"Alerted.org

Chief Privacy Officer and Assistant Vice President

Required Qualifications** **(as evidenced by an attached resume):

Juris Doctor (or foreign equivalent) from an accredited law school and an active bar admission in at least one U.S. state. Seven (7) years of full-time progressive privacy and data protection experience. Hands-on experience managing and interacting with federal & state compliance regulators and international privacy laws. Must have, keep and maintain the appropriate valid NYS Driver’s License; have a motor vehicle record which is free from major violations or a pattern of repeat violations. **(***Out-of-State Applicants, see "Special Notes”).**

Preferred Qualifications:

Ten (10) years of full-time progressive privacy and data protection experience. Professional privacy certification (CIPP, CIPM, CIPT, or equivalent). Experience in managing privacy requirements as a service provider to various regulated entities, such as higher education, healthcare entities (e.g., HIPAA-regulated entities), banking (e.g., GLBA-regulated entities), etc. International privacy experience. Knowledge of data governance frameworks and master data management (MDM) practices. Experience with privacy tools and platforms (e.g., OneTrust, TrustArc, BigID). Familiarity with privacy-enhancing technologies (PETs) such as data anonymization, pseudonymization, and tokenization.

Brief Description of Duties:

The Chief Privacy Officer (CPO) and Assistant Vice President will lead the development, implementation, and oversight of a comprehensive privacy program that supports Stony Brook University’s academic, research, clinical, and administrative functions. Reporting to the Vice President for Enterprise Risk Management, the CPO and AVP provides strategic leadership across the university’s ecosystem and ensures compliance with federal, state, and international privacy laws, institutional policies, and sponsor requirements. Acting as a trusted advisor, this executive will collaborate closely with stakeholders in ERM, legal, IT security, academic affairs, research administration, and clinical operations to strengthen the university’s privacy framework. We are seeking a visionary and ethical leader who combines deep expertise in global privacy laws, information security, and data operations with exceptional leadership acumen. The ideal candidate will have a proven ability to build and develop high-performing teams, foster a culture of compliance and accountability, and inspire confidence across all levels of the organization. The CPO and AVP will partner with Stony Brook Medicine privacy leaders on HIPAA compliance and privacy initiatives to ensure coordination and consistency across institutional privacy practices. With strong strategic thinking and sound business judgment, they will translate complex regulatory requirements into actionable enterprise solutions, leveraging advanced privacy management tools to drive measurable results. A persuasive communicator and trusted advisor, the CPO and AVP will demonstrate urgency, integrity, and an unwavering commitment to advancing the mission, vision, and values of Stony Brook University while enabling innovation, mitigating risk, and maintaining stakeholder trust. The selected candidate should also have a proven track record of building and/or implementing enterprise-wide privacy programs.

+ **Strategic Leadership & Governance:**

+ Develop and execute the organization's privacy vision, strategy, and roadmap.

+ Partner with executive leadership to integrate privacy considerations into business strategy.

+ Identify and recommend privacy management tools.

+ Serve as the organization's primary privacy subject matter expert to regulators and stakeholders.

+ Establish privacy governance frameworks and accountability structures.

+ Build, lead and mentor a team of privacy professionals.

+ Stay current with technological advances that impact privacy practices, including assessing privacy implications of AI, machine learning, and other emerging technologies.

+ Develop privacy-by-design principles for technology implementations.

+ Champion enterprise-wide privacy governance by aligning policies and decision-making with institutional strategy.

+ Advise executive leadership on emerging privacy risks, regulatory trends, and ethical considerations to ensure accountability and transparency.

+ **Compliance, Risk Mitigation and Incident Response:**

+ Guide and oversee compliance with data privacy protection laws and standards. Oversee the privacy compliance program across all jurisdictions (GDPR, PIPL, CCPA, etc.).

+ Conduct comprehensive privacy risk assessments and implement mitigation strategies.

+ Identify and mitigate privacy risks across the institution and assess new projects, systems, and initiatives to identify and mitigate privacy risks prior to implementation.

+ Embed privacy protections into systems and processes.

+ Monitor evolving privacy laws and regulations, assessing and adjusting policies and processes to address organizational impact.

