Data Privacy Principal Information Security Engineer

Job Posting:

Since 1953, Ferguson has been a source of quality supplies for a variety of industries. Together We Build Better infrastructure, better homes and better businesses. We exist to make our customers’ complex projects simple, successful, and sustainable. We proactively solve problems, adapt and grow to continuously serve our customers, communities and each other. Ferguson, a Fortune 500 company, is proud to provide best-in-class products, service and capabilities across the following industries: Commercial/Mechanical, Facilities Supply, Fire and Fabrication, HVAC, Industrial, Residential Trade, Residential Building and Remodel, Waterworks and Residential Digital Commerce. Ferguson has approximately 36,000 associates across 1,700 locations. Ferguson is a community of proud associates who operate with the shared purpose of building something meaningful. You will build a career that you are proud of, at a company you can believe in.

The Data Privacy Principal Information Security Engineer is a senior technical role responsible for implementing, operating, and continuously improving Ferguson’s enterprise data privacy program, with a solid focus on CCPA/CPRA and other U.S. state privacy laws. This role serves as the technical link between legal/regulatory requirements and practical execution—ensuring privacy-by-design principles are built into enterprise systems, applications, and data flows.

This position supports the planning, design, implementation, and ongoing maintenance of IT Governance, Risk & Compliance (GRC) activities that enable the data privacy program. The engineer will focus primarily on U.S. privacy regulations and will be expected to demonstrate deep knowledge of data protection principles, privacy frameworks, and federal and state-specific regulations, including CCPA and other state privacy laws. Responsibilities include driving compliance, performing risk and readiness assessments, and supporting privacy operations to protect sensitive data and strengthen customer and team member trust.

• 5+ years of experience in IT data security, data governance, or data compliance.
• Significant experience assessing, implementing, and validating controls in regulated data environments (e.g., financial data, payment data, customer PII).
• 3+ years of experience working with compliance and privacy frameworks (e.g., CCPA, CPRA, GDPR, PCI DSS, SOC 2, or similar).
• Hands-on experience with data privacy platforms (e.g., Securiti, BigID, OneTrust, or equivalent).
• Good background in data flow mapping, risk assessments, evidence collection, and control validation.
• Familiarity with data protection techniques such as tokenization, encryption, retention policies, and data minimization.
• Experience collaborating across compliance, audit, and technology teams to resolve findings, close gaps, and reduce risk.
• Bachelor’s degree or higher in Computer Science, Information Systems, Cybersecurity, or related field.
• Data Privacy Certifications (CIPP/US, CIPM, or CIPT) preferred.
• Security/compliance certifications (CISA, CISSP, CCSK, or equivalent) desirable.

• Own and optimize Ferguson’s Data Privacy Platform for DSAR workflows, preference center, opt-out signals, cookie/GPC compliance, and enterprise integrations.
• Partner with Legal and Compliance to translate regulatory requirements into clear, actionable technical controls and architecture patterns.
• Conduct risk and readiness assessments using structured, audit-style methodologies to measure control effectiveness and compliance maturity.
• Identify compliance gaps and provide clear technical guidance and recommendations for remediation.
• Support enterprise compliance reporting through metrics, dashboards, and audit-ready documentation.
• Educate IT and business teams on privacy-by-design principles and compliant data handling practices, including data lifecycle and access management.
• Monitor and help ensure ongoing compliance with U.S. data privacy regulations, including but not limited to CCPA and other state-specific laws.
• Draft, review, and maintain data privacy policies, technical standards, and procedures aligned with evolving regulations and industry standards.
• Design, deliver, and support privacy training and awareness initiatives to promote a strong privacy culture across the organization.
• Prepare documentation, maintain records, and support internal and external data privacy audits and assessments to demonstrate regulatory alignment.

• Demonstrated expertise in planning, organizing, and developing IT security teams and strategy, whether staff or third parties
• Ability to optimally support and enhance the value of Ferguson’s Enterprise Data Privacy Platform as a core enabler of the privacy program.
• Exposure to data processing environments, hardware platforms, enterprise software applications, and outsourced systems, with a preference for expertise in Microsoft technologies.
• Good understanding of cloud-based architectures and solutions that support a distributed enterprise.
• Solid grasp of computer systems characteristics, integration capabilities, and data flow dependencies.
• Proven leadership presence and the ability to build trust with business customers by clearly articulating the business value of security and privacy initiatives.
• Strong influencing and negotiation skills in environments where resources and teams may not be under direct management authority.
• Excellent analytical and critical thinking skills, with experience in planning and delivering sophisticated technical and compliance initiatives.
• Strong business acumen, including understanding of industry trends and the specific needs of the enterprise and its business units.
• Experience employing both traditional (e.g., ITIL-based IT service management) and modern approaches (e.g., DevSecOps) to enable agility and security.
• Demonstrated ability to contribute to a people strategy that aligns skills and roles with program needs and supports high engagement and performance.
• Excellent verbal and written communication skills, including the ability to clearly explain technical concepts and risks to business leaders, and business requirements to technical and security teams.

At Ferguson, we care for each other. We value our well-being just as much as our hard work. We are committed to a holistic approach towards benefits plans and programs that support the mental, physical and financial well-being of our associates. Our competitive offering not only includes benefits like health, dental, vision, paid time off, life insurance and a 401(k) with a company match, but our associates also enjoy additional meaningful and inclusive enhancements that are adaptable to their diverse situations and needs, including mental health coverage, gender affirming and family building benefits, paid parental leave, associate discounts, community involvement opportunities and more!

-

Pay Range:

-

Actual pay rate may vary depending upon location. The estimated pay range for this position is below. The specific rate will depend on a candidate’s qualifications and prior experience.

-

-

Estimated Ranges displayed are Monthly for Salaried roles OR Hourly for all other roles.

-

This role is Bonus or Incentive Plan eligible.

-

Ferguson complies with all wage regulations. The starting wage may be higher in certain locations based on local or state wage requirements.

-

The Company is an equal opportunity employer as well as a government contractor that shall abide by the requirements of 41 CFR 60-300.5(a), which prohibits discrimination against qualified protected Veterans and the requirements of 41 CFR 60-741.5(A), which prohibits discrimination against qualified individuals on the basis of disability.

Ferguson Enterprises, LLC. is an equal employment employer F/M/Disability/Vet/Sexual Orientation/Gender Identity.

Equal Employment Opportunity and Reasonable Accommodation Information