Job Ads - Data Privacy

Data Privacy Manager

Focal Point Data Risk is seeking qualified professionals to meet the increasing demands of its national Data Privacy practice. This is an opportunity for qualified data privacy professionals with varying levels of experience – from first-year consultants to senior-level managers – to join one of the most recognized data privacy consulting teams in the country. Our clients represent industries in both the public and private sectors and include government agencies, domestic and global technology companies, global retail chains, financial services firms, and healthcare organizations.

Our Data Privacy practice is responsible for providing a broad range of services within the privacy arena:

Regulatory Compliance Expertise: HIPAA and HITECHCCPAGDPRGLBASOXPCI
Vendor Risk Management (VRM): Vendor ProfilingCustom Risk FrameworksRisk AssessmentsRemediation Services
Privacy Office Support Services: Program Design and Policy DevelopmentData Breach Notification SupportCross-Data Border TransfersData Mapping and Risk Assessments

Responsibilities

Conduct project-based, privacy-related assessments and audits for diverse clientele.
Review Privacy Program policies and practices against leading industry standards.
Provide privacy and data protection trainings and awareness.
Assess potential and actual privacy incidents, coordinating, supporting, and/or leading clients’ Incident Response or Data Breach Management processes.
Prepare reports and other deliverables with strategic, executive- and/or technical-based analysis and findings, communicating these results to project teams and client management.
Demonstrate Subject Matter Expertise on wide-ranging data privacy client engagements.
Interact effectively and efficiently with co-workers and clients at every level, fostering and maintaining quality business relationships.
Perform similar and related duties, as assigned by Practice leadership.

Qualifications

Experience

2+ years (5+ years for management-level) in a consulting role within the data privacy or closely related field, such as cyber security or IT/Financial Audit
Experience performing privacy and/or security gap assessments.
Experience working with:International, Federal, and State Privacy Regulations, IT Security Controls, Operational Risk Tolerance

Skills

Knowledge of international, federal and state rules and regulations, including but not limited to HIPAA, GLBA, GDPR, and CCPA.
Knowledge of industry standards, frameworks, and best practices related to security and privacy, including but not limited to NIST, ISO, COBIT.
Intermediate – Advanced understanding of Microsoft Office Suite

Education & Certifications

Bachelor’s Degree in information systems, computer science, or related field
Certified Information Privacy Professional (CIPP) certification, orCurrently working towards CIPP certification

Travel Requirements

Up to 35%, both regional and international

Focal Point is an Affirmative Action and Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, or protected veteran status and will not be discriminated against on the basis of disability. If you’d like to view a copy of the company’s affirmative action plan or policy statement, please email [email protected]. If you are an individual with a disability and would like to request a reasonable accommodation as part of the employment selection process, please contact Chelsea Campbell at 813-402-1208 or [email protected]. This telephone line and email address is reserved solely for job seekers with disabilities requesting accessibility assistance or an accommodation in the job application process. Please do not call about the status of your job application if you do not require accessibility assistance or an accommodation. Messages left for other purposes, such as following up on an application or non-disability related technical issues, will not receive a response.

Privacy Officer

23andMe

23andMe is focused on maintaining a trusted position with regard to genetic information and data stewardship, including health data supplied by customers. We believe that the customer data we hold belongs to them – our customers, and it is our duty to act as a responsible steward of that data. Our goal is that every 23andMe customer trusts us with their data.

With a deep understanding of 23andMe’s business strategies and strategic priorities, you will identify the implications of product, marketing, business development and research initiatives on privacy and data use, technology architecture and standards and data governance, to ensure 23andMe implements sound decision-making and maintains its focus on transparency and mindfulness of privacy and data protection matters.

You will be responsible for ensuring that 23andMe has a comprehensive and effective privacy program, and will conduct privacy education and training at all levels of the company. You will lead on privacy strategies, be an integral cross-functional colleague, work closely with parties on related compliance, policy and governmental affairs matters and lead all privacy programs and policies, in the US and abroad.

Who we are

Since 2006, 23andMe’s mission has been to help people access, understand, and benefit from the human genome. We are a group of passionate individuals pushing the boundaries of what’s possible to help turn genetic insight into better health and personal understanding.

