Vice President, Data Privacy in MVW Corporate Headquarters at Marriott Vacations Worldwide

Date Posted: 11/20/2020

Job Snapshot

Job Description

Are you ready to grow your dream career while making others' vacation dreams come true? Marriott Vacations Worldwide is a world premier organization for Vacation Ownership with resorts at destinations around the globe. Join our team and help deliver unforgettable experiences that make vacation dreams come true.

**Relocation Assistance Provided

Job Title:  Vice President, Data Privacy

Position Summary

As a senior member of the professional staff, contributes expertise in a discipline (e.g. Accounting, Finance, Human Resources, Information Technology, Operations Planning & Support, Sales & Marketing) area to support function and/or discipline objectives.  Works with a high degree of independence, developing short-term goals for own department(s) and monitoring the flow of work between own department and others in alignment with broader business objectives, selecting and developing effective managers and work teams, and managing own organization through reliable systems and processes. Is a recognized authority in area of specialty, often serving as discipline interface with other areas.

Specific Job Summary

The VP, Data Privacy is responsible for establishing and maintaining a corporate-wide data privacy governance program to ensure that personal information is collected, handled, and protected responsibly to maintain trust in the Company and meet all regulatory and compliance requirements. The VP, Data Privacy serves as Chief Privacy Officer, reporting to the SVP, IT Strategy, Governance and Business Planning (the Office of the CIO) and will collaborate with executive management to implement a robust and efficient data privacy program.

The position requires a visionary leader who can balance data privacy requirements with business needs and realities. It requires a working knowledge of global data privacy rules and regulations. The ideal candidate is a thought leader, a consensus builder, and an integrator of people and processes across the enterprise who will also be viewed as a trusted advisor by peers across the organization.

You will be responsible for defining, building, and operating a comprehensive data privacy program that meets compliance and regulatory requirements and aligns with and supports the enterprise strategy. You will develop and proactively work with business units to implement practices that meet defined policies and standards for data privacy. You will serve as the process owner for privacy office activities, such as maintaining records of processing activities, developing and publishing privacy notices, fulfilling subject access requests, and assessing new systems and business processes for privacy compliance. This responsibility also includes the development and management of the enterprise strategic privacy roadmap, both short-term and long-term.

You will be charged with the responsibility for building an accountable, privacy-conscious culture built on high-quality standards and supported by effective operational procedures as well as regular status monitoring.

Expected Contributions

  • With a general planning horizon of 0 – 3 years, sets direction for area(s) of responsibility to achieve desired goals in alignment with function and/or discipline strategy.
  • Leveraging knowledge and experience in area of expertise:
    • identifies and implements improvements to business processes.
    • evaluates alternatives and makes judgements on a full range of business issues.
    • provides ongoing advice and guidance to the business concerning issues related to area of specialty.
  • Manages large and/or multiple departments, processes and/or projects that have a broader function and/or discipline impact. Generally, influences work of cross-functional or extended teams.
  • Makes department/multi-department resource decisions that have a financial impact as well as an impact on meeting discipline and/or business goals.
  • Works to enhance the organization’s capabilities through effective staffing and development of others by:
    • developing recruiting strategies based on evolving needs and profile of the business.
    • using appropriate MVW interviewing tools to hire the best managers available from inside or outside.
    • setting and maintaining high standards for team and individual performance.
    • providing timely coaching and feedback.
    • making and rewarding distinctions in performance.
  • Assists senior management in achieving business results by:
    • contributing to the development of long-term function and/or discipline strategy.
    • sharing relevant information to help others understand and support business objectives.
    • achieving results against budget within scope of responsibility. 
    • building relationships across the organization to align own technical area with broader organization direction and facilitate own function and discipline goals.
    • contributing on a regular basis to operating efficiencies by recommending new and creative business management techniques.
    • removing barriers to achieve greater performance.
  • Readily critiques own behavior to acknowledge mistakes and improve future leadership performance and acts independently to improve and increase skills and knowledge.
  • Performs other duties as appropriate.

