Job Information
Nordstrom Senior Privacy & Cybersecurity Governance Analyst (Hybrid - Seattle) in Seattle, Washington
Job Description
Join Nordstrom's Technology team as a Senior Privacy & Cybersecurity Governance Analyst, where you'll play a pivotal role in leading strategic privacy and security governance initiatives across the enterprise. You will be a subject matter expert and trusted advisor to leadership, building comprehensive governance programs that protect customer data, reduce risk, and ensure our organization remains audit-ready across complex regulatory landscapes.
In this role, you will lead domain-specific privacy and cybersecurity governance activities, driving compliance efforts, contributing to policy development, and mentoring junior team members. You will have authority to implement process improvements within your specialized domain and make domain-specific recommendations to senior staff for enterprise-wide changes. You will coordinate across multiple stakeholders to ensure comprehensive privacy and security input while developing integrated frameworks that support business objectives.
Are you a strategic thinker with deep expertise in privacy and cybersecurity governance? Do you have a passion for building scalable programs that protect customers and enable business growth? Do you think about ways to integrate privacy-by-design and security-by-design principles into everything we do? Join our team and be part of a company that is on the cutting edge of retail technology, committed to getting consumers the products they love in a safe, secure, and privacy-respecting environment.
A Day in the Life...
Privacy Subject Matter Expertise
Serve as primary contact and subject matter expert for domain-specific data privacy activities or those within a specific privacy-related area of expertise (e.g., artificial intelligence, consumer credit, marketing)
Identify emerging privacy threats and trends and advise on strategic initiatives to enhance data protection across the organization
Evaluate and enhance privacy related risk assessment processes including identifying and anticipating changes in relevant industry and/or regulatory frameworks
Implement process improvements within their specialized privacy domain, developing standardized approaches and best practices for recurring data privacy assessment scenarios
Educate stakeholders on data privacy requirements and changes through training sessions, workshops, and consultation to improve organizational privacy awareness and readiness
Analyze legal and regulatory developments in privacy and assess their business impact, ensuring the organization stays ahead of evolving compliance requirements
Participate in investigations and remediation of privacy incidents or breaches, supporting incident response coordination and documentation
Integrated Privacy & Security Strategy
Coordinate operational activities across multiple stakeholders including Legal, IT, Security, and Marketing to ensure comprehensive privacy and security input and effective data governance strategies, including owning initiative scoping, workplans, and milestone tracking end-to-end
Identify and develop advanced risk management frameworks that integrate privacy and security considerations for holistic risk assessment and treatment
Lead the build-out and operationalization of the Third-Party Risk Management (TPRM) program, including vendor assessment frameworks, risk tiering, intake workflows, and ongoing monitoring
Evaluate and enhance privacy and security risk assessment processes, identifying and anticipating changes in relevant industry and regulatory frameworks
Implement process improvements within specialized domains, developing standardized approaches and best practices for recurring assessment scenarios
Develop integrated privacy and security metrics and reporting, creating dashboards and analytics that provide actionable insights to management and support strategic decision-making
Represent the privacy and security governance team in cross-functional governance forums, building relationships and serving as a trusted advisor across the enterprise
Data Governance
Maintain and mature the personal information (PI) inventory, ensuring data maps and records of processing activities (ROPAs) are accurate and sufficient to support DSR fulfillment and privacy compliance obligations
Support data classification efforts for personal and sensitive data in partnership with IT and data teams, ensuring privacy requirements are reflected in classification taxonomies and handling standards
Contribute to data minimization and retention reviews, advising on privacy obligations and regulatory requirements that should inform lifecycle decisions owned by data and legal teams
Support the evaluation of data governance tooling (e.g., Collibra, BigID, OneTrust Data Mapping) where it intersects with privacy use cases such as data discovery, PI identification, and automated inventory management
Mentorship & Team Development
Mentor junior analysts by providing guidance on assessment techniques, regulatory interpretation, and organizational privacy and security practices
Share expertise and best practices to build organizational capability in privacy and cybersecurity governance
Support the development of team members through coaching on complex privacy and security scenarios
You Own This If You Have...
