at National Restaurant Association in Chicago, Illinois, United States
Job Description
The National Restaurant Association is proud to be part of a highly respected industry, providing hospitality, opportunity, and quality of life. Much like the industry we represent, we have a dynamic, diverse, and inclusive culture, grounded in trust, hospitality, collaboration, and innovation. These are the core values that inspire our work, and what we are looking for in a Data Privacy and Compliance Manager.
As Data Privacy and Compliance Manager, you will be an independent contributor who will collaborate with and influence a cross-functional team (Legal, Technology and Business) to steadfastly operationalize the enterprise’s compliance to state, federal and international consumer rights/data privacy laws. You will have an impact on the complete data privacy lifecycle across data collection, storage, handling, and retention. You will champion implementation of data privacy best practices throughout the enterprise for print and online business models.
Reporting to the Director of Risk, Security, and Compliance, the Data Privacy and Compliance Manager must be able to harmonize input and gather support from a cross-functional team to prepare the organization for privacy regulatory compliance in anticipation of state/federal/international laws taking effect. Your excellent project management skills will allow you to juggle the demands of varied initiatives (ex. CPRA, FERPA, ADA compliance etc.) simultaneously across up to twenty web properties, a print certification business and a foundation’s donation business model. You will have a talent for broad enterprise-based strategy creation counterbalanced by a work ethic that also measures success via tactical, detailed work.
The successful candidate will have a demonstrated passion for the ever-evolving landscape of data privacy. You will be a natural collaborator with strong influencing skills. You pride yourself on both your autonomy and your excellent communication skills, and measure success by creation of the big picture (ex. incorporating data privacy thinking into the cultural fabric of the organization) and a steady stream of practical, tactical outcomes.
Position may operate with hybrid flexibility out of our Chicago office.
We are proud to offer our team members comprehensive benefits, designed to support their financial, professional, and personal well-being. In addition to outstanding healthcare coverage (medical, dental and vision), competitive salaries, generous vacation and leave time, we offer a matching 401(k) plan, a unique collection of corporate discounts and memberships, as well as programs to support career and skills development, including coaching, learning and tuition assistance, and so much more.
Responsibilities:
Strategy and Planning
- Stay abreast of new and evolving data privacy regulations with an eye towards how to operationalize compliance most efficiently into the Association business model
- Guide prioritization of initiatives based on balanced judgement of risk and importance to the enterprise
- Articulate a vision via a multi-year roadmap inclusive of milestones to calibrate progress; incorporate data analytics as an aid in risk assessment to guide priorities; integrate data privacy compliance needs into annual planning and budget processes
Relationship Management
- Serve as the data privacy subject matter expert amongst the legal, business and technology teams balancing risk management, consumer rights and operational practicality
- Educate, train, and build awareness of evolving data privacy landscape with business teams designed to secure their support on investments in operationalizing compliance; foster privacy by design principles into the product lifecycle
- Secure Legal team guidance to ensure optimal, accurate and timely compliance implementation
- Partner with the Security team to synchronize initiatives (ex. email/text message regulations; phishing tests etc.); support the Vendor manager in securing contract data protection addendums
- Provide the Technology development team with thorough, detailed, complete use cases and user stories that document “the why and the what” for accurate compliance
Operational Management
- Implement privacy impact assessments; integrate assessment of privacy protocols into third party security audits
- Develop, document, and institutionalize relevant data policies and processes (ex. data handling, retention, deletion) as guides to encourage organizational adherence
- Encourage and aid in the development of data mapping and data inventories to track data flows across the enterprise businesses
- Orchestrate and supervise the timely response to all Consumer Rights Requests
- Oversee the utilization of privacy software tools (OneTrust) to drive efficiencies and scale the privacy program
- Guide the standardization of the privacy policy, terms & conditions, cookie notices etc. across the enterprise’s twenty websites
- Develop appropriate KPI dashboards to measure and monitor privacy compliance initiatives
Requirements:
- BS/BA degree desired
- CIPP certification highly desireable
- 2+ years of professional experience working in an operational capacity in the areas of data privacy compliance, data governance and/or security risk management preferably as a Privacy Manager or similar role responsible for day-to-day management of privacy operations
- Passionate working knowledge of State (Ex. CPRA), Federal (ex. FERPA), International (ex. GDPR) and government contract (ex. CMMC) privacy/consumer data protection laws
- A passion for data privacy/consumer rights and a desire to develop/demonstrate SME expertise in the areas of data privacy compliance via self-directed education
- Familiarity with OneTrust (preferred) and/or other privacy management software tools
- Experience in advising on and managing privacy and data protection requirements
- A self-starter who thrives without regular oversight. Able to work independently with limited guidance and a self-driven attitude
- A patient, yet action-oriented individual contributor with exceptional influencing skills; accepts change and is flexible; focuses on steady delivery of outcomes
- A natural collaborator
- Disciplined in strong project management skill sets
- Ability to communicate verbally and in writing with a wide variety of audiences (technical and non-technical) about technology and legal requirements using straightforward language
- Intellectual horsepower and curiosity (highly analytic and strategic); able to see the “bigger picture” while promoting steady data privacy compliance progress
- Demonstrates respect and promotes a supportive environment
