Data Privacy & Compliance Lead (Remote)

Reporting to the Senior Director, Security & Compliance, the Data Privacy and Compliance Lead will be responsible for overseeing and ensuring compliance with data privacy laws and regulations, as well as maintaining adherence to various industry standards and regulations. This role will combine privacy and compliance responsibilities and provide a cohesive approach to managing our organization's data privacy and compliance needs.

Core Accountabilities:

Data Privacy:

Develop and Implement Policies:

• Create and enforce data privacy policies, procedures, and guidelines
• Ensure compliance with relevant data protection laws and regulations (e.g., GDPR, CCPA)
• Research and communicate changes in relevant laws, regulations, and standards impacting compliance status

Data Subject Requests:

• Manage the public-facing privacy mailbox and respond to data subject requests
• Log requests or complaints and escalate issues as necessary

Collaboration with Legal:

• Work closely with the legal department on data privacy-related questions and compliance issues
• Conduct data privacy impact assessments and integrate data privacy requirements into business processes and new initiatives

Vendor Data Privacy Assessment and Contractual Review:

Vendor Assessments:

• Conduct thorough data privacy assessments of third-party vendors
• Ensure vendors comply with the organization's data privacy and security requirements

Contractual Review:

• Review and negotiate data privacy terms in vendor contracts
• Collaborate with procurement and legal teams to ensure vendor agreements align with data privacy standards and regulations

Awareness and Training:

• Develop and execute cybersecurity awareness and phishing campaigns
• Promote a culture of security, privacy, and ethical behavior within the organization

Compliance:

Regulatory Compliance:

• Ensure adherence to industry-specific regulations, standards and data protection laws (e.g., NIST-CSF, PCI-DSS, GDPR, CCPA)
• Work closely with IT teams to design and implement appropriate IT controls, processes, and procedures that comply with regulatory requirements such as PCI DSS, NIST CSF, and IT general controls
• Conduct audits and assessments to verify IT control compliance

Audit Support:

• Represent Cybersecurity & Compliance in all external IT compliance and governance audits
• Liaise with the broader Cybersecurity and Compliance team to assist with remediation plans where necessary

• Bachelor's degree in Information Security, Computer Science, Law, or related field; Master's degree preferred
• 4+ years of experience in data privacy, compliance, or a related role
• Relevant certifications such as CIPP, CIPM, CISSP, or CISM are highly desirable
• Strong understanding of data protection laws and regulatory requirements
• Excellent communication and interpersonal skills
• Ability to handle sensitive information with discretion and integrity
• Strong analytical and problem-solving skills

Base Salary: From $85,000 - $120,000 annually*

Bonus Eligibility: Yes, eligible for annual target bonus based on company and individual performance

Benefits Offered: Health Insurance, Dental Insurance, Vision Care, Health Savings Accounts, 401(k) Retirement Plan, Vacation Time, Sick Time, Paid Parental Leave, Holidays and Cole Haan Discounts

*Rate of pay dependent upon candidates' relevant skills and experience

This position is not available to be performed in Colorado.

As an Equal Opportunity Employer, Cole Haan is committed to meeting the spirit as well as the letter of the law. We have been, and continue to be, committed to Equal Opportunity Employment and equal treatment of all qualified individuals -- regardless of race, color, sex, national origin, age, religion, marital status, sexual orientation, gender identity, gender expression, veteran status, disability, or any other factors that are not job related.