Director of Privacy, Data Security, and GRC

We are looking to hire a Director of Privacy Data Security and GRC. Our corporate office is located in Provo Utah and this role is open to remote candidates. We are approved for remote work in the following states: Arizona Arkansas Colorado Florida Georgia Idaho Illinois Oklahoma South Dakota Texas and Utah.

Position Overview

The Director of Privacy and GRC is a strategic leadership role responsible for the on-going maintenance and improvement of Nu Skins global privacy program and GRC (Governance Risk and Compliance) framework. This position plays a crucial role in protecting the companys data assets ensuring regulatory compliance and fostering a culture of privacy and risk awareness across the organization.

Key Responsibilities

• Privacy Program Leadership
  • Design and execute the companys global privacy strategy ensuring compliance with international privacy regulations including GDPR CCPA and other US state regulations PIPL and all other applicable global jurisdictions
  • Develop implement and maintain programs to oversee monitor and ensure compliance with global data protection laws and regulations
  • Lead privacy impact assessments data protection impact assessments and privacy risk assessments
  • Develop and maintain privacy policies procedures and standards
  • Lead efforts to automate privacy programs and procedures through the use of tools and process improvements
  • Serve as the primary point of contact for privacy-related inquiries from internal stakeholders and regulatory bodies
  • Partner with Legal IT Security and business units to implement privacy by design principles into operations and products
  • Partner with management and other stakeholders to proactively address emerging issues such as the use of artificial intelligence and regulation of consumer health data
  • Develop and implement a global privacy training program including the training of international data protection officers
• GRC Program Management
  • Oversee the organizations GRC program including the development and maintenance of governance structures risk management frameworks and compliance processes
  • Collaborate with Enterprise Risk team to evaluate and monitor technology ecosystem risks
  • Maintain a comprehensive risk register including continuous assessment and reporting of identified privacy and related risks and remediation activities
  • Establish and maintain relationships with regulatory bodies external auditors and other relevant stakeholders
  • Drive the implementation of GRC tools and technologies to enhance program effectiveness
• Data Governance
  • Develop and maintain a new data governance policy and charter for the function
  • Lead the implementation of new data governance platform
  • Oversee the data mapping and tagging according to the data classification policy
  • Oversee data usage data anonymization and data subject rights initiatives including leadership of the data usage committee
  • Collaborate with the Data Engineering and Data Platform teams to articulate technologies in a seamless manner
• Team Leadership & Development
  • Directly manage and mentor a team of specialists including:
    • Privacy Manager
    • Data Governance Lead
    • Continuous Monitoring Lead
  • Build and maintain a high-performing team through coaching professional development and performance management
  • Foster collaboration between team members and across organizational boundaries
• Strategic Planning & Reporting
  • Develop and execute on a roadmap of key privacy program directives and improvements
  • Develop and track key metrics for privacy and GRC programs
  • Provide regular reports to senior management and the Board on program status risks and initiatives
  • Lead the planning and execution of the annual privacy and GRC strategy
  • Manage program budgets and resource allocation

Required Qualifications

• Bachelors degree in a relevant field (e.g. Law Computer Science Business Administration)
• 10 years of experience in privacy compliance and risk management roles
• 5 years of management experience leading cross-functional teams
• Deep knowledge of global privacy regulations and frameworks
• Experience as a GDPR Data Protection Officer
• Strong understanding of information security principles and technologies particularly concepts in applying Privacy/GRC practice to AI implementations
• Experience implementing and managing GRC programs in complex organizations

Preferred Qualifications

• Advanced degree (J.D. Masters) in relevant field
• Professional certifications such as CIPP CIPM CRISC or CGEIT
• Experience in technology and/or online retail companies
• Background in audit risk management or consulting
• International business experience

Skills & Competencies

• Strong leadership and people management abilities
• Excellent communication and presentation skills
• Strategic thinking and problem-solving capabilities
• Ability to influence and collaborate with senior stakeholders
• Project and program management expertise
• Technical acumen to understand and evaluate technology risks

Impact & Influence

• Reports to: Deputy Chief Information Security Officer (Deputy CISO)
• Key partners: Legal IT Security Product Engineering and Business Units
• External stakeholders: Regulators Auditors Customers and Partners

Physical Demands & Work Environment

• Primary work location is in an office environment with periodic travel required
• Ability to work flexible hours to support global operations when needed
• May require travel to other company locations or for conferences/training

Our Benefits & Perks:

You will be part of an engaged inclusive global community that values family giving back beauty and sustainability. We offer competitive benefits to eligible employees with comprehensive medical vision and dental coverage; supplemental life short-term and disability insurance; free access to health coaches therapists and an onsite fitness center; a health savings account & 401k with company match; an incentive bonus program; and access to our top-quality beauty & wellness products. Youll also be empowered to prioritize whats important to you through flexible work arrangements and a generous vacation policy. Thinking about expanding your family We have generous maternity and paternity leave too.

Our Commitment:

We are proud to be an equal opportunity employer seeking diversity in qualified applicants for employment. At Nu Skin we strive to create an environment where success is independent of race ethnicity age gender identity gender expression sexual orientation religion national origin ancestry genetic information medical condition disability marital or veteran status or any other legally protected status.

Applicants with disabilities who need assistance with the application process may be entitled to reasonable accommodation in accordance with applicable law. If you need assistance in completing an application or participating in an interview because of a disability please contact our Talent Acquisition team at

Information you provide on your application will be processed according to our Privacy Policy which is available for you to review at For questions about this policy please contact us at