Director, Privacy Operations

The Director, Privacy Operations, leads and governs enterprise wide privacy operations. This role owns the multiyear roadmap for privacy technologies, GRC workflows, and operational controls. The Director partners with cross-functional teams and experts to set enterprise standards and drives maturity against defined KPIs.

The role guides cross functional execution (Product, Engineering, Security, Marketing, Legal, and Data) to deliver scalable, resilient, and compliant outcomes globally, and serves as the operational authority on tracking technologies and privacy tooling. Success in this role measurably reduces regulatory and brand risk, improves audit readiness, and elevates cross functional program performance.

This is a hybrid role and requires onsite work 3 days a week in our Newton, MA office.

• Owns the delivery of enterprise privacy operations strategy and multiyear roadmap. Leads cross-functional teams and provides direction to senior leaders, stakeholders, and technical partners to ensure delivery of privacy operations objectives.

• Provides governance leadership and direct support for the GRC platform (e.g., One Trust): configuration standards, access models, integrations, release/change management, and data quality in partnership with IT and Security.

• Establishes and oversees policies, standards, and operating procedures for Tracking Technologies (cookies, SDKs, pixels, device IDs); monitors compliance, assesses risk, and drives remediation across products and channels. Provides guidance to technical and product teams to ensure the organization's use of cookies and other tracking technologies (TT) complies with relevant privacy laws and regulations.

• Directs the privacy incident management program: intake, triage, investigation, rootcause analysis, corrective actions, and regulatory readiness; maintains incident templates and workflows within the GRC platform and chair incident review forums.

• Owns the design and generation of performance metrics and reports for Privacy function and management. Analyzes operational processes and metrics, socializes and elicits input from key stakeholders, then develops and executes plans to optimize operations and compliance.

• Leads cross functional delivery for privacybydesign and technical implementation guidance; makes recommendations on architecture and product decisions balancing risk, usability, and timetomarket.

• Owns business continuity and disaster recovery (BC/DR) strategies and test plans for privacy systems and tools, ensuring resilience and recovery objectives are met.

• Stays abreast of vendor roadmaps, emerging technologies, and regulatory developments then translates needs into executable operational requirements and standards.

• Travel: 0-10%

• Bachelor's Degree in Information Security, Information Systems, Law, or Accounting. 3+ years of additional experience would be considered in lieu of degree

• 10 years experience in privacy operations, compliance, audit or data protection/management roles in a multinational organization in a highly regulated or scrutinized industry

• 5 years experience managing system changes and configuring Governance, Risk & Compliance tools such as One Trust or Trust Arc in a controlled IT environment

• ISO 27001/27701 & SOC2 audit experience, strongly desired.
• Certifications:
  
  CIPM, CIPT or CISSP preferred. CIPPUS or CIPPE desired. CRISC/CISA and SAFe, a plus.
• Expert understanding of privacy and information security frameworks, controls, and risk management methodologies; ability to translate regulatory and technical concepts into actionable business requirements.
• Demonstrated change leadership: ability to lead enterprise rollouts, drive adoption, and manage organizational impact across global stakeholders.
• Executive communication and storytelling skills demonstrates expert ability to understand and translate complex technical concepts into business requirements, frame tradeoffs and influence decisions at the senior leadership level.
• Technical expertise:
  Applies deep technical knowledge of tracking technology regulations, tools, browser behavior, third party code, tag managers, and detection/measurement strategies to identify and remediate noncompliance.
• Advanced understanding of change management and security administration best practices a must.
• Program and people leadership:
  Participates in team capacity planning, goal setting, coaching, and performance management for internal teams and vendors.
• Measurementdriven proven ability to define KPIs and manage operations using dashboards and leading indicators.

At this time, Bright Horizons will not sponsor an applicant for employment authorization/visa for this position.

The annual salary for this position is between $124,000 - $147,000. The pay range listed here is what Bright Horizons in good faith anticipates offering for this job opening. Actual compensation offers within this range will depend on a variety of factors including experience, education and…