Data Governance Lead

Role: Governance, Risk & Compliance lead

Role Type: Full-Time (No 3rd Party or Contractors)

Compensation: Up to $231K DOE Bonus

Location: San Francisco, CA

Years of experience: 10

Key Competencies: Develop Data Privacy and Ethics, Regulatory Compliance, Risk Management, PIAs, DPIAs, Vendor Management, Incident Management, data privacy laws and regulations (GDPR, CCPA, HIPAA), ethical AI

Overview:

Responsibilities:

1. Develop Data Privacy and Ethics Strategies:

• Lead the development, implementation, and enforcement of data privacy and ethics compliance strategies across the organization.
• Align the company's operations with global data protection regulations (e.g., GDPR, CCPA, HIPAA, etc.) and ethical standards.
• Design and update policies to reflect changes in data protection laws, ethical best practices, and emerging risks in the industry.

2. Regulatory Compliance:

• Ensure that the organization’s data handling, storage, processing, and sharing practices comply with relevant local and international data protection laws and regulations.
• Monitor and analyze changes in data privacy regulations and assist in adapting the organization’s practices to remain compliant.
• Oversee the company’s compliance with privacy rights, including handling data subject requests (e.g., access, correction, deletion requests).
• Conduct regular audits and assessments to identify potential compliance gaps and implement corrective actions.

3. Risk Management and Mitigation:

• Identify and assess data privacy risks across all business units, including internal and third-party data processing practices.
• Develop and implement risk mitigation strategies for handling sensitive information and personal data.
• Collaborate with the security team to ensure data protection measures are in place and effective.

4. Privacy Impact Assessments (PIAs) & Data Protection Impact Assessments (DPIAs):

• Conduct Privacy Impact Assessments (PIAs) and Data Protection Impact Assessments (DPIAs) to evaluate the potential impact of new projects, systems, or processes on data privacy.
• Provide recommendations on how to minimize risks to personal data during the development of new products or services.

5. Internal Training and Awareness:

• Develop and deliver training programs to raise awareness of data privacy policies, ethics standards, and compliance requirements across the organization.
• Provide guidance to employees on the ethical handling of data, promoting a culture of compliance and responsibility.
• Foster awareness of the organization’s ethical standards, ensuring employees understand the importance of data privacy in day-to-day operations.

6. Policy and Documentation:

• Create, maintain, and update data privacy and ethics policies, ensuring they meet legal requirements and are easily accessible to relevant stakeholders.
• Ensure clear documentation of data processing activities, including data collection, sharing, storage, and retention practices.
• Regularly review and revise policies to ensure they reflect best practices and align with current regulations.

7. Third-Party and Vendor Management:

• Ensure that third-party vendors, partners, and service providers adhere to the organization’s data privacy and ethical standards.
• Conduct regular audits of third-party contracts, ensuring data privacy clauses are present and being followed.
• Negotiate and implement data protection agreements with third-party vendors and ensure that adequate safeguards are in place when transferring data.

8. Incident Management and Breach Reporting:

• Respond to data privacy incidents, breaches, or violations by leading investigations, reporting findings, and implementing corrective actions.
• Ensure compliance with breach notification requirements, including timely reporting to regulators and affected individuals when necessary.
• Work with legal and security teams to develop and implement incident response plans specific to data privacy breaches.

9. Stakeholder Communication:

• Act as the main point of contact for all data privacy-related issues within the organization, including communication with executives, employees, regulators, and external stakeholders.
• Prepare and present regular reports on compliance status, data privacy incidents, and strategic initiatives to senior leadership.

10. Ethical Business Practices:

• Advocate for and ensure that ethical considerations are integrated into business practices, particularly in regard to data usage, privacy, and security.
• Review the organization’s operations and initiatives to ensure they align with corporate social responsibility (CSR) goals and ethical standards.
• Ensure the organization’s use of data aligns with its stated values and commitment to protecting individuals' privacy rights.

11. Stay Informed and Up-to-Date:

• Keep up to date with evolving data privacy laws, regulations, and ethical standards to ensure ongoing compliance.
• Participate in industry groups, attend conferences, and maintain professional certifications to stay ahead of trends and challenges in data privacy and ethics.

*

Qualifications:

• Minimum of 10 years of total experience
• Bachelor’s or Master’s degree in Law, Information Security, Business Administration, or a related field.
• Certification in data privacy (e.g., CIPP, CIPM, or equivalent) or legal qualifications related to compliance (e.g., JD, LLM).

2. Technical Skills:

• In-depth knowledge of data privacy laws and regulations, including GDPR, CCPA, HIPAA, and other global data protection regulations.
• Experience with privacy and compliance tools, risk management platforms, and privacy impact assessments.
• Familiarity with security technologies and practices used in data protection (encryption, access controls, etc.).
• Understanding of ethical frameworks in business operations, including corporate social responsibility (CSR) and sustainability goals.
• Strong understanding of corporate ethics standards, data ethics, and the importance of responsible data handling.
• Knowledge of ethical AI and the implications of data usage in machine learning and AI models

3.Soft Skills:

• Excellent communication skills, both written and verbal, to clearly explain complex privacy concepts to both technical and non-technical stakeholders.
• Strong analytical and problem-solving skills to evaluate risks and create practical solutions
• Ability to manage sensitive and confidential information while maintaining the highest ethical standards.
• Strong organizational and project management skills, with the ability to manage multiple compliance initiatives and tasks simultaneously.
• Leadership and the ability to influence others to adopt a data privacy culture.

4. Experience:

• 10 years of experience in data privacy, compliance, legal, or ethics roles, ideally within a technology, finance, healthcare, or large enterprise environment.
• Experience with data protection frameworks, audits, and certifications (e.g., ISO 27001, SOC 2).
• Familiarity with data management and security best practices.
• Experience working in a cross-functional environment and interacting with various departments, including IT, legal, security, and operations

5. Preferred Qualifications:

• Experience with managing data privacy in a multi-jurisdictional, international environment.
• Expertise in handling data privacy in emerging technologies like AI, IoT, and blockchain.
• Certification or membership in professional organizations, such as the International Association of Privacy Professionals (IAPP).
• Knowledge of privacy-enhancing technologies (PETs) and their application in data protection.

6. Work Environment:

• Collaborative and fast-paced work environment.
• Opportunity to work with state-of-the-art technologies.
• Supportive and dynamic team culture

350885

Job Type: Full-time

Pay: $171,275.00 - $231,725.00 per year

Benefits:

• 401(k)
• Dental insurance
• Health insurance
• Life insurance
• Paid time off
• Vision insurance

Schedule:

• Monday to Friday

Education:

• Bachelor's (Required)

Experience:

• Data governance: 10 years (Required)
• Data Privacy: 4 years (Required)
• data protection frameworks:: 3 years (Required)

Location:

• San Francisco, CA 94102 (Required)

Work Location: In person

Salary : $171,275 - $231,725