Columbia Sportswear Company Head of Global Privacy in Portland, Oregon

Head of Global Privacy

United States, Oregon, Portland


100004Z1 Requisition #

Jun 14, 2018 Post Date

The Head of GlobalPrivacy will lead the Company’s global data privacy function, including workingclosely with a team of data privacy liaisons and analysts. Qualified candidates must have considerableexperience and expertise in privacy law and policy, privacy program managementand industry best practices. Expertise in global data privacy requirements,including but not limited to EU requirements, is essential. The Head of Global Privacy will collaboratewith multiple stakeholders across the organization, including the Legal, IT,HR, Finance, Internal Audit, Procurement, Marketing, E-Commerce and Salesorganizations to develop, implement, monitor and continuously improve privacypractices on a global basis and in compliance with applicable law.


  • Develop andexecute overall global data privacy strategy and serve as the key privacyresource for the Company, in collaboration with our Legal team, EU Data PrivacyAdvisor, Director of Information Security and other stakeholders.
  • Design andcontinuously improve the global data privacy function, including processes forthe completion of personal information inventories, privacy impact assessments,creating and maintaining records of processing activities, and updating privacypolicies and procedures. Ensure ongoing monitoring, auditing, reporting andevaluation of the privacy function.
  • Develop andcontinuously improve vendor management procedures addressing data privacyrequirements to ensure appropriate assessment of vendors for compliance withCompany privacy requirements.
  • Support Legaland Procurement in drafting, reviewing and negotiating third party contracts toaddress privacy obligations.
  • Review and mapkey international flows of employee and consumer data and implement appropriatetransfer mechanisms.
  • Provideguidance and oversight to members of the Global Privacy Function; establish andoversee regional Data Privacy Liaison team.
  • Coordinatewith internal and external privacy counsel and other business stakeholders toensure existing and new products, services and processes comply with applicableprivacy requirements.
  • Coordinatewith internal and external privacy counsel to advise internal clients on arange of global privacy laws.
  • Develop globalprivacy training materials and other communications to increase employeeunderstanding and awareness of privacy issues and conduct initial and on-goingglobal privacy training.
  • Maintainknowledge of and monitor developments in global privacy requirements and bestpractices.
  • Manage privacycomplaints, breaches and investigations by privacy regulatory authorities, incollaboration with the Legal and HR teams.
  • Overseeresponse to consumer and employee information access and deletion requests, incollaboration with the Information Security team.
  • Work withLegal and Government Affairs teams to develop relationships with regulators andgovernment officials responsible for privacy and data security matters, as wellas relevant consumer organizations.
  • Work withInformation Security teams to review all system-related information securityplans to ensure alignment between security and privacy practices.
  • Develop andmanage the Global Privacy Function budget in collaboration with the VP ofLegal.


  • Bachelor degreerequired. J.D. or lAPP Certifications such as CIPP/US, CIPP/EU, CIPP/IT and/orCIPP/M a strong asset.
  • Minimum of 10years of experience in a role focused on data privacy compliance or othercomparable leadership roles in a global organization.
  • Demonstratedunderstanding of U.S. and International privacy laws, regulations and bestpractices, doing so in the context of consumer data is preferred.
  • Experience withinmultinational public company a plus.
  • In-depthknowledge and experience on building, leading and maintaining privacy programs.
  • Proven trackrecord of policy and process development, implementation and management.
  • Strong knowledgeand interest in emerging technologies and a strong understanding of informationsystems and related security requirements.
  • Comfortablerepresenting the organization for all privacy related matters.
  • Strong leadershipcapability, including the ability to secure buy-in for and participation incomplex global projects.
  • Ability tooperate in complex, evolving business, including a strong comfort level withand ability to effectively navigate within an environment of ambiguity andchange.
  • Strong interpersonal and relationship buildingskills, including the ability to effectively communicate messages upward anddownward in the organization and tailor communications and delivery style todifferent audiences to build alignment and establish consensus.
  • Working knowledge of IT functions, services andresponsibilities within a company with global business operations, includinggeneral knowledge of Information Systems at all layers of the typicalapplication.
  • Strong Word, Excel, PowerPoint, Visio andProject skills.
  • Demonstrable talents gathering and developingrequirements across diverse stakeholder communities, coupled with ability tomanage diverse and sometimes competing interests.
  • Working knowledge of IT Audit practices andframeworks and how to apply them pragmatically to an information systemsenvironment.
  • In particular, experience with SOX and/or PCICompliance practices will be helpful in this role.

This job description is not meant to be an all-inclusive list of duties and responsibilities, but constitutes a general definition of the position's scope and function in the company.

EEO/AA Employer/Vets/Disabled/Race/Ethnicity/Sex/Sexual Orientation/Gender Identity/Age