedded throughout the software development lifecycle.Lead the design, development, implementation, and integration of the privacy technology stack.Develop and implement technical solutions for data privacy, including data anonymization, pseudonymization, and access control mechanisms.Oversee the cookie compliance program that ensures that all MVW websites are compliant with the applicable laws.Identify and implement technologies that support automation of various privacy functions such as data subject access request, data mapping, and data discoveryCollaborate with Data Governance to identify and implement technology to support the minimization of regulated data in the lower environment.Coordinate and negotiate with vendors and contractors on data privacy technology requirements. 

Candidate Profile

Successful candidates should possess knowledge and experience and demonstrate strong leadership and relationship skills as follows:

Generally, a professional position requiring significant knowledge and experience in one or more disciplines and/or business operations as well as associate and/or organizational management experience.  College degree and/or relevant experience generally required.

Specific Candidate Profile

Education

Bachelor’s degree required or at least 7 years privacy experience; advanced degree preferred.Data Privacy certification such as Certified Information Privacy Professional (CIPP); or Certified Information Privacy Manager (CIPM); preferred

Experience

At least 10 years of progressive professional experience in Privacy, Legal, Compliance, Information Security, Technology, Audit, Risk Management or related fieldsProven experience in the area of Privacy, Information Security, Risk Management, Technology, SOX, or similar fieldStrong personal, analytical and communications skills.Demonstrated ability to translate regulations and/or standards into workable and implementable solutions.Proven experience with change management in an international organization.Experience using the One Trust or other privacy management platform preferred.Multilingual capabilities (read, speak and write), a plus.

Skills/Attributes

Successful candidates should possess knowledge and experience and demonstrate strong leadership and relationship skills as follows:

Demonstrated ability to communicate complex and technical information in an easily understood and actionable mannerStrong interpersonal and relationship building skillsExcellent prioritization and pragmatic problem-solving skillsOrganizational skills to manage multiple, concurrent project and task assignmentsHigh degree of business acumen and analytical thinkingProject management skills and the ability to work both independently and as part of a team and across levels of the organizationAbility to work in a team environment and interact with all levels of the organization.High attention to detailAbility to present complex information to leadershipProven ability to lead, implement, and manage change.Goal oriented; self-motivated.

Marriott Vacations Worldwide is an equal opportunity employer committed to hiring a diverse workforce and sustaining an inclusive culture.