Chief Privacy Officer

Role Summary:

The Chief Privacy Officer (CPO) will lead the enterprise privacy program for Liberty Mutual, serving as a trusted global advisor on privacy risk, data use, and regulatory strategy. The CPO is responsible for developing and maintaining global privacy strategy, governance, and controls; ensuring compliance with applicable laws and regulations; and influencing decision-making across business units and regions to enable responsible innovation. This role requires demonstrated enterprise-level experience in shaping outcomes, balancing risk and innovation, scaling privacy operations, driving process excellence, leveraging data analytics for capacity and risk management, and engaging with executive leadership with credibility and authority.

This role reports to the Chief Compliance Officer and will lead a dedicated privacy team. The CPO will have regular interaction with the C-suite, Legal, Compliance, Risk, Information Security, IT, Actuarial, Talent, and Internal Audit, as well as business units across the enterprise. This role may also engage directly with regulators as needed.

Principal Responsibilities:

• Strategy and Governance: Develop and maintain an enterprise privacy strategy aligned with business objectives and regulatory requirements, driving alignment and adoption through partnership and influence across business and functional leaders. Establish governance structures, policies, standards and accountabilities.
• Regulatory Compliance Programs: Own and operate enterprise compliance programs for all applicable global and U.S. state privacy regulations, including CCPA and GDPR. Track, assess, and operationalize new and evolving privacy laws, ensuring timely updates to policies, procedures, and controls.
• Operating Model Design: Design and implement a scalable privacy operating model with defined roles, career pathways and decision rights.
• Program Management: Oversee the development and execution of privacy processes including data lifecycle management, Data Protection Impact Assessments (DPIAs), consent and preference management, data subject rights, third-party risk management, and incident response. Manage consumer rights and privacy request programs. Coordinate with Information Security and Legal on breach notification obligations in accordance with applicable regulatory requirements.
• Process Excellence: Lead with an improvement mindset and apply continuous improvement methodologies to optimize process efficiency, consistency and evidence collection for audit readiness and to maximize team and enterprise resources.
• Data Analytics and Capacity Planning: Develop and maintain analytics to forecast demand, plan capacity, track throughput and illustrate privacy risk to business leaders through dashboards and heat maps.
• Oversight and Audit Readiness: Standardize monitoring, testing and evidence artifacts; coordinate internal and external audit activities; track remediation and control effectiveness.
• Privacy-by-Design and Technology: Collaborate with IT and Cybersecurity to embed privacy-by-design principles and privacy-enhancing technologies; prioritize automation to reduce manual effort. Advise product and technology teams on privacy requirements at the design and development stages. Develop and maintain enterprise privacy notices and consent frameworks to ensure clarity, accuracy, and regulatory compliance.
• Leadership and Stakeholder Engagement: Lead a global privacy organization and provide strategic, forward-looking advice to senior leaders and business units, serving as a trusted go-to advisor on privacy risk, emerging regulatory trends, and responsible data use.
• Training and Enablement: Implement role-based training, establish issue intake and triage processes, and measure adoption and effectiveness.
• Responsible AI (RAI) Governance: Provide cross-functional privacy leadership in support of the enterprise’s Responsible AI governance framework. Partner with risk, data science, technology, legal, and compliance stakeholders to assess privacy risks in AI and automated decision-making and ensure that data use in AI systems is consistent with regulatory obligations, consumer expectations, and company values.