Required Qualifications
Experience:
5-7 years of experience in privacy, information security, legal, or compliance roles
Demonstrated leadership in privacy or security program/project delivery with proven ability to drive initiatives to completion
Practical experience operationalizing privacy regulations and security frameworks in business environments
Experience coordinating across multiple stakeholders to achieve comprehensive privacy and security outcomes
Hands-on experience building or maturing a third-party risk management (TPRM) function, including vendor assessment, risk tiering, and ongoing monitoring
Education:
- Bachelor's or Master's degree in Information Technology, Computer Science, Engineering, Information Security, or related field, or equivalent work experience
Certifications:
IAPP certifications preferred (CIPP/US, CIPM, CIPT, or similar)
Advanced security certification required (CISSP, CISM, CISA, or equivalent)
Technical Knowledge:
Deep understanding of privacy regulations including U.S. privacy laws (CCPA/CPRA and emerging state privacy laws) and their practical application
In-depth knowledge of cybersecurity frameworks (NIST CSF, ISO 27001, CIS Controls, SOC 2, PCI DSS) and regulatory environments
Strong understanding of security controls, risk assessment methodologies, and compliance frameworks
Expertise in control design, implementation, and effectiveness assessment across multiple security domains
Demonstrated experience with project management tools (e.g., Jira, Confluence, Smartsheet, or similar) to manage initiative tracking, documentation, and cross-functional collaboration
Skills:
Strong communication, leadership, and influence skills with ability to build relationships across all organizational levels
Effective communicator who can translate complex technical and regulatory requirements into actionable business guidance
Expert attention to detail, quality, and consistency in program delivery and documentation
Excellent technical writing and stakeholder communication abilities, including presentation skills
Proven ability to lead cross-functional initiatives and collaborate across enterprise teams to achieve shared objectives
Strong bias for results and can operate with autonomy to address bottlenecks, provide escalation management, and encourage behavior to maximize business benefit
Preferred Qualifications
Advanced Certifications:
Multiple IAPP certifications (CIPP, CIPM, CIPT)
Multiple security certifications (CISSP, CISM, CISA)
Governance certifications such as CGEIT or CRISC valued
Additional Experience:
Experience with integrated privacy and security control implementations across multiple domains
Background in developing risk assessment methodologies and frameworks
Experience with GRC, privacy, and vendor management platforms (e.g., OneTrust, ServiceNow GRC, Onspring) to optimize program delivery
Knowledge of privacy automation and data governance technologies
Experience with security architecture governance and design principles
Background in third-party security risk assessment programs
We’ve got you covered…
Our employees are our most important asset and that’s reflected in our benefits. Nordstrom is proud to offer a variety of benefits to support employees and their families, including:
Medical/Vision, Dental, Retirement and Paid Time Away
Life Insurance and Disability
Merchandise Discount and EAP Resources
A few more important points...
The job posting highlights the most critical responsibilities and requirements of the job. It’s not all-inclusive. There may be additional duties, responsibilities and qualifications for this job.
For Los Angeles or San Francisco applicants: Nordstrom is required to inform you that we conduct background checks after conditional offer and consider qualified applicants with criminal histories in a manner consistent with legal requirements per Los Angeles, Cal. Muni. Code 189.04 and the San Francisco Fair Chance Ordinance. For additional state and location specific notices, please refer to the Legal Notices document within the FAQ section of the Nordstrom Careers site.
Applicants with disabilities who require assistance or accommodation should contact the nearest Nordstrom location, which can be identified at www.nordstrom.com.
Please be mindful that there may be legal notices and requirements related to this job posting that are specific to your state. Review the Career Site FAQ’s (https://careers.nordstrom.com/#/contact-us/faq) for relevant information and guidelines.
© 2022 Nordstrom, Inc
Current Nordstrom employees: To apply, log into Workday, click the Careers button and then click Find Jobs.
Nordstrom keeps job postings open for at least one day after the posting date.
Pay Range Details
The pay range(s) below has been provided in compliance with state specific laws. Pay ranges may be different for other locations. Pay offers are dependent on the location, as well as job-related knowledge, skills, and experience.
$142,000.00 - $220,500.00 Annual
This position may be eligible for performance-based incentives/bonuses. Benefits include 401k, medical/vision/dental/life/disability insurance options, PTO accruals, Holidays, and more. Eligibility requirements may apply based on location, job level, classification, and length of employment. Learn more in the Nordstrom Benefits Overview by copying and pasting the following URL into your browser: https://careers.nordstrom.com/pdfs/Ben_Overview_17-19.pdf
About Us
We’re a fast-moving fashion company that started as a shoe store in 1901. This heritage of service is the foundation we’re building on as we provide convenience and true connection for our customers. We empower our people to be innovative, creative and focused on providing the best service to our customers. Through it all, we remain committed to leaving the world better than we found it.
Whether you’re a genius engineer, a phenomenal salesperson or a supply chain pro, we invite you to bring your unique talents and join our team. We reward great work, promote from within and celebrate diversity.
CUSTOMER OBSESSEDWe strive to know our customers better than anyone else. We listen, anticipate, build trust and move with speed to deliver on their needs.
OWNERS AT HEARTWe treat every interaction as an opportunity to make an impact and deliver excellence.
CURIOUS AND EVER CHANGINGWe approach problems with curiosity and create solutions. We unlock potential to be bold, think big and inspire innovation.
HERE TO WINWe’re committed to delivering results, both today and tomorrow. We win as a team by supporting and challenging one another to be better every day.
WE EXTEND OURSELVESWe treat each other with respect and kindness. We do the small things that make a big difference. We create a welcoming environment, helping people feel connected, valued and part of one community.
Come on! Join us!