Director Cybersecurity, Data Privacy, & Compliance

About the role

Working at Breeze Airways is an exciting endeavor and a serious commitment to bring "The World's Nicest Airline" to life. We work cross-functionally with truly awesome Team Members to deliver on our mission: "To make the world of travel simple, affordable, and convenient. Improving our guests travel experience using technology, ingenuity and kindness." Breeze is hiring- join us! The Director Cybersecurity, Data Privacy, & Compliance leads the enterprise cybersecurity, data privacy, and data governance programs while ensuring regulatory compliance across all operational and commercial functions of Breeze Airways. This role defines and executes the organization's information security strategy, establishes and matures the enterprise data privacy and governance framework, ensures compliance with applicable federal, state, and international privacy regulations (including CCPA/CPRA, state privacy laws, and GDPR where applicable), and oversees aviation-specific regulatory compliance obligations related to data and technology (including DOT, TSA, and FAA requirements). The Director also provides strategic oversight for responsible AI/ML governance as the organization adopts emerging technologies. This responsibility extends into all business units within the organization including airport systems, maintenance and engineering, inflight, aircraft, safety, commercial, back office, infrastructure, and cloud. Here's what you'll do Set the strategy for new technologies and information security products that will support information security requirements for the company and its customers, business partners, and vendors. Establish the strategy to mitigate information security risks within the organization. Collaborate closely with senior-level technology leaders to develop and plan the information security architecture strategy. Lead ongoing threat and vulnerability assessments and substantive testing of information security controls. Work closely with other teams, including network engineers, data engineers, software engineers, and business teams to achieve common goals. Serve as the escalation point and information security expert for solution designs and technical consulting services. Direct complex information security principles and requirements into business initiatives that securely drive innovation, improve customer experience, and control costs Oversee and perform technology security risk assessments Perform due diligence reviews and manage the remediation efforts of SOC 1/SOC 2 reports, penetration tests, and PCI audits. Develop, implement, and maintain the enterprise data privacy program, including privacy policies, standards, and procedures aligned with applicable laws and regulations (CCPA/CPRA, state privacy laws, GDPR where applicable, and emerging federal privacy legislation) Guide to the Data Subject Access Request (DSAR) and individual rights management process. Lead Privacy Impact Assessments (PIAs) and Data Protection Impact Assessments (DPIAs) for new systems, applications, vendor engagements, and business initiatives Champion privacy-by-design and privacy-by-default principles across technology, business partners and business projects. Direct the organization's data breach notification and incident response process in coordination with Legal, Communications, and executive leadership, ensuring compliance with all applicable breach notification requirements. Manage and deliver enterprise-wide privacy awareness training and education programs. Evaluate and manage privacy risks associated with third-party vendors, business partners, and data processors through contractual controls and ongoing monitoring. Establish and lead the enterprise data governance framework, including data ownership, data stewardship, and accountability models across business units. Define, develop, and implement data security and governance standards including data classification, encryption, data loss prevention, data access governance for structured and unstructured data, and monitoring to prevent data-related security incidents. In coordination with the data analytics team, refine data quality standards, and partner with business and technology teams to ensure data integrity across critical systems. Develop and implement policies and frameworks for the responsible and ethical use of artificial intelligence and machine learning technologies across the organization. Assess and manage risks related to AI/ML models, including data bias, algorithmic fairness, transparency, and explainability. Ensure AI/ML initiatives comply with emerging regulatory requirements and industry best practices for responsible AI. Collaborate with data science, business teams, data and software engineering, to embed governance controls into the AI/ML development lifecycle. Ensure compliance with aviation-specific regulatory requirements related to data, technology, and cybersecurity, including DOT, TSA, and FAA mandates. Monitor