Privacy Manager

Rent the Runway (RTR)  is transforming the way we get dressed by pioneering the world’s first Closet in the Cloud. Founded in 2009, RTR has disrupted the $2.4 trillion fashion industry by inspiring women with a more joyful, sustainable and financially-savvy way to feel their best every day. As the ultimate destination for circular fashion, the brand now offers infinite points of access to its shared closet via a fully customizable subscription to fashion, one-time rental or ownership. RTR offers designer apparel and accessories from hundreds of brand partners and has built in-house proprietary technology and a one-of-a-kind reverse logistics operation. Under CEO and Co-Founder Jennifer Hyman’s leadership, RTR has been named to CNBC’s “Disruptor 50” five times in ten years, and has been placed on Fast Company’s Most Innovative Companies list multiple times, while Hyman herself has been named to the “TIME 100” most influential people in the world and as one of People magazine’s “Women Changing the World.”

As a core function of the CISO Organization, the Privacy Manager owns and manages the operations of RTR’s privacy program. Working closely with the Senior Director of Information Security, you will be responsible for assessing, evaluating and raising the overall maturity of privacy processes and controls. You will be responsible for performing vendor due diligence processes and helping to lead and define overall third-party risk management efforts. You will perform periodic gap assessments to validate compliance on an ongoing basis. You will be expected to stay up-to-date and informed on developing regulatory concerns and changing privacy, regulatory and information security trends.

• →Lead the development, implementation, and maintenance of the organization’s privacy program.
• →Ensure compliance with privacy regulations such as GDPR, CCPA/CPRA, and other applicable data privacy laws, regulations, and industry best practices.
• →Conduct privacy risk assessments, Data Protection Impact Assessments (DPIAs), and audits of policies, processes, and standard operating procedures to identify and implement enhancements.
• →Strong understanding of privacy, data protection, and compliance requirements within cloud environments, including AWS, Azure, and Google Cloud Platform (GCP).
• →Manage incident response for data breaches and coordinate reporting to regulators when required.
• →Assist in data mapping, inventory, and classification initiatives.
• →Engage with business, technical, and legal stakeholders to conduct privacy-by-design reviews for product launches, integrations, and implementations.
• →Develop, update, and enforce privacy policies, procedures, and training programs while tracking regulatory developments and industry best practices to proactively enhance the organization’s privacy program.
• →Partner cross-functionally with engineering, product, legal, customer service, and other business teams, building an understanding and framework for scaling privacy compliance in their processes and operations. 
• →Lead privacy due diligence reviews and oversight of third-party vendors, including to verify compliance with security & privacy requirements.
• →Assist in delivering privacy training and awareness programs across the organization.
• →Report privacy metrics, risks, and incidents to senior management and executive leadership.

• 6+ years of experience in privacy or security governance, risk, or compliance functions.
• Passion for Privacy as a strategic approach, not a check-the-box exercise.
• Experience working in or with a technology organization in an intensive agile environment.
• Experience with GDPR, CCPA, or consumer/e-commerce experience preferred.
• A strong degree of comfort working alongside, engaging and communicating in a cross-functional environment, including IT, engineering, and business stakeholders.
• Excellent interpersonal, communication, and presentation skills, including report-writing experience.
• Understanding and belief that privacy management is never a “one size fits all”.
• An entrepreneurial spirit and bias towards action and thoughtful experimentation.