Associate Director –Privacy Technologies
Role Overview
The Associate Director will embed privacy principles into the design, development and deployment of Grant Thornton technologies and initiatives. Activities include identifying and mitigating privacy risks in built or bought technologies, directing the implementation of privacy controls into all technologies, as well as identifying, recommending and directing the development and implementation of technical safeguards, policy changes and relevant training.
This Privacy Team role sits in Global Risk and Compliance group in the Legal vertical and is led by the Chief Risk and Compliance Officer. The Associate Director reports to the Sr. Director of Privacy and partners closely with global business units, technology and data governance teams to identify and mitigate privacy and data risks generally and specifically associated with regulatory compliance, certifications held by the business (e.g. ISO) client obligations, and strategic initiatives (including AI, data migration, and advanced analytics). This role will also audit the implementation and performance of risk mitigation technologies for effectiveness.
Key Responsibilities
Privacy Technology Strategy & Global Enablement
- Define and execute standardised, global framework for required technology controls (configurations, governance) designed to mitigate privacy risks in built or bought technologies or contemplated by novel data use cases, including AI uses.
- Create or modify required policy-based controls and assist in providing training content for the Privacy team.
- Identifying privacy risks in GT technologies and articulating and directing configuration of data platforms and tools to mitigate identified risks, support compliance with applicable privacy laws and other obligations.
- Optimizsation of One Trust, Microsoft Priva and other tools.
- Audit implementation and performance of privacy risk mitigation technologies for effectiveness.
- Direct appropriate teams to enable controls that embed privacy-by-design controls (data minimisation, purpose controls, access limitations, audit and logging capabilities) into enterprise platforms (e.g., data lakes, data warehouses, analytics environments, AI/GenAI tools) and projects.
- Identify and minimise privacy risks involved when using artificial intelligence, machine learning and deep learning. Direct implementation of controls for safe deployment of AI.
- Develop reporting dashboards and metrics for leadership.
Identify and implement efficiency improvements across workflows and systems.
-
Qualifications
Experience
- Bachelor’s degree in computer science, data science or equivalent experience required. Master’s degree preferred.
- 8–12+ years in privacy, data governance, data science or technology roles within a professional services or regulated environment.
- Azure Foundry (and similar), RAG model, agent workflows.
- ML/GENAI models and LLM.
- Privacy enhancing technologies implementation (anonymisation, differential privacy, IAM).
Technical & Functional Expertise
- Strong understanding of:
- Data ecosystems (data lakes, warehouses, analytics platforms)
- Data discovery, classification, and lineage tools
- Privacy engineering and control implementation
- Information security frameworks
Familiarity with responsible AI controls and emerging technologies.
-
Regulatory & Risk Knowledge
- Deep understanding of the technical and policy controls needed to meet the requirements of federal, state and global privacy laws (e.g., HIPAA, CCPA/CPRA, GDPR).
- Experience with ISO 27001, 27701, 42001 implementation and audit.
Awareness of emerging AI governance and regulatory expectations.
-
Leadership & Professional Skills
- Ability to translate legal/regulatory requirements into practical, scalable technical solutions.
- Strong stakeholder management across a matrixed, global organisation.
- Experience influencing leadership and driving cross-functional initiatives.
Strong communication skills.
-
Preferred Qualifications
- Certifications: CIPP/E, CIPM, CIPT or equivalent
- Experience within a global professional services network (e.g., Big Four or similar)
Familiarity with enterprise tools and platforms commonly used in GT environments (e.g., data exchange platforms, analytics environments, compliance tools)
-
#LI-KS1
