Responsibilities:

📍Conduct Privacy Impact Assessments (PIAs) of the application’s security design for the appropriate security controls, which protect the confidentiality and integrity of Personally Identifiable Information (PII) 📍Responsible for the implementation of the company's domestic and international business and consumer privacy protection program 📍Interpret and apply data privacy regulations, policies, standards, or procedures to specific issues 📍Interpret patterns of non-compliance to determine their impact on levels of risk and/or overall effectiveness of the enterprise’s cybersecurity program 📍Manage and ensure the enterprise data inventory is kept up-to-date 📍Develop privacy training materials and other communications to increase employee understanding and awareness of company privacy policies, data handling practices and procedures and legal obligations 📍Work with the general counsel and business teams to ensure both existing and new services comply with privacy and data security obligations 📍Work with legal counsel, management, key departments, and committees to ensure the organization has and maintains appropriate privacy and confidentiality consent, authorization forms and information notices and materials reflecting current organization and legal practices and requirements 📍Maintain current knowledge of applicable federal, state, and international privacy laws and accreditation standards, and monitor advancements in information privacy technologies to ensure organizational adaptation and compliance 📍Work with business teams and senior management to ensure awareness of “best practices” on privacy and data security issues 📍Collaborate with the cybersecurity and IT teams to ensure privacy requirements are translated into technical requirements and solutions are implemented correctly 📍Interface with Senior Management to develop strategic plans for the collection, use and sharing of information in a manner that maximizes its value while complying with privacy regulations 📍Identify and manage privacy incidents and breaches in conjunction with the Chief Information Security Officer, legal counsel and the business units. 📍Other assigned duties.

Qualifications:

📍5+ years’ experience in a privacy / data loss prevention and protection related field 📍The ability to create a data privacy program and eventually lead a team of privacy professionals 📍Bachelor degree or above in information security, computer, or related majors 📍The ability and experience with working across departments and business units to implement organization’s privacy principles and programs, and align privacy objectives with security objectives 📍The ability to develop, update, and/or maintain standard operating procedures (SOPs) 📍The ability to determine whether a security incident violates a privacy principle or legal standard requiring specific legal action 📍Expertise in domestic and international laws and regulations, such as cybersecurity law, GDPR, HIPPA, etc. 📍The ability to partner with lawyers and outside law firms to stay abreast of changing privacy related laws and regulations 📍Experience with cloud environments (e.g., AWS, Azure, O365) and technical implementation of data security and privacy requirements 📍Self-driven with good teamwork, communication skills 📍Privacy certification preferred (e.g., CDPSE, CIPP-E, CIPP-US, CIPM, CISSP)