Privacy Officer

Overview

This position is part of the Chief Information Security Officer Group (CISO Group) with worldwide responsibility for cybersecurity for IT, business systems, the network with extends to affiliates and security of products and services. The Privacy Officer oversee data privacy and protection policies to ensure that the entire organization processes the personal data of their customers, employees, and partners, in accordance with company policies and regulatory compliance requirements. The introduction of the General Data Protection Regulation (GDPR) brought international visibility to the importance of the Data Privacy Officer position, as this enterprise leadership role is required for GDPR compliance in certain businesses and is evolving with State-based regulations in the US.

Responsibilities

Key Accountabilities

• Expand and implement the Werfen privacy program in North America (NoA) and Latin America (LATAM). Proactively serve as a privacy subject matter expert, promoting best practices and developing internal privacy policies and procedures that are consistent with the corporate privacy program.
• Evaluate new US, Canada, Mexico, Central and South America privacy laws and other regulatory changes. Monitor, analyze and communicate updates to relevant stakeholders and make recommendations as necessary to ensure ongoing compliance.
• Support to day-to-day business operations to ensure compliance with applicable US privacy laws, including HIPAA.
• Maintain a robust inventory of data processing activities and map personal data flows to identify privacy risks.
• Collaborate with global teams to monitor and ensure end-to-end compliance with applicable privacy and security laws.
• Collaborate cross-functionally with the relevant partners to support and ensure the integration of privacy by design into delivered services and the product development lifecycle. Address privacy compliance gaps.
• Assist teams to develop and implement processes and technical controls to uphold the privacy strategy.
• Regular execution of data protection impact assessments (DPIAs) and privacy assessments for marketed products and services delivered to evaluate the impact on data privacy and propose necessary mitigation measures.
• Provide regular privacy training and awareness to stakeholders. Contribute toraise a privacy compliance culture.
• Conduct 3rd party/vendor risk assessments. Work with Legal to ensure that contracts include all necessary clauses to meet legal requirements.
• Respond to individual rights requests and regulatory inquiries.
• Present complex technical or legal concepts to non-technical partners in order to promote the value proposition of integrating security.
• Manage privacy incident response process, including notifications to affected individuals and authorities, and work with affected departments on the remediation plans.

Networking/Key relationships Able to identify and resolve common legal issues and build strong relationships with other global business stakeholders, including IT, HR, Marketing, Product Privacy & Security, and other departments.

Qualifications

Minimum Knowledge & Experience required for the position:

• Bachelor's degree in Computer Science, Cybersecurity, Law or related field is preferred. Industry experience may compensate for a degree.
• Minimum of 5 years in the field of privacy, including in-depth understanding of the GDPR and other relevant laws such as HIPAA, CCPA and CPRA, with a background in information security principles and practices, information risk analysis and risk management in an international company or comparable activity in a consulting company.
• 2 years implementing and managing a corporate privacy program.
• HIPAA and GDPR experience. Cybersecurity controls experience is a plus.
• CIPP/CIPM/CIPT certification a plus.
• Knowledge of medical devices a plus.

Skills & Capabilities:

• Teamwork and collaboration
• Thinking and problem-solving skills
• Curiosity and analytical skills
• Ability to work independently managing assigned projects, exercise leadership and influence change.
• Adaptable to change
• lntegrity and trust
• Time management
• Fluent English in verbal and written communication, Spanish and additional language skills are a benefit.

Travel requirements:

• 15% of time