Director, Data Privacy

Status

Summary

The Data Privacy Director develops, implements, and oversees a data privacy strategy across all Kia North America affiliates, ensuring compliance with applicable regulations. This role drives decision-making related to data privacy for multiple organizations and collaborates closely with the Legal team to resolve privacy issues and update corporate policies and procedures. 

This position will lead risk assessments, implement internal controls, and foster data protection awareness through training. This role will collaborate with IT, Information Security, and Legal teams to integrate privacy practices and oversee data privacy incident response to ensure proper remediation. The Director will take a hands-on approach within this small team while designing processes and policies that align with the needs of multiple organizations and can be scaled effectively as additional resources become available.

Major Responsibilities

1st Priority - 20%

Leadership & Strategy

• Develop and execute a comprehensive data privacy strategy aligned with organizational goals.
• As the executive lead for Data Privacy Strategy, the Director will serve as the primary liaison for privacy matters and overseeing related teams across Kia North America affiliates to ensure compliance and risk mitigation.
• Lead the effort to resolve privacy issues by closely collaborating with  Legal, providing specific solutions, making decisions, and reporting progress.

2nd Priority - 20%

Compliance & Risk Management

• Responsible for corporate compliance with all applicable privacy laws and regulations (e.g., CPRA and other state laws).
• Conduct regular risk assessments and audits and recommend mitigation strategies.
• Design and oversee the implementation of a comprehensive internal control and monitoring framework to proactively mitigate risks, prevent the leakage, misuse, and abuse of Personally Identifiable Information (PII), and ensure enterprise-wide data protection compliance.
• Review and approve/deny all requests for data privacy policy exceptions

3rd Priority - 20%

Policy Development

• Develop, implement, and maintain privacy policies that are aligned with applicable regulations and ensure effective procedures are in place to safeguard personal data.

4th Priority - 20%

Incident Response

• Oversee response to privacy breaches and ensure appropriate remediation for all Kia North America affiliates
• Develop an incident response plan that addresses potential privacy violations.

5th Priority - 10%

Training & Awareness

• Develop and implement privacy training programs for employees and stakeholders.
• Promote awareness of privacy best practices and the importance of data protection within the organization.

6th Priority - 10%

Collaboration & Communication

• Work closely with IT, Information Security, Legal, and other departments to ensure integrated privacy practices.
• Liaise with regulatory authorities and manage privacy-related inquiries or incidents.

Education/Certification

• Bachelor’s degree in law, computer science, information technology or security, business administration, or a related field required.
• Advanced degree (e.g., JD, MBA) preferred.
• Professional certifications such as CIPP, CIPM, or similar are highly desirable.
   

Overall Experience

• Minimum of 15+ years of experience in privacy, data protection, or compliance roles required.

Directly Related Experience

• 5+ years of experience in a senior leadership position required.
• Proven track record of developing and implementing privacy strategies in a complex organization.
• In-depth knowledge of US/states privacy laws and regulations such as CCPA, CPRA, HIPAA, etc.
• In-depth knowledge of International Privacy Standards such as GDPR and ISO 27701
• Familiarity with Canadian and Mexican privacy laws and regulations.

Skills

Competencies