Associate Director – Privacy Technologies
Role Overview
The Associate Director will embed privacy principles into the design, development and deployment of Grant Thornton technologies and initiatives. Activities include identifying and mitigating privacy risks in built or bought technologies, directing the implementation of privacy controls into all technologies, as well as identifying, recommending and directing the development and implementation of technical safeguards, policy changes and relevant training.
This Privacy Team role sits in Global Risk and Compliance group in the Legal vertical and is led by the Chief Risk and Compliance Officer. The Associate Director reports to the Sr. Director of Privacy and partners closely with global business units, technology and data governance teams to identify and mitigate privacy and data risks generally and specifically associated with regulatory compliance, certifications held by the business (e.g. ISO) client obligations, and strategic initiatives (including AI, data migration, and advanced analytics). This role will also audit the implementation and performance of risk mitigation technologies for effectiveness.
Key Responsibilities
Define and execute standardised, global framework for required technology controls (configurations, governance) to mitigate privacy risks in built or bought technologies and novel data use cases, including AI.
Create or modify required policy‑based controls and provide training content for the Privacy team.
Identify privacy risks in Grant Thornton technologies and direct configuration of data platforms and tools to mitigate identified risks and support compliance with applicable privacy laws and obligations.
Optimise use of OneTrust, Microsoft Priva and other privacy‑enhancing tools.
Audit the implementation and performance of privacy risk mitigation technologies for effectiveness.
Direct appropriate teams to embed privacy‑by‑design controls (data minimisation, purpose controls, access limitations, audit and logging capabilities) into enterprise platforms (data lakes, data warehouses, analytics environments, AI/GenAI tools) and projects.
Identify and minimise privacy risks associated with artificial intelligence, machine learning and deep learning, and direct implementation of controls for safe deployment of AI.
Develop reporting dashboards and metrics for leadership.
Identify and implement efficiency improvements across workflows and systems.
Qualifications
Experience
Bachelor’s degree in computer science, data science or an equivalent field; Master’s degree preferred.
8–12+ years in privacy, data governance, data science or technology roles within a professional services or regulated environment.
Experience with Azure Foundry (and similar), RAG model, agent workflows, ML/GenAI models and LLM, and privacy‑enhancing technologies such as anonymisation, differential privacy and IAM.
Technical & Functional Expertise
Strong understanding of data ecosystems (data lakes, warehouses, analytics platforms), data discovery, classification and lineage tools.
Experience with privacy engineering and control implementation.
Familiarity with information security frameworks and responsible AI controls.
Regulatory & Risk Knowledge
Deep knowledge of technical and policy controls required to meet federal, state and global privacy laws (e.g., HIPAA, CCPA/CPRA, GDPR).
Experience with ISO 27001, 27701, 42001 implementation and audit.
Awareness of emerging AI governance and regulatory expectations.
Leadership & Professional Skills
Ability to translate legal/regulatory requirements into practical, scalable technical solutions.
Strong stakeholder management across a matrixed, global organisation.
Experience influencing leadership and driving cross‑functional initiatives.
Excellent communication skills.
Preferred Qualifications
Certifications: CIPP/E, CIPM, CIPT or equivalent.
Experience within a global professional services network (e.g., Big Four).
Familiarity with enterprise tools used in Grant Thornton environments such as data exchange platforms, analytics environments and compliance tools.
#J-18808-Ljbffr