Director, Privacy Compliance

Director, Privacy Compliance page is loaded## Director, Privacy Compliance remote type:
Remote locations:
Remote-USAtime type:
Full time posted on:
Posted Yesterday job requisition :
P748595## About the team Zillow is transforming how people find, finance, sell, rent, and live in homes. Our platforms, apps, and services power a complex ecosystem of consumers, real estate professionals, lenders, landlords, property managers, and partners. Data and trust are at the center of that ecosystem, and the Privacy team partners across the company to uphold both while enabling innovation.##

About the role

As Director, Privacy, you will lead and evolve Zillow’s enterprise privacy compliance program across our online real estate marketplace, adjacent businesses, and internal operations. You’ll set and drive an enterprise-wide privacy strategy in a tech-forward, data-rich environment, ensuring privacy is built into products, experiences, and data platforms by design. You’ll cultivate a pragmatic, collaborative culture—working closely with Privacy Legal, Info Sec, Engineering, Product, Design, and other Compliance teams to deliver product-ready solutions to evolving privacy requirements.
** You will get to:
*** Design and continuously improve the enterprise privacy program with Privacy Legal (governance model, roles and responsibilities, policies, forums, steering committees).
* Build and maintain the privacy portfolio and roadmap (OKRs, maturity targets, mitigations, remediations) and report progress to senior leadership.
* Launch and scale AI-driven tools and workflows for product advisory support, analytics, PIAs/DPIAs/RoPA, DSARs, TCPA/DNC, and compliance monitoring.
* Establish enterprise privacy governance (steering committees, escalation paths, decision frameworks) and own internal policies, notices, standards, and operational playbooks.
* Create evidence-based compliance by maintaining retention libraries of decisions, risk evaluations, controls, approvals, exceptions, and proof supporting audit, regulatory, diligence, and litigation needs.
* Lead the privacy control framework across access/deletion/correction/opt-out marketing/communications rules (e.g., TCPA, CAN-SPAM), integrating with policy governance and exception management.
* Champion privacy by design/default in technical architectures (identity, consent, preferences, logging, data minimization) in close partnership with Engineering, Product, Design, Info Sec, and Compliance.
* Serve as an embedded privacy leader with product teams to interpret and operationalize evolving federal and state laws (e.g., CPRA, CDPA, UCPA, GLBA) and partner with Legal and Government Relations on horizon scanning and proactive strategies.

This role has been categorized as a Remote position. “Remote” employees do not have a permanent corporate office workplace and, instead, work from a physical location of their choice, which must be identified to the Company. U.S. employees may live in any of the 50 United States, with limited  California, Connecticut, Maryland, Massachusetts, New Jersey, New York, Washington state, and Washington DC the standard base pay range for this role is $ - $ annually.

This base pay range is specific to these locations and may not be applicable to other  Colorado, Hawaii, Illinois, Minnesota, Nevada, Ohio, Rhode Island, and Vermont the standard base pay range for this role is $ - $ annually. The base pay range is specific to these locations and may not be applicable to other  addition to a competitive base salary this position is also eligible for equity awards based on factors such as experience, performance and location.

Actual amounts will vary depending on experience, performance and location. Employees in this role will not be paid below the salary threshold for exempt employees in the state where they reside.## Who you are
* 10+ years in privacy, data protection, or related risk/compliance roles within tech-forward or online platform environments (e.g., marketplaces, SaaS, fintech, ad-tech, consumer apps).
* Deep knowledge of U.S. privacy laws (e.g., CCPA/CPRA, GLBA, TCPA, CAN-SPAM) and industry frameworks (e.g., NIST, ISO, PCI/NACHA); familiarity…