Breeze is hiring - join us!
The Director Cybersecurity, Data Privacy, & Compliance leads the enterprise cybersecurity, data privacy, and data governance programs while ensuring regulatory compliance across all operational and commercial functions of Breeze Airways. This role defines and executes the organizations information security strategy, establishes and matures the enterprise data privacy and governance framework, ensures compliance with applicable federal, state, and international privacy regulations (including CCPA/CPRA, state privacy laws, and GDPR where applicable), and oversees aviation-specific regulatory compliance obligations related to data and technology (including DOT, TSA, and FAA requirements). The Director also provides strategic oversight for responsible AI/ML governance as the organization adopts emerging technologies. This responsibility extends into all business units within the organization, including airport systems, maintenance and engineering, inflight, aircraft, safety, commercial, back office, infrastructure, and cloud.
Responsibilities
Set the strategy for new technologies and information security products that will support information security requirements for the company and its customers, business partners, and vendors.
Establish the strategy to mitigate information security risks within the organization.
Collaborate closely with senior-level technology leaders to develop and plan the information security architecture strategy.
Lead ongoing threat and vulnerability assessments and substantive testing of information security controls.
Work closely with other teams, including network engineers, data engineers, software engineers, and business teams to achieve common goals.
Serve as the escalation point and information security expert for solution designs and technical consulting services.
Direct complex information security principles and requirements into business initiatives that securely drive innovation, improve customer experience, and control costs.
Oversee and perform technology security risk assessments.
Perform due diligence reviews and manage the remediation efforts of SOC 1/SOC 2 reports, penetration tests, and PCI audits.
Develop, implement, and maintain the enterprise data privacy program, including privacy policies, standards, and procedures aligned with applicable laws and regulations (CCPA/CPRA, state privacy laws, GDPR where applicable, and emerging federal privacy legislation).
Guide to the Data Subject Access Request (DSAR) and individual rights management process.
Lead Privacy Impact Assessments (PIAs) and Data Protection Impact Assessments (DPIAs) for new systems, applications, vendor engagements, and business initiatives.
Champion privacy-by-design and privacy-by-default principles across technology, business partners, and business projects.
Direct the organizations data breach notification and incident response process in coordination with Legal, Communications, and executive leadership, ensuring compliance with all applicable breach notification requirements.
Manage and deliver enterprise-wide privacy awareness training and education programs.
Evaluate and manage privacy risks associated with third-party vendors, business partners, and data processors through contractual controls and ongoing monitoring.
Establish and lead the enterprise data governance framework, including data ownership, data stewardship, and accountability models across business units.
Define, develop, and implement data security and governance standards, including data classification, encryption, data loss prevention, data access governance for structured and unstructured data, and monitoring to prevent data-related security incidents.
In coordination with the data analytics team, refine data quality standards, and partner with business and technology teams to ensure data integrity across critical systems.
Develop and implement policies and frameworks for the responsible and ethical use of artificial intelligence and machine learning technologies across the organization.
Assess and manage risks related to AI/ML models, including data bias, algorithmic fairness, transparency, and explainability.
Ensure AI/ML initiatives comply with emerging regulatory requirements and industry best practices for responsible AI.
Collaborate with data science, business teams, data and software engineering, to embed governance controls into the AI/ML development lifecycle.
Ensure compliance with aviation-specific regulatory requirements related to data, technology, and cybersecurity, including DOT, TSA, and FAA mandates.
Monitor and assess the impact of evolving federal, state, and international regulations on the organizations cybersecurity, privacy, and data governance posture.
Create, update, and improve upon key performance indicators gauging the companys level of compliance and provide reports to leadership.
Maintain strong oversight of third parties and business partners to safeguard against undue risk and ensure contractual and regulatory compliance.
Coordinate with Legal and other departments on regulatory examinations, audits, and inquiries related to cybersecurity, data privacy, and data governance.
Requirements
Minimum Qualifications:
Deep technical expertise in technology infrastructure, networking, cybersecurity, cloud computing, and enterprise systems architecture is a must.
Demonstrated knowledge of data privacy regulations (e.g., CCPA/CPRA, state privacy laws, GDPR) and experience building or managing a privacy compliance program is also required.
Preferred Qualifications
Skills/Talents
Perks of the Job