Principal Compliance and Privacy Advisor

Duke University's Office of Audit, Risk & Compliance (OARC) is seeking a Principal Advisor for Institutional Compliance and Privacy to help guide and strengthen Duke's enterprisewide privacy and compliance programs. In this highly visible role, you'll partner with leaders across the university and health system to address complex privacy, data protection, and regulatory challenges in a dynamic academic and research environment.

You'll play a key role in advancing privacy governance, evaluating risk, and delivering independent advisory services that support Duke's mission. From privacy assessments and vendor reviews to research protocol evaluations and regulatory analysis, your work will directly influence how Duke manages data responsibly, ethically, and in compliance with evolving laws.

• Bachelor's degree in business, economics, management information systems, or a related field
• At least 4 years of experience in compliance, privacy risk management, or related operational roles
• Experience planning and executing projects or advisory engagements
• Strong analytical, critical thinking, and relationshipmanagement skills

• Advanced degree in public policy, information governance, privacy, or law
• Professional certification in privacy, data protection, compliance, or project management
• Experience in higher education, health systems, research, or professional services
• Demonstrated ability to communicate complex risks clearly to leadership

• Ability to advise on privacybydesign, data minimization, data retention, and lawful processing
• Experience reviewing thirdparty/vendor data processing agreements and privacy terms
• Ability to interpret and assess compliance with FERPA, U.S. state privacy laws, and international regulations (e.g., GDPR)
• Strong documentation and reportwriting skills

• Execute privacy program operations, including privacy inbox triage, datasubject rights requests, privacy assessments, and records of processing activities
• Advise stakeholders on privacy governance and data protection practices
• Conduct privacy and compliance reviews of thirdparty vendors and service providers
• Review IRB research protocols to identify and mitigate privacy risks
• Perform privacy and compliance program assessments based on OARC's strategic plan
• Evaluate governance, internal controls, and risk mitigation strategies across Duke
• Analyze compliance with applicable privacy and data protection regulations
• Prepare clear workpapers, reports, and executive summaries for leadership
• Perform independent advisory and compliance assurance engagements
• Collaborate with OARC colleagues and university partners to achieve effective outcomes

OARC is a trusted partner across Duke University and Duke Health, providing independent insight that helps leaders manage risk, strengthen controls, and meet complex regulatory obligations. As a Principal Advisor, you'll gain broad exposure to university operations while contributing meaningful, highimpact work in privacy and compliance.

Duke offers a collaborative culture, opportunities for professional growth, and a competitive benefits package designed to support your health, career, and longterm success:https://hr.duke.edu/benefits/

Anticipated Pay Range: Duke University provides an annual base salary range for this position as USD $68,970.00 to USD $127,008.00. Duke University considers factors such as (but not limited to) scope and responsibilities of the position; candidate's work experience, education/training, and key skills; internal peer equity; as well as market and organizational considerations when extending an offer.