PRIVACY AUDIT MANAGER

JOB DESCRIPTION

The Manager, Privacy Audit leads the enterprise privacy audit function, overseeing a team of privacy auditors and analysts to ensure compliance with federal, state, and industry-specific privacy regulations. Responsible for developing and executing a comprehensive privacy audit strategy, identifying and mitigating privacy risks, and driving continuous improvement across business units. Collaborate cross-functionally with legal, compliance, technology, and business leaders to uphold the organization's commitment to data protection, ethics, and regulatory excellence. Demonstrate the company's core values of respect, honesty, Integrity, diversity, inclusion, and safety.

RESPONSIBILITIES

• Lead the planning, execution, and reporting of privacy audits across business units and functions
• Develop and maintain audit frameworks, methodologies, and tools aligned with regulatory requirements and industry best practices
• Interpret and apply privacy laws (e.g., CCPA, GDPR, HIPAA) to assess organizational compliance and risk exposure
• Collaborate with cross-functional teams to evaluate tracking technologies on web and mobile platforms, ensuring proper classification and regulatory compliance
• Review vendor privacy compliance assessments and ensure adherence to contractual obligations and service level agreements
• Collaborate with stakeholders to address audit findings, implement corrective actions, and monitor remediation efforts
• Provide strategic insights and recommendations to senior leadership on privacy risks and mitigation strategies
• Support the development and enhancement of privacy policies, procedures, and training programs
• Prepare and present audit reports to internal leadership and, when necessary, regulatory bodies
• Stay current with emerging privacy regulations, enforcement actions, and industry trends
• Support enterprise-wide privacy initiatives and special projects
• Ensure audit activities align with the company's ethics, compliance, and risk management frameworks
• Travel as needed
• Ability to work cooperatively in high paced and sometimes stressful environment
• Ability to manage conflict in a reasonable, nonconfrontational and cooperative manner
• Ability to act with honesty and integrity regarding customer and business information
• Ability to follow directions and seek assistance when necessary to resolve customer and business issues
• Provide support and assistance through direct interaction with minors, individuals with special needs, and/or older adults

• Bachelor's degree in a relevant field (e.g., Information Systems or Computer Science, Accounting or Finance, Business Administration or Management)
• 8+ years of experience in privacy, compliance, or internal audit roles Leadership or management experience desired.
• Demonstrated expertise audit practices within large, complex organizations
• Knowledge of privacy laws like CCPA and other state consumer privacy laws
• Understanding of audit methodologies - including planning, risk assessment, control evaluation and reporting
• Proven ability to assess risk, develop mitigation strategies, and influence cross-functional teams
• Strong analytical, organizational, and project management skills
• Excellent written and verbal communication skills, with experience presenting to senior leadership
• Experience evaluating and categorizing tracking technologies deployed through websites and apps
• Ability to manage multiple priorities in a fast-paced, dynamic environment
• Commitment to ethical conduct, confidentiality, and continuous improvement

• Advanced degree or certifications (e.g., CIPP, CIPM, CISA, CIA, CRISC)
• Experience in B2C environments such as retail, healthcare, financial services, or technology
• Experience evaluating and categorizing tracking technologies across web and mobile platforms to support privacy audits and compliance initiatives.
• Hands-on experience using privacy scanning tools or tag management systems to identify and assess third-party trackers.
• Demonstrated ability to collaborate with cross-functional teams to address tracking-related privacy risks.
• Experience working with AdTech, clean room technologies, or data governance platforms
• Knowledge of data lifecycle management and vendor risk assessment frameworks