Best Buy Director, Enterprise Privacy in Richfield, Minnesota
Director, Enterprise Privacy
Enterprise Risk/Information Security & Compliance
Store Number or Department:
Best Buy’s corporate purpose is to enrich lives through technology. And ensuring that we have in place a continuously evolving, robust privacy program is essential to delivering on this purpose while living our Guiding Behaviors. In the newly created role of Director, Enterprise Privacy you will report to the Head of Enterprise Privacy and, with the support and guidance of other executives across the company, you will have the opportunity and responsibility to help ensure that Best Buy meets its business objectives consistent with our purpose, Guiding Behaviors, and privacy promises.
This role requires a dynamic leader able to design and implement programs or enhance their maturity—your role is not merely to opine on what requirements are, but is instead to engage with stakeholders and lead the integration of requirements and best practices into the way we conduct our business, across the business, and oversee and manage risk. To be successful in this role requires that you have a thorough understanding of the legal, policy and business landscape today with a nimble ability to assess and incorporate tomorrow the changing state of the law, best practices, and technology. The role may manage a small team over time but you will excel at “leadership by influence” and leverage, direct, and apply resources across the company.
What will you do?
Depending upon your expertise and interests, you will have the opportunity either to influence or lead privacy and data ethics initiatives in four pillars:
Advertising & Ad Tech. Retail media is evolving rapidly and Best Buy is energized by the industry’s growth. Best Buy’s multi-channel digital advertising business is working to reshape our media portfolio to meet the increasingly sophisticated client needs and accelerate growth by delivering a unique value proposition to brands and agencies alike.
Artificial Intelligence & Machine Learning. As the opportunities to leverage these technologies continue to evolve and improve, we envision an ongoing maturing of corresponding privacy and data ethics capabilities in addition to responding to new legislative requirements.
Health & Wellness. In addition to our GreatCall consumer devices and care support, as a Business Associate, Best Buy Health uses tech-enabled human interactions to transform the home into a site of care on behalf of HIPAA Covered Entities and their customers.
Integrating New & Amended Comprehensive Privacy Laws. Best Buy has implemented a nearly fully automated platform to accept and respond to CCPA consumer rights requests by all Americans. We continue to evolve this platform and amend our privacy program through continuous improvement and to address new and updated privacy and security regulations.
In leading our approach to a particular pillar, your responsibilities will include
Developing Strategy : Based on your updated assessment of maturity, you will develop enterprise strategies for enhancing the pillar’s program and practices, meeting customer and employee privacy expectations and related federal and state legal requirements.
Leading implementation: You will operationalize programs and processes designed to implement requirements, best practices, and risk-management efforts.
Influencing change: You will interact with employees and workers at all levels of the company, continuing to reinforce the importance of privacy as recognized by our Code of Ethics . You also will have the ability to exert influence in the broader privacy community and society through working with our Government Affairs organization to influence legislation and rulemaking and participate, on Best Buy’s behalf, in various trade groups and industry or business community privacy initiatives.
As part of the Enterprise Privacy team, you also will:
Serve as subject matter expert and work closely with internal stakeholders to ensure compliance with applicable privacy laws and regulations.
Assist with the development and maintenance of privacy and related policies and standards.
Serve as a key stakeholder to new enterprise data governance initiatives.
Have significant input in newly required administrative processes under state laws such as data protection impact assessments, appeals processes, and many others yet to come.
Basic Requirements: (must meet or exceed to be considered a candidate)
5 or more years of experience in privacy, compliance, information security or similar discipline in a role that required identification and communication of risk.
3 or more years of direct or indirect (includes leadership by influence) people management and team leadership.
While we do not expect any one candidate to possess all these qualifications, we will view with favor one or more in combination.
Strong preference for hands-on experience leading or building risk-management programs concerning privacy, related disciplines, or other risk domains.
Experience and comfort in interacting with information technology and IT Professionals.
Experience applying privacy concepts and requirements to advertising and the ad tech ecosystem. Doing so in a retail or other first-party-data environment a particular plus.
Experience in HIPAA and health-information management issues.
Experience integrating privacy and date ethics considerations into Artificial Intelligence/Machine Learning implementations
Experience in cybersecurity and data-incident response.
Address Line 1:
7601 Penn Avenue South
Enterprise Risk and Compliance