The Chief Privacy Officer owns privacy strategy within the company and is responsible for development and operation of a program for ensuring the company’s compliance with applicable data privacy laws and regulations globally. The Chief Privacy Officer reports to the Chief Information Security Officer.
Essential Duties And Responsibilities
- Work with the law department, corporate service and IT groups, and business functions to ensure both existing and new services and processes comply with privacy obligations.
- Work with internal law department and outside privacy counsel to manage notifications, registrations, and communications with the relevant data protection authority related to data processing activities and requirements for the company.
- Organize and run the internal privacy committee function which reports data privacy status and compliance directly to company senior management.
- Keep notifications and registrations current and maintain separate notifications in respect of all data processing entities within the company.
- Manage privacy-related hotline and requests, review international transfers of personal data (with focus on sensitive data).
- Participate and contribute to company cyber incident management process.
- Oversee and guide privacy-focused record management processes including support and search capabilities; ensure mandatory documentation is maintained.
- Raise privacy awareness, develop and guide education and training efforts tailored to needs of the business.
- Lead implementation of policies and processes to ensure appropriate privacy management of data processing, outsourced processing, and resolution of related compliance issues.
- Manages Privacy compliance audits and manages completion of Data Privacy Impact Assessments (DPIAs).
- Exhibit a broad knowledge of security compliance and auditing frameworks and apply those to formulate policies, procedures and standards.
- Raise privacy awareness.
- Ensure mandatory documentation is maintained.
- Monitor documentation, notification and communication of data incidents and breaches.
- Coordinate efforts between company stakeholders and data privacy authorities.
- Work with company legal teams to communicate with works councils and employees representatives for privacy related matters.
- Other duties as assigned.
- Expert knowledge of privacy laws and practices in scope for the company, including:
- technical and organizational measures and procedures
- mastery of technical requirements for privacy by design and data security
- the ability to carry out inspections, consultation, and documentation
- The ability to articulate privacy across all levels of the organization.
- Analytical judgment and decision making skills.
- Solid understanding of compliance frameworks and security standards (e.g., COSO, COBIT, ISO 27001:2013, COBIT, and NIST).
- Solid understanding of enabling technologies and enterprise applications.
- Excellent written and verbal communications skills.
- Ability to adjust to changing priorities and high stress environments while multitasking effectively.
- Ability to design, evaluate and document processes and direct teams in accomplishing process review and improvement.
- Experience managing direct reports and indirect reports preferred.
- Experience developing and managing capital and operating budgets preferred.
- Bachelor’s degree in related field.
- Minimum 5 years’ experience in a privacy management or related function for a global company with 3 at a senior level.
- Preference is given to candidates with a relevant professional certification e.g. CIPP/E, FIP, CIPM.
- Industry recognition and participation.
We are an equal opportunity employer. Employment selection and related decisions are made without regard to gender, race, age, disability, religion, national origin, color, gender identity, sexual orientation, veteran status or any other protected class.
Click here to apply.