+ Collaborate with the Chief Information Security Officer (CISO) and the Information Security Planning Council to ensure alignment between security and privacy compliance programs, including policies, practices, and investigations.

+ Direct privacy incident investigations and breach response in collaboration with cross-functional stakeholders.

+ Consult on investigation, containment, mitigation, and notification processes for privacy incidents and data breaches.

+ Manage relationships with regulatory authorities during investigations or inquiries.

+ Collaborate with and support appropriate stakeholders to review contractual agreements, clauses, etc. as they relate to privacy regulations and considerations.

+ Collaborate with SBM privacy and compliance teams to ensure alignment of university-wide privacy initiatives with HIPAA-related privacy practices and requirements.

+ **Cross-Functional Collaboration & Education:**

+ Establish and maintain institutional privacy policies, standards, and practices aligned with legal requirements and university values.

+ Work closely with Information Security, General Counsel's Office, Data Governance Council, and other internal functions.

+ Develop educational programs on privacy best practices, data handling, and compliance for faculty, staff, and students.

+ Deliver a comprehensive training and awareness program that educates the community and cultivates a culture of privacy.

+ Provide privacy guidance for new services, and initiatives.

+ Lead and/or serve as subject matter expert with privacy due diligence.

+ Develop and manage procedures for vetting and auditing vendors and third parties on privacy compliance requirements.

+ Serve as a trusted privacy advisor across the university collaborating with stakeholders to integrate privacy considerations into initiatives, programs and technology implementations while delivering targeted education and guidance that advances compliance, innovation and the institutional mission.

+ **Other duties or projects as assigned as appropriate to rank and departmental mission.**

Special Notes:

This is a Management Confidential position. This is a full-time appointment. FLSA Exempt position, not eligible for the overtime provisions of the FLSA. Minimum salary threshold must be met to maintain FLSA exemption.

**Essential Position:** This has been designated as an essential position based on the duties of the job and the functions performed. Positions that are designated as such may be required to report to work/remain at work even if classes are canceled, and the campus is working on limited operations in an emergency.

Evening and weekend work will be required at times.

***Out-of-State Applicants: Please note as a condition of employment and in order for this position to be tendered, the successful incumbent will be required to provide evidence of a valid license and driving abstract from the state issuing the license within five business days of a conditional offer and must obtain a NYS driver's license within 30 days of start date.

For this position, we are unable to sponsor candidates for work visas.

Resume/CV and cover letter should be included with the online application.

_Stony Brook University is committed to excellence in diversity and the creation of an inclusive learning and working environment. All qualified applicants will receive consideration for employment without regard to race, color, national origin, religion, sex, pregnancy, familial status, sexual orientation, gender identity or expression, age, disability, genetic information, veteran status and all other protected classes under federal or state laws._

If you need a disability-related accommodation, please call the university Office of Equity and Access (OEA) at (631) 632-6280 or visit OEA (https://www.stonybrook.edu/commcms/oea/) .

_In accordance with the Title II Crime Awareness and Security Act_ a _copy of our crime statistics can be viewed_ here (https://www.stonybrook.edu/police/) _._

Visit our WHY WORK HERE (https://www.stonybrook.edu/jobs/working-here/) page to learn about the **total rewards** we offer.

The starting salary range (or hiring range) to be offered for this position is noted below, it represents SBU’s good faith and reasonable estimate of the range of possible compensation at the time of posting.

**Job Number:** 2503887

**Official Job Title:** : Assistant Vice President

**Job Field** : Administrative & Professional (non-Clinical)

**Primary Location** : US-NY-Stony Brook

**Department/Hiring Area:** : Division of Enterprise Risk Management

**Schedule** : Full-time

**Shift** : Day Shift **Shift Hours:** : 8:30 a.m. - 5:00 p.m. :

**Posting Start Date** : Oct 23, 2025

**Posting End Date** : Nov 6, 2025, 11:59:00 PM

**Salary:** : Commensurate with experience.

**Appointment Type:** : Regular

**Salary Grade:** : MP3

**SBU Area:** : Stony Brook University

**Req ID:** 2503887