Data Privacy Principal Information Security Engineer

Job Posting:
Since 1953, Ferguson has been a source of quality supplies for a variety of industries. Together We Build Better infrastructure, better homes and better businesses. We exist to make our customers' complex projects simple, successful, and sustainable. We proactively solve problems, adapt and grow to continuously serve our customers, communities and each other. Ferguson, a Fortune 500 company, is proud to provide best-in-class products, service and capabilities across the following industries: Commercial/Mechanical, Facilities Supply, Fire and Fabrication, HVAC, Industrial, Residential Trade, Residential Building and Remodel, Waterworks and Residential Digital Commerce. Ferguson has approximately 36,000 associates across 1,700 locations. Ferguson is a community of proud associates who operate with the shared purpose of building something meaningful. You will build a career that you are proud of, at a company you can believe in.

The Data Privacy Principal Information Security Engineer is a senior technical role responsible for implementing, operating, and continuously improving Ferguson's enterprise data privacy program, with a solid focus on CCPA/CPRA and other U.S. state privacy laws. This role serves as the technical link between legal/regulatory requirements and practical execution—ensuring privacy-by-design principles are built into enterprise systems, applications, and data flows.

This position supports the planning, design, implementation, and ongoing maintenance of IT Governance, Risk & Compliance (GRC) activities that enable the data privacy program. The engineer will focus primarily on U.S. privacy regulations and will be expected to demonstrate deep knowledge of data protection principles, privacy frameworks, and federal and state-specific regulations, including CCPA and other state privacy laws. Responsibilities include driving compliance, performing risk and readiness assessments, and supporting privacy operations to protect sensitive data and strengthen customer and team member trust.

Qualifications and Requirements:

• 5+ years of experience in IT data security, data governance, or data compliance.
• Significant experience assessing, implementing, and validating controls in regulated data environments (e.g., financial data,