The Data Privacy Manager’s responsibilities include overseeing Arhaus' comprehensive privacy framework and enables Arhaus to manage risk and proactively provide solutions on data privacy matters. This role is responsible for the day-to-day operation of Arhaus' privacy program including response to inquiries and identified issues. The successful applicant will partner cross-functionally with stakeholders in corporate business units, marketing organization, information technology, HR, and security, compliance, internal audit and legal teams to drive awareness of, and compliance with, privacy requirements.
· Write, revise, and communicate internal privacy and data governance polices, standards, and procedures and support compliance.
· Create content and lead training and education efforts on privacy and data security policies in coordination with legal team
· Put into effect privacy policies and controls and oversee ongoing compliance;
· Support compliance with state, federal, and international data privacy laws (e.g. GDPR CCPA), regulations, and self-regulatory regimes, including enforceable commitments made in external-facing privacy statements.
· Develop and administer any regional or country-level privacy policies and standards and facilitate the continuous improvement of policies and standard operating procedures for the protection and security of private and confidential information.
· Report the personal data processing activities conducted by the businesses and participate in new product, initiative, or function due diligence risk management processes to ensure they address data protection and privacy issues.
· Serve as privacy lead in a variety of enterprise and key growth initiatives, including e-commerce, digital marketing, brand initiatives, retail, and commercial priorities.
· Review and complete customer forms and questionnaires and data impact protection assessments.
· Work closely with the legal and IT security teams to support data incident response efforts
· Provide privacy-related guidance and support for the company, including providing guidance to partner-facing teams and answering inquiries.
· Develop workforce educational activities addressing access, use, and disclosure of private and confidential information and generally build a privacy-aware culture.
· Design and conduct audits of current practices, analyze results, draft, and deliver reports on audit results, provide recommendations for process and policy improvements and provide project management for the implementation of the recommendations, including use of third-party tools or platforms.
· Respond to incidents and conduct privacy risk/impact assessments.
· Possesses deep experience with and acts as a subject matter expert in data privacy laws and regulations, including GDPR, CCPA, COPPA, FERPA, and SOPPA.
· Drives Arhaus’ strategy and practice with respect to collection, retention, reporting, and sharing of personal data in all systems, and third-party authentication protocols.
• Bachelor’s Degree required; advanced Degree in law (JD Degree), data privacy, and / or security strongly preferred.
• 5+ years’ experience in Privacy, Enterprise Risk Management, Compliance, or Security.
• 7+ years’ of experience with program management, consulting, or similar experience.
• Familiarity with security frameworks such as NIST (National Institute of Standards and Technology) preferred.
• Strong business acumen and experience with data-driven influencing and decision making.
• Comfort in technical project environments and ability to up-level to a business leadership audience.
• Outstanding organizational, communication, and interpersonal skills.
• Strong leadership presence and communication skills, and able to influence at all organization levels.
• Highly motivated with an ability to manage open-ended challenges
• Knowledge of e-commerce and/or digital marketing solutions preferred