• Director of Privacy

    CoStar Realty Information, Inc. (Arlington, VA)


    Director of Privacy

    Job Description

    Director, Privacy - Costar Group

    OVERVIEW

    The Director, Privacy will provide CoStar with operational expertise related to data privacy and protection and work closely with CoStar legal stakeholders to lead the global privacy program. This is a hands-on role that offers the opportunity to contribute meaningfully to a growing global privacy program, while being supported by senior leadership. The successful candidate will assist in the day-to-day execution of core privacy operations and compliance initiatives to help mitigate risk, protect data assets and information, and drive privacy compliance across the organization. This individual will be responsible for developing program functions such as data subject rights, privacy reviews, cookie compliance, and third-party risk management, while coordinating with cross-functional partners and vendors to ensure implementation. The Director, Privacy will bring strong working knowledge of U.S. privacy laws, GDPR and emerging laws, ensuring CoStar is compliant with all applicable international, federal and state privacy and data protection laws and regulations. This individual will be responsible for ensuring customer and employee data is being collected, shared and used in appropriate ways, as well as playing a role in safeguarding company proprietary data.

     

    The Director, Privacy will perform key risk management activities and is responsible for providing sound compliance advice to all aspects of the business as a subject matter expert. This individual will be expected to be an effective partner across the organization to create solutions that align with the company’s business goals without compromising data protection and information security standards. The Director, Privacy will be part of the Legal Department and will work within the broader enterprise compliance and risk management team. This individual will support governance across CoStar’s global brands and products. The role is ideal for someone who is a proactive self-starter and strategic and practical thinker, who has a thirst for knowledge and continued growth, all while working as part of a great legal team.

    RESPONSIBILITIES

    + Support all aspects of CoStar’s global privacy compliance and risk management program, including developing strategy, monitoring the regulatory landscape, maintaining relevant policies, notices and disclosures, and overseeing privacy operations, risk and controls monitoring, and privacy training and awareness.

    + Play a key role in CoStar’s cross functional data protection forum that meets regularly to review privacy and data protection priorities and drive awareness and accountability across the organization.

    + Manage the day-to-day functioning of CoStar’s global privacy program compliance platform (OneTrust) to support core programs including data subject access rights (DSAR), privacy by design (PIAs, DPIAs, LIAs and TIAs), and records of processing activity (ROPA) management.

    + Analyze business initiatives, products, and processes to ensure they comply with applicable laws and regulations; practice sound judgement to effectively assess and balance risk in the provision of compliance advice to the business.

    + Create organizational awareness by partnering with the company’s internal training organization to develop and roll out on-going training across CoStar Group related to data privacy and CoStar’s expectations and standards, including identification, processing, and handling of sensitive data.

    + Work closely with the technology, accounting, and business risk management teams to identify, assess, advise on, and mitigate privacy risks, as well as implement controls and processes.

    + Develop, enhance, and implement privacy and data protection policies, procedures, guidelines, and related training.

    + Provide the primary point of contact for business partner privacy compliance related inquiries and collaborate across teams to ensure the global privacy support operations processes are fulfilled and operating smoothly.

    + Perform privacy program reporting upon request, creating reports to inform senior leadership, internal and external stakeholders, and risk owners.

    + Maintain expert knowledge of applicable privacy and data protection law and regulations, keeping up and advising the business on current developments.

    BASIC QUALIFICATIONS

    + 5 years of experience in a comparable role at an international firm, with a focus on privacy, data protection, technology or regulatory compliance.

    + Working knowledge of key global privacy frameworks and emerging laws, including GDPR, UK DPA, EU AI Act and U.S. federal and state privacy laws (e.g., CCPA/CPRA), and ability to analyze these complex laws and regulations and translate them into practical guidance for cross-functional teams.

    + Familiarity with privacy compliance tools and workflows, such as DSAR response processes, privacy impact assessments (PIAs), and records of processing activities (ROPAs); experience with platforms like OneTrust preferred.

    + Project management experience or certification a plus.

    + Global privacy or compliance program management experience a plus.

    + Strong interpersonal skills and experience in working cross-functionally with a variety of teams, with lawyers and non-lawyers, including software engineering teams, sales teams, and product teams.

    + Detail oriented, well organized and technically-adept.

    + High degree of professional ethics and integrity.

    + Strong computer skills – MS Office (Excel, Word, PowerPoint).

    PREFERRED QUALIFICATIONS AND SKILLS

    + One or more of the following certifications – Certified Information Privacy Manager (CIPM), Certified Information Privacy Professional (CIPP), Certified Risk Professional (CRP), Certified Regulatory Compliance Manager (CRCM), Program Management Professional (PMP) or AI Governance Professional (AIGP).

    + Excellent judgement, analytical and communication skills.

    + Passion and expertise in data privacy with a proactive, practical, solutions driven approach to risk mitigation.

    + Expertise and knowledge of digital and/or e-commerce marketplaces or online information businesses.

    + Experience with international growth and implementing local jurisdiction-based compliance programs.

    + Ability to manage multiple projects while maintaining and driving strong results.

    + J.D. and admission to practice law in at least one U.S. jurisdiction (or UK qualification) a plus.

     

    What’s in it for you?  

     

    When you join CoStar Group, you will experience a collaborative and innovative culture working alongside the best and brightest to empower our people and customers to succeed. We offer generous compensation and performance-based incentives. CoStar Group also invests in your professional and academic growth with training and tuition reimbursement.

    Other highlights of our benefits package include:

    + Comprehensive healthcare coverage: Medical / Vision / Dental / Prescription Drug .

    + Life, legal, and supplementary insurance.

    + Virtual and in person mental health counseling services for individuals and family.

    + Commuter and parking benefits.

    + 401(K) retirement plan with matching contributions.

    + Employee stock purchase plan.

    + 11 holidays and 3 weeks of vacation per year.

    + On-site fitness center.

    + Access to CoStar Group’s Diversity, Equity, & Inclusion Employee Resource Groups.

    + Snacks and caffeine.

     

    We welcome all qualified candidates who are currently eligible to work full-time in the United States to apply. However, please note that CoStar Group is not able to provide visa sponsorship for this position.

     

    CoStar Group is an Equal Employment Opportunity Employer; we maintain a drug-free workplace and perform pre-employment substance abuse testing

     

    CoStar Group is an Equal Employment Opportunity Employer; we maintain a drug-free workplace and perform pre-employment substance abuse testing

     

    CoStar Group (NASDAQ: CSGP) is a leading global provider of commercial and residential real estate information, analytics, and online marketplaces. Included in the S&P 500 Index and the NASDAQ 100, CoStar Group is on a mission to digitize the world’s real estate, empowering all people to discover properties, insights and connections that improve their businesses and lives.

     

    We have been living and breathing the world of real estate information and online marketplaces for over 37 years, giving us the perspective to create truly unique and valuable products and services. We’ve continually refined, transformed and perfected our approach to our business, creating a language that has become standard in our industry and for our customers. This is how we deliver for our customers, our employees, and investors. By equipping the brightest minds with the best resources available, we provide an invaluable edge in real estate.

     

    CoStar is committed to creating a diverse environment and is proud to be an equal opportunity workplace and affirmative action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status. CoStar is also committed to compliance with all fair employment practices regarding citizenship and immigration status.

     

    If you are a qualified individual with a disability or a disabled veteran, you may request a reasonable accommodation if you are unable or limited in your ability to use or access www.costargroup.com/careers as a result of your disability. You can request reasonable accommodations by calling 1-855-840-1715 or by sending an email to [email protected] .