Lead Compliance Consultant

About Us:

 Target is an iconic brand, a Fortune 50 company and one of America’s leading retailers. 

To match the signature style and passion of Target’s distinctive retail brand, Target Legal Affairs is a dynamic and deeply knowledgeable team of experts. Whether specializing in law, government affairs, employee relations, risk, compliance, ethics, security or food safety, we use our expertise and influence to advocate for Target, support Target’s business and mitigate risk for the company. We work with both internal and external entities on key issues that affect Target’s ability to productively, ethically and securely conduct business. Through our understanding of Target’s business models and operations, we help facilitate Target’s growth, and provide guidance that leaders rely on to make appropriate, well-informed decisions. Simultaneously, we help protect the business by applying our comprehensive understanding of risk and the law on issues that impact our brand, guests, team members, stores, distribution centers and corporate locations. 

Here, you’ll enjoy working autonomously with a healthy work-life balance. Your passion for learning the business, collaborating with others and building relationships with senior leaders and key business partners that you support will be essential to tackling the ever-changing legal and risk-based challenges we face in a dynamic and fast-paced retail environment. 

Position Overview:

As a Lead Compliance Consultant at Target, you will lead monitoring execution for assigned high-risk privacy domains as part of Target’s Privacy, Compliance and Ethics program within the Privacy & Responsible AI function. This role is primarily focused on privacy monitoring and privacy controls assurance, including translating privacy obligations, regulatory expectations, internal policies, and risk priorities into testable controls, monitoring procedures, evidence requirements, metrics, dashboards, issue management processes, and executive-ready reporting.

The role also partners closely with the Responsible AI Observability function to evaluate and monitor privacy control implications arising from AI-enabled or data-driven use cases, including profiling, sensitive data use, transparency, consent, and automated decision-making-related privacy obligations. This role supports ongoing compliance monitoring and control assurance, distinct from business-owned control execution and Internal Audit. The successful candidate will contribute to the development and maturation of a repeatable privacy monitoring framework while owning end-to-end monitoring accountability across a defined portfolio of complex, high-regulatory-risk privacy domains.

Core Responsibilities:

• Own end-to-end monitoring execution across assigned privacy domains, which may include digital advertising and adtech compliance, mobile app privacy, health privacy (including MHMDA obligations), profiling and automated decision-making-related privacy obligations, data broker obligations, financial privacy (including GLBA-related obligations), and related privacy domains. Translate control objectives into specific testing procedures, evidence requirements, sampling approaches, and pass/fail criteria within the monitoring framework established by the function.
• Support defensible documentation of monitoring activities, findings, remediation plans, and closure evidence.
• Coordinate with relevant governance and technology functions on compliance findings — documenting remediation requirements, tracking corrective action to closure, and validating that remediation adequately addresses the identified control gap.
• Produce management reporting clearly communicating privacy control health, high-risk areas, issue trends, remediation status, overdue actions, systemic gaps, emerging risks, and decisions needed.
• Exercise independent challenge over control evidence, remediation sufficiency, and closure readiness, escalating unresolved or high-risk issues through established governance channels.
• Partner with the RAI Observability function to evaluate privacy control implications of AI-enabled and data-driven use cases within assigned privacy domains, including profiling, sensitive data use, transparency, consent, and automated decision-making-related privacy obligations.
• Facilitate cross-functional governance forums, working sessions, issue review meetings, dashboard reviews, and quarterly management updates.
• Act as a trusted advisor to business leaders by translating privacy risk, control gaps, monitoring results, and remediation needs into practical business language.
• Support continuous improvement and automation opportunities to enhance privacy monitoring maturity, dashboard reliability, operational efficiency, and control effectiveness.
• Engage with external privacy, compliance, digital advertising, and data governance networks to stay informed of emerging risks, regulatory expectations, standards, and best practices.
• Actively support the development of junior members of the team.
• Other duties as assigned.

Core responsibilities of this job are described within this job description.  Job duties may change at any time due to business needs.

Education & Certifications

• Four-year degree or equivalent combination of education and experience in fields such as Law, Computer Science, Data Science, Risk Management, Data Governance or related discipline.
• Professional certifications preferred: CIPP/US, CIPP/E, CIPM, CIPT, CISA, CRISC, CIA, CDPSE, or other relevant privacy, compliance, audit, risk, governance, or technology certifications.

Experience & Expertise

• 8–10 years of experience in compliance, , privacy, technology risk, GRC, data governance, or related control functions, including substantial experience designing or executing monitoring, testing, assurance, or control validation activities in privacy or data risk domains.
• Strong working knowledge of privacy compliance areas such as digital advertising privacy, interest-based advertising, privacy rights operations, sensitive data controls, third-party privacy risk, employee privacy, profiling, loyalty data, health privacy, biometric data, and financial privacy-related obligations.
• Working knowledge of digital advertising and adtech privacy concepts, including consent signals, cookies, tags, third-party data flows, and related control expectations.
• Strong understanding of effective control design, including preventive, detective, and corrective controls, and how to embed controls into business and technology-enabled operational processes.
• Experience translating legal, regulatory, policy, or business requirements into operational controls, monitoring procedures, evidence requirements, and issue management processes.
• Experience defining privacy, risk, compliance, or control effectiveness metrics, including KRIs, KPIs, SLA metrics, exception rates, issue aging, remediation completion rates, volume trends, repeat issue trends, and root-cause categories.
• Strong understanding of privacy and data protection frameworks and principles (e.g., NIST Privacy Framework, OECD Privacy Guidelines, GDPR accountability principles, APEC Privacy Framework, ISO/IEC 27701) and other relevant privacy, data governance, or compliance frameworks to design, evaluate, and mature privacy controls.
• Experience in leading cross-functional projects or workstreams at the intersection of compliance, technology, and business strategy. Ability to manage competing priorities and deliver results in a fast-paced and highly ambiguous environment.
• Working familiarity with data tools (e.g., SQL, Python, R) and visualization platforms (e.g., Tableau, Power BI, cloud dashboards).
• Experience applying privacy control expectations to technology-enabled data use cases while ensuring alignment with business objectives.

Skills & Attributes

• Strong analytical and critical thinking skills, with the ability to leverage both qualitative and quantitative data to identify risks, surface trends, and recommend improvement opportunities.
• Strong understanding of privacy control monitoring, compliance testing, assurance methodology, issue management, and risk-based prioritization.
• Ability to synthesize detailed control testing results, dashboard outputs, exception data, and stakeholder input into governance-level insights and management-ready reporting.
• Strong interpersonal and communication skills, with the ability to facilitate cross-functional discussions, manage conflict, build consensus, and influence without authority.
• Proven ability to work with discretion and sensitivity while handling confidential or high-risk information.
• Ability to operate independently, build structure in ambiguous environments, and create scalable frameworks, templates, processes, dashboards, and reporting routines.
• High attention to detail and strong documentation discipline, with the ability to create a defensible audit trail for monitoring procedures, findings, evidence, remediation actions, and retesting outcomes.
• Strong written and verbal communication skills, with the ability to simplify complex privacy, compliance, data, and technology topics for diverse audiences.
• Adaptability, curiosity, and a growth mindset to navigate the rapidly evolving privacy and regulatory landscape.