Specific Expected Contributions

  • Develop, implement and monitor a strategic, comprehensive enterprise data privacy program that enables compliance with all relevant laws and regulations
  • Create and manage a unified and flexible privacy framework to integrate and normalize the wide variety and ever-changing requirements resulting from global laws, standards and regulations
  • Provide strategic privacy guidance for business projects, including the evaluation and recommendation of privacy controls
  • Identify and propose key data privacy program priorities, initiatives, plans and practices and tools
  • Partner with information security, legal, risk management, and other functions to provide strategic risk guidance
  • Provide regular reporting on the status of the data privacy program to enterprise risk teams, senior business leaders and the board of directors as part of a strategic enterprise risk management program
  • Develop and deploy a metrics and reporting framework to measure the efficiency and effectiveness of the program, facilitate appropriate resource allocation, and increase the privacy maturity of the company
  • Monitor the external regulatory environment for emerging data privacy requirements, analyze the impact to the company and advise relevant stakeholders on the appropriate courses of action
  • Maintain awareness of data privacy trends, new solutions and techniques and proactively look for opportunities to cost effectively maximize privacy capabilities through different approaches or uses of technology
  • Serve as subject matter expert on the privacy requirements relating to the evolving technology landscape, use of cookies, pixels, and other tracking tools, geolocation data, biometric data, health information, website interfaces, social media platforms, user-generated content, mobile aps, and messaging platforms
  • Develop, maintain and publish up-to-date data privacy policies, standards and guidelines. Oversee the approval, training and dissemination of same policies and practices
  • Manage the privacy office staff including appropriate training, leadership, and daily operational direction
  • Serve as chair and facilitator of enterprise data privacy committees
  • Ensure that the data privacy program is addressing relevant laws, regulations and policies to minimize or eliminate risk and audit findings
  • Work directly with the business units to facilitate privacy assessment and risk management processes, and work with stakeholders throughout the enterprise on minimizing data privacy related risks
  • Develop and manage data privacy project and operational budgets and monitor them for variances
  • Coordinate the use of external resources involved in contributing to the responsibilities of the data privacy office
  • Define and facilitate the data privacy risk assessment process, including the reporting and oversight of treatment efforts to address findings
  • Manage and enhance core privacy business processes including maintaining an enterprise record of processing activities (ROPA), fulfillment of data subject right requests (DSR), and completion of data protection impact assessments (DPIA)
  • Perform related duties and fulfill responsibilities as required

Candidate Profile

Successful candidates should possess knowledge and experience and demonstrate strong leadership and relationship skills as follows:

Typically, a senior position requiring significant knowledge and experience in one or more disciplines as well as associate and/or organizational management experience.  College degree required.  Advance degree or professional certification may also be required.

Specific Candidate Profile

  • Bachelor degree
  • Minimum 10 to 12 years of relevant experience in a combination of risk management, information security, and data privacy positions with at least 5 years in a significant leadership role(s) with an emphasis on data privacy specifically
  • Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate security and risk-related concepts to technical and non-technical audiences
  • Proven track record and experience in developing complex policies and procedures, as well as successfully executing programs that meet the objectives of excellence in a dynamic environment
  • Must be a critical thinker with strong problem-solving skills
  • Deep understanding of the enterprise data privacy discipline, processes, concepts, and best practices
  • Demonstrated consultative and collaborative approach to driving change and deploying controls and driving strategic data privacy decisions
  • Knowledge and understanding of relevant legal and regulatory requirements, such as GDPR, CCPA, GLBA, RFPA, HIPAA, and FTC Act.
  • Project management skills; financial/budget management, scheduling and resource management
  • Knowledge of common information data privacy frameworks, such as ISO 27701, ISO 27001, ITIL, COBIT, NIST, SANS, OWASP
  • Comfortable multi-tasking and working in a fast-paced dynamic environment, maintain composure under pressure and have a high degree of perseverance
  • Well-organized and self-directed individual who is a team player that can work effectively with individuals that have diverse work styles and approaches
  • IAPP Certification preferred

Marriott Vacations Worldwide is an equal opportunity employer committed to hiring a diverse workforce and sustaining an inclusive culture.