Director, Privacy Operations and Governance (Hybrid - Seattle)

As a Director of Privacy Operations and Governance within Nordstrom's Governance, Risk, and Compliance (GRC) team, you will lead the design, implementation, and execution of Nordstrom's Privacy and Governance programs. You will ensure compliance with U.S. privacy regulations, manage cybersecurity governance risks, and embed best practices across the enterprise to enhance Nordstrom's security posture and protect customer data.

In this role, you will act as the operational engine behind privacy and governance initiatives, partnering closely with Legal, HR, Marketing, Finance, and other business units. You will work across departments and functional lines on a variety of programs that range in scope, risk, and complexity.

Are you a strategic leader who is passionate about building robust governance and privacy programs? Do you think about ways to operationalize complex privacy regulations into business-friendly practices? Do you want to shape governance culture and influence executive decision-making on customer trust and data stewardship? Join our team and be part of a company that is on the cutting edge of retail technology geared at getting consumers the products they love in a safe and secure environment.

A day in life...

• Lead the design, implementation, and management of enterprise-wide privacy and governance operations
• Build and scale privacy operations processes including Privacy Impact Assessments (PIA), data subject rights workflows, and privacy-by-design reviews
• Develop governance frameworks defining roles, responsibilities, and accountability structures for data privacy risk
• Own lifecycle management of privacy and cybersecurity policies: creation, review, approval, and updates
• Ensure compliance with U.S. privacy laws (CCPA/CPRA, Colorado CPA, Virginia VCDPA, Connecticut, Utah, and emerging state laws)
• Establish a comprehensive governance model to measure and track the maturation of the overall cybersecurity program on a regular basis
• Create governance reporting mechanisms and executive dashboards for program maturity and risk posture
• Lead incident response for privacy breaches, including investigation, documentation, and regulatory reporting
• Define KPIs and KRIs for privacy and cybersecurity governance programs with regular leadership reporting
• Conduct maturity assessments and gap analyses to identify improvement opportunities
• Develop and deploy privacy and governance training programs with role-based curricula
• Oversee vendor privacy risk assessments and ensure appropriate contractual terms (DPAs, BAAs)
• Implement data classification schemes, ownership models, and lifecycle management processes
• Serve as operational privacy and governance expert across departments, partnering with Legal and Cybersecurity to ensure program alignment
• Develop and manage a roadmap informed by governance insights to prioritize initiatives and allocate resources effectively
• Build relationships with business leaders as a trusted advisor on privacy and governance matters

You own this if you have...

• Bachelor's degree; JD, MBA, or relevant advanced degree preferred or equivalent experience
• 10+ years in privacy, data protection, governance, compliance, or risk management, with 8+ years in leadership roles
• Experience building governance frameworks in complex, multi-functional organizations
• Strong knowledge of U.S. privacy regulatory landscape and practical operationalization experience
• Expertise in governance frameworks, policy management, and program execution
• Deep understanding of the retail business domain, including experience with online, phone order, and physical store sales channels
• Knowledge of how privacy and regulatory requirements can be met across a diverse set of technical environments—from legacy mainframe computers to containers in the cloud
• Strong bias for results and can operate with autonomy to address bottlenecks, provide escalation management, anticipate and make trade-offs, and encourage behavior to maximize business benefit
• Highly collaborative skillsets and can build and leverage relationships with internal and external stakeholders
• Proven ability to lead cross-functional teams and enterprise initiatives
• Excellent written and verbal communications, including presentation skills, and proven ability to effectively communicate with all levels of the organization, including executive leadership

Preferred Qualifications:

• CIPP/US, CIPM, CGEIT, CRISC, or CISM certifications preferred
• Proficiency with GRC tools and technologies such as Onspring or Archer GRC platforms
• Experience with privacy program automation

We’ve got you covered…

Our employees are our most important asset and that’s reflected in our benefits. Nordstrom is proud to offer a variety of benefits to support employees and their families, including:

• Medical/Vision, Dental, Retirement and Paid Time Away

• Life Insurance and Disability

• Merchandise Discount and EAP Resources

A few more important points...

The job posting highlights the most critical responsibilities and requirements of the job. It’s not all-inclusive. There may be additional duties, responsibilities and qualifications for this job.

For Los Angeles or San Francisco applicants: Nordstrom is required to inform you that we conduct background checks after conditional offer and consider qualified applicants with criminal histories in a manner consistent with legal requirements per Los Angeles, Cal. Muni. Code 189.04 and the San Francisco Fair Chance Ordinance. For additional state and location specific notices, please refer to the Legal Notices document within the FAQ section of the Nordstrom Careers site.

Applicants with disabilities who require assistance or accommodation should contact the nearest Nordstrom location, which can be identified at www.nordstrom.com. 

Please be mindful that there may be legal notices and requirements related to this job posting that are specific to your state. Review the Career Site FAQ’s for relevant information and guidelines.

© 2022 Nordstrom, Inc  

Current Nordstrom employees: To apply, log into Workday, click the Careers button and then click Find Jobs.

Nordstrom keeps job postings open for at least one day after the posting date.

Pay Range Details

The pay range(s) below has been provided in compliance with state specific laws. Pay ranges may be different for other locations. 
Pay offers are dependent on the location, as well as job-related knowledge, skills, and experience.