Director, Privacy Compliance (Remote, US)

Openly is rebuilding insurance from the ground up. We are re-envisioning and enhancing every aspect of the customer experience. Doing this requires a rapidly growing team of exceptional, curious, empathetic people with a wide range of skill sets, spanning technology, data science, product, marketing, sales, service, claims handling, finance, etc.

We created Openly because we saw an evident gap in the market for premium insurance made simple. Consumers deserve more complete coverage at competitive prices.

• The Price Difference: Using cutting-edge data and technology, we provide you with customizable, competitive prices to protect your most valuable assets.
• The Policy Difference: Coverages are truly customizable to meet your individual protection needs, for both standard coverages and optional add-ons.
• The Experience Difference: From tailored claims handling to highly responsive customer service, we are focused on making the home insurance purchasing process a better overall experience.

At Openly, our people are just as important as our product. For us, collaboration, communication, and work-life balance are more than nice-to-haves— they’re the must-haves that make us who we are. We believe a great company is the result of a shared set of values, so we look for these qualities in every candidate we hire. 

• Integrity
• Empathy
• Teamwork
• Curiosity
• Urgency

We've designed our hiring process with you, the candidate, in mind. At every step, you have the chance to present your strengths and learn more about what makes Openly a great place to work.

We embrace individuality and believe diverse teams are winning teams. Our commitment to inclusion across race, gender, age, religion, identity, and experience drives us forward every day.

The Privacy Program Director responsible for the oversight of the company’s privacy compliance program in alignment with applicable federal and state privacy laws, insurance regulations, and industry best practices. This role ensures that the company protects personal information entrusted by policyholders, employees, agents, and business partners, and that privacy risks are effectively managed throughout the organization’s operations.

This is a critical, high-impact leadership position focused on refining and maturing our enterprise-wide Data Privacy framework. The Privacy Director will drive cross-functional collaboration to continuously enhance policies and controls, mitigate regulatory and reputational risk, and embed a culture of responsible innovation throughout the company.

• →Oversee the privacy program and compliance framework, including policies, standards, and controls for applicable privacy laws
• →Provides advice and support on privacy-related implications, data-handling practices, and solution design.
• →Oversee privacy impact assessments (PIAs) and risk assessments for new products, systems, and vendors
• →Reviews, drafts, and maintains privacy notices, policies, procedures, consents
• →Oversee privacy training, promote privacy awareness culture, and serve as the privacy subject matter expert for leadership
• →Monitor statutes, regulations, case law, and other resources for changes and recommend program updates to ensure ongoing compliance with a focus on compliance with U.S. regulatory frameworks.
• →Provides guidance in support of cybersecurity incident investigation and response
• →Oversee consumer rights request processes (access, correction, deletion, opt-out) and ensure timely, compliant handling
• →Review and provide advice relative to data privacy terms in vendor contracts and business associate agreements
• →Independently manage multiple privacy initiatives under tight timelines with changing priorities and limited resources
• →Perform all other tasks and activities assigned from time to time

• Bachelor’s degree in Law, Business, Information Management, or related field; JD or Master’s preferred
• 7+ years of experience in privacy, data protection, compliance, or related regulatory roles, including at least 4 years working directly on privacy/data protection initiatives, preferably in the insurance services sector
• Experience implementing or managing privacy programs under frameworks such as CCPA/CPRA, GLBA, or ISO/IEC 27701
• In-depth understanding of U.S. privacy and data protection laws and regulations and impact in the insurance or financial services industry
• Understanding of technologies used to protect sensitive data and monitor compliance
• Proficiency in privacy program governance, risk assessments, and third-party oversight tools
• Excellent organization and project management skills, with the ability to influence and collaborate effectively with people at all levels of the company
• Attention to detail and documentation discipline
• Strategic thinking with hands-on execution capability
• Extremely comfortable operating with ambiguity and addressing complex business questions
• Strong communication skills, both written and oral
• Strong analytical and research skills

• CDPSE, CIPP/US, CISA, CIPM, or CISM certification