Job Location : Buffalo,NY, USA
JOB SUMMARY
As a key member of the Global Information Security team, the Director of Risk & Compliance (Data Privacy and Regulatory Compliance) will lead global data privacy and compliance initiatives across Product & Technology. This strategic role involves embedding privacy-by-design and regulatory compliance into the design, development, and operation of technology systems and products. The Director will ensure data handling practices and information systems comply with regulations such as HIPAA, PCI, GDPR, and NYDFS, while maintaining audit standards like SOC 1 Type I and II through technical controls, risk management, and governance frameworks.
KEY RESPONSIBILITIES
Embed Privacy and Security: Collaborate with engineering and product teams to integrate privacy-by-design and security principles into system development lifecycles.
Translate Regulations: Convert complex regulatory requirements (e.g., HIPAA, PCI, GDPR, NYDFS) into actionable controls.
Ensure Audit Readiness: Oversee preparation for audits, including SOC 1 Type I and II, PCI, and NYDFS, ensuring controls support financial reporting and compliance.
Monitor Regulatory Changes: Keep abreast of evolving regulations, assess impacts, and advise stakeholders.
Cross-Functional Collaboration: Partner with Legal, Risk, and Compliance teams for consistent interpretation and implementation of requirements.
Ensure Compliance: Oversee adherence to laws, regulations, and standards through governance and controls.
Manage data protection impact assessments (DPIAs) and ensure proper handling of personal data.
Establish metrics and KPIs to measure privacy and compliance initiatives effectiveness.
Champion a Compliance Culture: Chair the Global Data Privacy Steering Committee and foster a culture of privacy, compliance, and audit readiness.
Advise on Data Protection: Serve as a subject matter expert on controls, regulatory readiness, and audits.
QUALIFICATIONS
Proven expertise in global data privacy and compliance, with knowledge of CCPA, HIPAA, PCI, GDPR, NYDFS, and SOC standards.
Ability to stay current with regulatory landscapes and privacy trends.
Experience leading teams, conducting audits, risk assessments, and managing privacy programs.
Strong understanding of technical controls, risk management, and security governance.
Experience working with cross-functional teams to operationalize compliance.
Excellent communication skills to translate complex requirements.
Strategic mindset to advise senior leadership.
Analytical skills to assess risks and implement solutions.
Bachelor's degree in a related field; advanced degrees or certifications preferred.
8-10 years of experience in privacy, compliance, or related technology fields, with at least 5 in leadership.
Certifications (preferred): CIPP/US or E, CISSP, CISA.
About Anywhere Real Estate Inc. ( Moving real estate forward with leading brands in over 118 countries.
At Anywhere, we value talent, growth, and a people-first culture. Learn more in our Impact Report.
Recognized as a Great Place to Work, Forbes World's Best Employers, and more, we are committed to diversity and inclusion. EOE including disability/veteran.
#J-18808-Ljbffr