The inaugural Director of Privacy will lead the development, coordination, and administration of the university's privacy initiatives, ensuring compliance with applicable federal and state privacy laws and regulations, including but not limited to the Family Educational Rights and Privacy Act (FERPA), Health Insurance Portability and Accountability Act (HIPAA), and Gramm-Leach-Bliley Act (GLBA), as well as emerging state, federal, and international data protection requirements. This role will involve maintaining a comprehensive data privacy governance inventory, including policies, standards, procedures, and internal controls.

The Director will report to the Vice President for Audit, Risk, and Compliance and Chief Risk Officer and will work collaboratively to promote a culture of ethical data stewardship and shared responsibility for privacy across the institution. The Director of Privacy will work closely with various departments, including Information Technology, Legal Counsel, Procurement, and Research Compliance to ensure that privacy requirements and best practices are fully integrated into the organization’s efforts to protect and secure personal information.

The Director will conduct periodic risk assessments to identify potential areas of vulnerability and risk, and will act as a subject matter expert and advisor on privacy issues for the university community. This role will participate in the development, implementation, and ongoing compliance monitoring of business customers, partners, vendors, third parties, etc., and the relevant agreements, to ensure all data privacy concerns, requirements, and responsibilities are addressed. This role may be asked to represent the university as needed in external privacy-related matters, agreements, or contracts.

The Director will also manage privacy-related investigations and complaints, as well as collaborate closely with information security and compliance teams to evaluate whether security incidents potentially involve personal or sensitive data, and provide guidance on the appropriate investigation and remediation of such incidents.


Key Responsibilities:
• Privacy Program: Develop and execute a university-wide privacy strategy aligned with institutional priorities. Ensure institutional compliance with applicable federal, state, and international privacy and data protection laws. Monitor regulatory developments and proactively update institutional policies and practices. Ensure privacy forms, policies, standards, and procedures are up-to-date.
• Ethics and Integrity: Foster a culture of ethical data stewardship across the university. Develop and implement initiatives to promote ethical behavior and decision-making.
• Collaboration: Cultivate relationships with peers and subject matter experts to facilitate anticipatory evaluation of new regulations, enforcement focus, or other compliance initiatives. Work collaboratively with various departments, including Information Technology, Legal Counsel, Procurement, and Research Compliance, to ensure a consistent and balanced approach.
• Risk Management: Coordinate privacy risk assessments and the development of action plans to address identified risks through consultative interaction with university partners. Initiate and monitor corrective action and process improvement as needed in conjunction with IT and other security stakeholders. Identify and develop initiatives to address and resolve areas of compliance concerns or emerging risks.
• Policy and Governance: Assist in the development of university-wide policies and procedures to ensure compliance with applicable privacy laws, regulations, and best practices. Review and evaluate existing policies and recommend improvements.
• Training and Education: Develop and deliver training programs to educate university employees on data privacy standards. Promote awareness of data stewardship and shared responsibility.
• Incident Management: Manage and oversee privacy-related investigations and complaints, and the resolutions in collaboration with other compliance leaders, team members, and legal counsel, as appropriate.
• Third-Party Contract Review: Review and advise on vendor contracts, data sharing agreements, and third-party risk from a privacy perspective, in coordination with IT, Legal Counsel, and Procurement.
• Reporting: Gather, organize, analyze, and report on privacy-related issues and recommendations that are complex in nature.

• An advanced degree in related field, or a combination of a bachelor's degree and significant related experience.
• Experience implementing a privacy program at a large organization.
• Understanding of applicable privacy laws, regulations, industry standards, and related compliance issues.
• Demonstrated ability to establish collaborative partnerships with a wide range of staff across a complex, decentralized organization.
• Demonstrated ability to successfully handle sensitive discussions; strong personal ethics commitment; and demonstrated sound judgment.
• Persuasive communicator, with excellent verbal and written communication skills, and the ability to communicate concisely, engage, influence, and align to achieve the desired results with a wide variety of audiences.
• Experience in developing reports that convey technical and complex concepts in simple language and recommendations derived from data analysis and synthesizing existing and emerging compliance requirements and trends.
• Must successfully complete a criminal background check.

• Professional experience in a higher education or a not-for-profit organization setting.
• Previous legal, regulatory, audit, and/or compliance experience at large, decentralized organizations.
• Juris Doctorate degree (JD) or a similar combination of legal training and experience.
• Related professional certifications in privacy such as Certified International Privacy Professional/United States (CIPP/US).
• Strong analytical, problem solving, presentation, and interpersonal skills.

Exempt: Not eligible for overtime

Regular

Salary range of $125,000 - $175,000

40

5/25/2026

The successful candidate will be required to have a criminal conviction check.

Dedicated to its motto, Ut Prosim (That I May Serve), Virginia Tech pushes the boundaries of knowledge by taking a hands-on, transdisciplinary approach to preparing scholars to be leaders and problem-solvers. A comprehensive land-grant institution that enhances the quality of life in Virginia and throughout the world, Virginia Tech is an inclusive community dedicated to knowledge, discovery, and creativity. The university offers more than 280 majors to a diverse enrollment of more than 36,000 undergraduate, graduate, and professional students in eight undergraduate colleges, a school of medicine, a veterinary medicine college, Graduate School, and Honors College. The university has a significant presence across Virginia, including Blacksburg, the greater Washington, D.C. area, the Health Sciences and Technology Campus in Roanoke, sites in Newport News and Richmond, and numerous Extension offices and research institutes. A leading global research institution, Virginia Tech conducts more than $650 million in research annually.

Virginia Tech endorses and encourages participation in professional development opportunities and university shared governance.  These valuable contributions to university shared governance provide important representation and perspective, along with opportunities for unique and impactful professional development.