Director of Information Governance
Description:
Realty Income aims to be a globally recognized leader in the S&P 100, committed to creating long-term value for all stakeholders. These stakeholders include our dedicated team members, who embody our purpose: building enduring relationships and brighter financial futures. This guiding principle serves as a beacon for our team, influencing every action we take.
Our employees consistently invest their time, commitment, and dedication into the company, and in turn, they receive investment returns in the form of purpose, belonging, and opportunities for advancement.
We are committed to best-in-class corporate responsibility practices through environmental initiatives, governance programs, and community outreach projects. From the boardroom to the breakroom, our team members make a difference every day.
Realty Income is looking to hire a Director of Information Governance, who will be a strategic leader responsible for developing an Information Governance program. The Director will be overseeing key areas including, Data privacy, Records Retention, Business Continuity Sensitive Information Handling, Data Loss prevention and global data compliance. This role will be required to engage with team members and stakeholders across various areas of the business to foster a collaborative and productive work environment. The Director will be responsible for driving innovative solutions that build effective programs aligned to organizational goals.
ESSENTIAL JOB FUNCTIONS (Duties, Responsibilities, Activities):
Data Privacy and Compliance
Create and uphold an Information Governance program that meets GDPR (UK/EU), CCPA/CPRA, other data privacy laws, and organizational standards.
Monitor regulatory changes within the operating geographical regions to ensure the program remains aligned to all applicable laws and regulations, including entry into new jurisdictions.
Perform Privacy Impact Assessments to identify and mitigate privacy risks associated with new projects, systems, processes and third parties.
Handle privacy rights requests from individuals regarding their personal data, in accordance with GDPR, CCPA/CPRA, and all other relevant regulations.
Promote a culture of compliance and awareness across the organization through the development of training and awareness programs.
Establish and maintain procedures for responding to regulatory requirements related to data breaches or privacy incidents.
Assess the data privacy programs, compliance and practices of third-party vendors and service providers to ensure that data processing agreements are in place and that vendors comply and align with the organization’s privacy requirements.
Regularly report to senior and executive leaders, including the board of directors, on the Information Governance program's status and maturity.
Ensure the program is aligned to the NIST Cybersecurity framework and maturity scores are maintained within the defined thresholds.
Records Retention Management
Create and maintain records retention program based on legal, regulatory, and business requirements.
Categorize records into appropriate classes to ensure they are managed according to their retention schedules and organizational policies.
Regularly audit and review records management practices to ensure compliance with retention schedules and policies.
Implement procedures for the secure and compliant disposal of records, both physical and electronic, that have reached the end of their retention period.
Regularly review and update records management practices to incorporate new technologies, regulatory changes, and best practices.
Technology Resilience
Partner with company leadership and department heads to maintain comprehensive business continuity plans that outline procedures for maintaining operations during and after disruption.
Conduct risk assessments to identify potential threats and vulnerabilities that could impact business operations and business strategy.
Maintain detailed documentation of BCP plans, risk assessments, test results, and incident responses. Prepare reports for senior management and regulatory authorities as needed.
Data Classification and Data Management Standards
Conduct a comprehensive inventory of all data assets within the organization to include data flow diagrams documenting where data is stored, how it is used, and who is accessing the data.
Regularly monitor and audit data classification practices to ensure compliance with policies.
Work closely with IT, Information Security, HR, and the Legal and Compliance teams to ensure that data classification standards are integrated into overall data management practices.
What you need to be successful:
We expect the person in this role to have a Bachelor’s degree from 4-year College or University or equivalent experience.
We expect a minimum 6 years of experience in a similar role building enterprise-wide data management and privacy programs.
Certificates, licenses, or registrations:
Privacy related certifications preferred; CDPSE, CIPP, CIPM
Information Governance related certifications preferred; CHEIT, IGP, CIP, DGCP
Project Management Certifications preferred; PMP, CSM, PMI-ACP, SAFe
What You’ll get in Return:
Competitive Salary including potential for bonus and stock awards.
Best-in-class Benefit Package
Collaborative, team-oriented environment
Opportunities for Continuing Professional Development
Additional information can be obtained from the corporate website at
This is a hybrid role, with Tuesday, Wednesday and Thursdays required in-office.
The pay range for this role is $103,818 - $142,437 - $200,576
Offers near the high end are uncommon but may be considered for candidates with exceptional experience and skills and are dependent on the facts and circumstances of each case. You may be eligible for an annual discretionary bonus and an annual discretionary stock award, to be discussed during the interview process. An annual pay rate and total compensation package is generally determined by the candidate's experience, knowledge, education, skills, performance, and abilities, as well as internal equity, company performance, and alignment with market data.
Most US based full-time and part-time roles come with flexible schedules. We offer a best-in-class benefits package that includes healthcare, dental, and vision insurance for employees and eligible dependents. Our 401(k)-retirement plan has a company match of 50% up to 6% of eligible compensation. Realty Income also offers other wellness, financial, and work/lifestyle-specific benefits, along with 12 PTO hours every month; in addition to 12 paid holidays, and paid volunteer time. Realty Income’s purpose is to build enduring relationships and brighter financial futures, and this starts with you!