Key responsibilities will be to:

• Proactively identify and evaluate implementation of privacy initiatives through monitoring and testing. The role will undertake data protection & privacy impact assessments for relevant projects and with various functions and advise on mitigations to identified privacy risks.
• Work with operations and functional teams to ensure data protection and privacy initiatives are understood and implemented
• Pro-actively analyze existing operations policies, processes, systems, controls and training material to assess areas for improvement in respect of data protection and make recommendations for change
• Work with legal team to identify regulatory requirements across jurisdictions related to privacy and data protection.
• Work with legal and other teams to translate regulatory requirements to process improvements and initiatives and drive through completion
• Develop and support frameworks for monitoring and reporting ongoing compliance with regulation and standards
• Support internal privacy and compliance audits
• Review privacy impact assessments completed by the businesses
• Manage day-to-day privacy issues, such as data security incident responses, data protection agreement consultation, privacy complaints and resolution, subject access requests, management of Regulatory notifications and International Data Transfers.
• Research and analysis on developments in privacy law
• Support in assessing and implementing privacy and/or data protection enhancements and automation tools and providers
• Undertake privacy and/or data protection implementation and transformation projects and guide clients on their privacy compliance journey
• Key stakeholder in the development and ongoing management of privacy program across geographies, including the Governance Framework, Policy set, compliance risks, compliance roadmap, training, retention, audit and reporting requirements.
• Remain up to date with the requirements of legislation and conduct necessary gap analysis processes to identify and help build remedial work programs and highlight ongoing program risks.

Qualifications and Experience

Required:

• Work experience: 5 to 7 years.
• Experience in specific industry verticals is preferred and a thorough understanding of privacy and data protection specific compliance requirements within those verticals.
• Understanding and knowledge of industry standards and industry frameworks (e.g., AICPA/GAPP, PCI, OECD, FIPP, APEC Privacy Framework Etc.).
• Understanding of security and privacy laws and regulations both US and Global (e.g., GDPR, MCCs, BCRs, HIPAA, GLBA, PCI, CCPA, CPRA).
• Experience in performing data privacy risk assessments/privacy impact assessments (PIAs).
• Experience in developing data protection and privacy strategies and roadmaps.
• Experience in planning and implementation of data protection and privacy controls.
• Experience in developing data protection and privacy policies, standards, and procedures.
• Experience on Privacy Enhancement and Automation tools such as OneTrust, BigID
• Experience in creating data privacy notice and consent forms, third party/vendor contracts.
• Excellent documentation and communication skills.

Preferred

• 
  
• Experience on operating and implementing Privacy Enhancement and Automation tools such as OneTrust, BigID
• Professional certifications related to GDPR, Privacy (e.g., CIPP) or others such as CISA /ISO27001 LA etc. are preferable
• CIPP/CISSP
• Functional and nonfunctional privacy requirements definition and documentation experience.