Privacy Auditor

JOB DESCRIPTION

The Privacy Auditor supports the organization's ethics and compliance functions by evaluating privacy-related practices and ensuring adherence to federal, state, and industry-specific regulations. This role involves conducting audits, interpreting privacy laws, identifying noncompliance risks, and recommending corrective actions. This position also assists the Privacy Operations Team in tracking internal financial metrics of privacy related projects across the business. The Privacy Auditor also contributes to privacy training, policy development, and vendor compliance oversight, while embodying the company's core values of respect, honesty, integrity, diversity, inclusion, and safety.

RESPONSIBILITIES

• Conduct audits of privacy programs and practices across business units.
• Analyze audit results to identify noncompliance and initiate corrective actions.
• Maintain communication regarding audit findings and risks. Draft preliminary audit reports and assist with presentations to management.
• Interpret federal, state, and other applicable privacy laws to assess business impact.
• Evaluate vendor compliance with privacy standards and service level agreements.
• Respond to privacy-related inquiries and develop operational solutions.
• Prepare required reports and correspondence to regulatory bodies.
• Recommend and implement process improvements based on audit insights.
• Lead or support special projects related to privacy compliance.
• Stay current with industry trends through approved training and conferences.
• Must be able to perform the essential job functions of this position with or without reasonable accommodation

• Bachelor's Degree in relevant field or 6+ years of privacy-related experience internal or external of Kroger
• Regulatory knowledge, data governance, and auditing expertise.
• Strong understanding of privacy regulations and enforcement actions
• Ability to assess risk and recommend mitigation strategies.
• Excellent communication and stakeholder engagement skills.
• Familiarity with data lifecycle management and vendor risk assessments.
• Experience conducting audits, writing reports, and managing corrective action plans
• Ability to handle multiple projects and respond to changing business priorities
• Strong follow-up, accountability, and attention to detail

• Recognized privacy certification (e.g., CIPP, CIPM, CISA, CRISC) (Highly Recommended)
• Compliance or Risk Management roles, especially in regulated industries like healthcare, finance, or retail.
• Internal or External Auditing, with a focus on IT systems, data governance, or regulatory compliance.
• Legal or Regulatory Affairs, particularly with exposure to privacy laws like GDPR, HIPAA, CCPA, etc.