Director of Privacy

Job Description

The inaugural Director of Privacy will lead the development coordination and administration of the universitys privacy initiatives ensuring compliance with applicable federal and state privacy laws and regulations including but not limited to the Family Educational Rights and Privacy Act (FERPA) Health Insurance Portability and Accountability Act (HIPAA) and Gramm-Leach-Bliley Act (GLBA) as well as emerging state federal and international data protection requirements. This role will involve maintaining a comprehensive data privacy governance inventory including policies standards procedures and internal controls.

The Director will report to the Vice President for Audit Risk and Compliance and Chief Risk Officer and will work collaboratively to promote a culture of ethical data stewardship and shared responsibility for privacy across the institution. The Director of Privacy will work closely with various departments including Information Technology Legal Counsel Procurement and Research Compliance to ensure that privacy requirements and best practices are fully integrated into the organizations efforts to protect and secure personal information.

The Director will conduct periodic risk assessments to identify potential areas of vulnerability and risk and will act as a subject matter expert and advisor on privacy issues for the university community. This role will participate in the development implementation and ongoing compliance monitoring of business customers partners vendors third parties etc. and the relevant agreements to ensure all data privacy concerns requirements and responsibilities are addressed. This role may be asked to represent the university as needed in external privacy-related matters agreements or contracts.

The Director will also manage privacy-related investigations and complaints as well as collaborate closely with information security and compliance teams to evaluate whether security incidents potentially involve personal or sensitive data and provide guidance on the appropriate investigation and remediation of such incidents.


Key Responsibilities:
Privacy Program: Develop and execute a university-wide privacy strategy aligned with institutional priorities. Ensure institutional compliance with applicable federal state and international privacy and data protection laws. Monitor regulatory developments and proactively update institutional policies and practices. Ensure privacy forms policies standards and procedures are up-to-date.
Ethics and Integrity: Foster a culture of ethical data stewardship across the university. Develop and implement initiatives to promote ethical behavior and decision-making.
Collaboration: Cultivate relationships with peers and subject matter experts to facilitate anticipatory evaluation of new regulations enforcement focus or other compliance initiatives. Work collaboratively with various departments including Information Technology Legal Counsel Procurement and Research Compliance to ensure a consistent and balanced approach.
Risk Management: Coordinate privacy risk assessments and the development of action plans to address identified risks through consultative interaction with university partners. Initiate and monitor corrective action and process improvement as needed in conjunction with IT and other security stakeholders. Identify and develop initiatives to address and resolve areas of compliance concerns or emerging risks.
Policy and Governance: Assist in the development of university-wide policies and procedures to ensure compliance with applicable privacy laws regulations and best practices. Review and evaluate existing policies and recommend improvements.
Training and Education: Develop and deliver training programs to educate university employees on data privacy standards. Promote awareness of data stewardship and shared responsibility.
Incident Management: Manage and oversee privacy-related investigations and complaints and the resolutions in collaboration with other compliance leaders team members and legal counsel as appropriate.
Third-Party Contract Review: Review and advise on vendor contracts data sharing agreements and third-party risk from a privacy perspective in coordination with IT Legal Counsel and Procurement.
Reporting: Gather organize analyze and report on privacy-related issues and recommendations that are complex in nature.

Required Qualifications

An advanced degree in related field or a combination of a bachelors degree and significant related experience.
Experience implementing a privacy program at a large organization.
Understanding of applicable privacy laws regulations industry standards and related compliance issues.
Demonstrated ability to establish collaborative partnerships with a wide range of staff across a complex decentralized organization.
Demonstrated ability to successfully handle sensitive discussions; strong personal ethics commitment; and demonstrated sound judgment.
Persuasive communicator with excellent verbal and written communication skills and the ability to communicate concisely engage influence and align to achieve the desired results with a wide variety of audiences.
Experience in developing reports that convey technical and complex concepts in simple language and recommendations derived from data analysis and synthesizing existing and emerging compliance requirements and trends.
Must successfully complete a criminal background check.

Preferred Qualifications

Professional experience in a higher education or a not-for-profit organization setting.
Previous legal regulatory audit and/or compliance experience at large decentralized organizations.
Juris Doctorate degree (JD) or a similar combination of legal training and experience.
Related professional certifications in privacy such as Certified International Privacy Professional/United States (CIPP/US).
Strong analytical problem solving presentation and interpersonal skills.

Overtime Status

Exempt: Not eligible for overtime

Appointment Type

Regular

Salary Information

Salary range of $125000 - $175000

Hours per week

40

Review Date

5/25/2026

Additional Information

The successful candidate will be required to have a criminal conviction check.

About Virginia Tech

Dedicated to its mottoUt Prosim(That I May Serve) Virginia Tech pushes the boundaries of knowledge by taking a hands-on transdisciplinary approach to preparing scholars to be leaders and problem-solvers. A comprehensive land-grant institution that enhances the quality of life in Virginia and throughout the world Virginia Tech is aninclusive communitydedicated to knowledge discovery and creativity. The university offers more than 280 majors to a diverse enrollment of more than 36000 undergraduate graduate and professional students in eightundergraduate colleges aschool of medicine aveterinary medicinecollegeGraduate School andHonors College.The university has a significant presence across Virginia including Blacksburg the greater Washington D.C. area the Health Sciences and Technology Campus in Roanoke sites in Newport News and Richmond and numerousExtension officesandresearch institutes.A leading global research institution Virginia Tech conducts more than $650 million in research annually.

Virginia Tech endorses and encourages participation in professional development opportunities and university shared governance. These valuable contributions to university shared governance provide important representation and perspective along with opportunities for unique and impactful professional development.