Director, Data Privacy and Compliance

Department
 

F&A ITS - Services

About the Department
 

The University of Chicago is an institution of innovation, research, and global impact. Our commitment to intellectual freedom and academic rigor is at the core of everything we do, and our privacy and data governance practices are critical to supporting this mission. We are seeking a visionary and collaborative leader to serve as the University’s Director of Data Privacy and Compliance and help shape the future of privacy and data governance at one of the world’s leading research universities.

Job Summary
 

As the University’s Director of Data Privacy and Compliance, you will play a pivotal role in shaping and driving the Institution’s privacy strategy. This high-impact role reports to the Chief Information Officer (CIO) and works closely with University leadership, including the Provost’s Office and faculty, to ensure that our data privacy and governance practices align with legal, ethical, and mission-driven standards and comply with all applicable laws and regulations. This is an exciting opportunity to build the University’s privacy and data governance program from the ground up, applying your expertise in compliance, research, and data ethics. The Director will be the senior resource for all matters of privacy, working at the intersection of law, technology, and innovation to proactively address the evolving landscape of data privacy in higher education and research.

Responsibilities

• Designs, implements, and oversees a comprehensive, institution-wide privacy program that ensures compliance with federal, state, and international privacy regulations.
• Collaborates with University leadership to address emerging privacy issues and build future-proof policies that support growth in areas such as bioinformatics and data science.
• Advises senior University leadership on privacy matters, keeping them informed about emerging issues, regulatory changes, and industry trends that could impact the institution.
• Develops, updates, and manages privacy policies to meet the needs of administrative and sensitive research data.
• Navigates the ethical, legal, and technological challenges of data privacy with faculty, researchers, and University offices, fostering innovation in research and administration.
• Oversees cross-functional data governance initiatives to align privacy and data security efforts, manages data inventories, and enforces privacy controls across the University, overseeing the entire data lifecycle.
• Ensures compliance with applicable laws and regulations, including HIPAA, FERPA, and GDPR; develops training programs, audits vendors, and responds to privacy incidents in collaboration with the information security team.
• Serves as a liaison with the University of Chicago Medical Center, coordinating shared data privacy efforts, especially in areas involving HIPAA.
• Builds a culture of privacy awareness through training and communication across the University.
• Conducts regular privacy impact assessments and audits to identify and mitigate risks.
• Manages the investigation and resolution of privacy incidents, developing strategies to prevent future issues.
• Oversees privacy-related aspects of contracts with third-party vendors to ensure compliance with data protection standards.
• Works closely with IT and academic units to integrate privacy principles into new systems and processes, embedding privacy considerations into research initiatives, system architecture, and data collection practices from the outset.
• Benchmark the University’s privacy and data governance program against peer institutions and industry best practices, ensuring continuous improvement.
• Leads and provides expertise in the implementation of compliance activities designated by the University's strategic plans. Monitors University compliance with regulations and laws.
• Leads teams to develop and administer policies related to affirmative action, non-discriminatory practices for persons with disabilities, and unlawful harassment or sexual misconduct.
• Performs other related work as needed.

Minimum Qualifications
 

Education:

Minimum requirements include a college or university degree in related field.

---
Work Experience:

Minimum requirements include knowledge and skills developed through 7+ years of work experience in a related job discipline.

---
Certifications:

---

Preferred Qualifications

Education:

• JD or Master’s degree in a relevant field.

Experience:

• Proven expertise in privacy, compliance, or related areas, preferably within a large research university or similar organization.
• Proven track record in building or leading a privacy program.
• Background in academic research environments or academic medical centers.
• Familiarity with privacy concerns related to bioinformatics, data science, and AI.

Certifications:

• Certified Information Privacy Professional (CIPP) certification highly desirable.

Technical Skills or Knowledge:

• Expertise in privacy regulations, including HIPAA, FERPA, and GDPR.

Preferred Competencies

• Leadership and vision for cross-functional team management.
• Solution-oriented mindset with strong problem-solving skills.
• Strong interpersonal and consensus-building skills.
• Analytical ability for privacy and compliance risk assessments.

Working Conditions

• Standard office environment.
• Occasional travel for conferences, training, or vendor audits.

Application Documents

• Resume/CV (required)
• Cover Letter (required)

When applying, the document(s) MUST be uploaded via the My Experience page, in the section titled Application Documents of the application.

Job Family
 

Legal & Regulatory Affairs

Role Impact
 

Individual Contributor

FLSA Status
 

Exempt

Pay Frequency
 

Monthly

Scheduled Weekly Hours
 

37.5

Benefits Eligible
 

Yes

Drug Test Required
 

No

Health Screen Required
 

No

Motor Vehicle Record Inquiry Required
 

No

Posting Statement
 

The University of Chicago is an Affirmative Action/Equal Opportunity/Disabled/Veterans and does not discriminate on the basis of race, color, religion, sex, sexual orientation, gender, gender identity, national or ethnic origin, age, status as an individual with a disability, military or veteran status, genetic information, or other protected classes under the law. For additional information please see the University's Notice of Nondiscrimination.

 

Staff Job seekers in need of a reasonable accommodation to complete the application process should call 773-702-5800 or submit a request via Applicant Inquiry Form.

 

We seek a diverse pool of applicants who wish to join an academic community that places the highest value on rigorous inquiry and encourages a diversity of perspectives, experiences, groups of individuals, and ideas to inform and stimulate intellectual challenge, engagement, and exchange.

 

All offers of employment are contingent upon a background check that includes a review of conviction history.  A conviction does not automatically preclude University employment.  Rather, the University considers conviction information on a case-by-case basis and assesses the nature of the offense, the circumstances surrounding it, the proximity in time of the conviction, and its relevance to the position.

 

The University of Chicago's Annual Security & Fire Safety Report (Report) provides information about University offices and programs that provide safety support, crime and fire statistics, emergency response and communications plans, and other policies and information. The Report can be accessed online at: http://securityreport.uchicago.edu. Paper copies of the Report are available, upon request, from the University of Chicago Police Department, 850 E. 61st Street, Chicago, IL 60637.