What you’ll do

Serve as Privacy Officer for 23andMe.
Own and provide leadership for the privacy function and staff.
Represent the organization’s privacy and data protection interests with internal and external parties.
Develop, implement, supervise and monitor 23andMe’s privacy and data protection policies and procedures to ensure the privacy and confidentiality of health information are kept up to date and are tailored to our business model.
Assess how current and proposed regulations impact business processes, reporting functions, record keeping, or other activities. Assess needs for introduction of new business processes and for consultations or training.
Conduct critical analysis and articulate how the external environment influences privacy laws, and regulations that impact 23andMe’s businesses.
Drive complex projects and lead cross-functional teams in setting and handling achievements and deliverables to achieve stated outcomes.
Guarantee 23andMe privacy policies and practices are included in development of product offerings and business processes including, marketing, market research, customer support, and other operational mechanisms and performance measures.
Develop strategies, tools, resources and frameworks enabling data use innovation and improvement throughout the company while ensuring operational privacy compliance.
Apply innovation and process improvement skills to implement effective and efficient solutions.
Collaborate with IT and Security to conduct risk assessments/audits and monitoring to find opportunities, issues and risks and develop appropriate mitigation plans in support of 23andMe Risk Management and Internal Audit deliverables.
Lead data incident response and resolution teams; work cross-functionally to assess privacy events or potential data breaches and decide on appropriate responses.

Who you are

JD with excellent academic credentials.
Member of the California bar.
+8 years of privacy experience in a law firm, in-house or other legal environment with a track record of providing practical business-friendly advice and management of other attorneys and staff.
CIPP certification required.
Skilled knowledge of data protection and information security laws, rules and regulations in the US and globally, including EU GDPR, as well as industry leading-practices and standards, US federal and state privacy laws and regulations including the Genetic Information Nondiscrimination Act (GINA), Fair Credit Reporting Act (FCRA), Health Information Portability and Accountability Act (HIPAA), California Online Privacy Protection Act, Children’s Online Privacy Protection Act (COPPA), and rules and regulations related to mobile applications.
Knowledge of online and offline advertising and marketing rules and regulations, such as state consumer protection statutes, CAN-SPAM, Telephone Consumer Protection Act (TCPA), Telemarketing Sales Rules (TSR), and FTC marketing guidelines pertaining to areas such as deceptive advertising and endorsements/testimonials.
Knowledge of and experience with data security, data breach, and data loss prevention tools and statutes.
Background and skill in responding to press inquiries and public speaking as an authority on wide range of global privacy matters.
Shown analytical skills as well as the ability to take disparate information and make strategic recommendations quickly.
Experience with FDA regulatory issues related to privacy, including government requirements for compliance programs preferred.
A leader with evidence of growing management responsibility throughout career history.
Ability to develop and deliver presentations to senior management and influence others.
Impeccable attention to detail and ability to get things done.
Strong organizational, coordination, multi-tasking, and process improvement capabilities to work with functional groups across the organization including Business Development, Marketing, and Research.

About Us

23andMe, Inc. is the leading consumer genetics and research company. Our mission is to help people access, understand and benefit from the human genome. The company was named by MIT Technology Review to its “50 Smartest Companies, 2017” list, and named one of Fast Company’s “25 Brands That Matter Now, 2017”. 23andMe has over 5 million customers worldwide, with ~85 percent of customers consented to participate in research. 23andMe is located in Mountain View, CA. More information is available at www.23andMe.com ( https://www.23andme.com/ ).

Data Privacy Associate

Federal Reserve Bank of New York

The Office of Employee Benefits (OEB) is a critical part of the Federal Reserve System, with responsibility for the strategy, design, vendor management and administration of the Federal Reserve’s benefits plans serving employees and retirees nationwide.

We are seeking a Data Privacy associate to support the OEB’s implementation and operation of the Data Privacy Program. This includes managing a local Personally Identifiable Information (PII) inventory, engaging in risk assessments and monitoring for program compliance; providing staff training; engaging and advising business areas regarding data privacy practices; drafting and reviewing applicable procedures, reviewing vendor privacy programs and contracts supporting the OEB Data Privacy Officer and OEB Counsel with local data privacy incident response; and collaborating with other areas of the OEB.

This position is conveniently located at 1 Riverfront Plaza, Newark, New Jersey directly across from public transportation and with access to parking.

Your role as Data Privacy Associate:

Work autonomously and independently manage a portfolio of reviews;
Collaborate with internal OEB business areas, technology partners and external stakeholders;
Conduct research on legal and compliance issues related to data privacy and industry best practices, and advise OEB business areas regarding implementation;
Conduct review of policies/procedures associated with the Data Privacy Program;
Conduct due diligence review of vendors and prepare documentation summarizing findings and recommendations;
Support senior leaders in the Office of Employee Benefits as a key resource for data privacy issues and incident response;
Serve as a data privacy resource, conduct briefings and create materials and training for data privacy;
Conduct data privacy training;
Conduct privacy consultations with business areas regarding use of PII, including risk mitigation;
Conduct and maintain an inventory of OEB PII;
Responsible for OEB’s compliance with data privacy record retention requirements.

What we are looking for:

Bachelor’s degree and approximately 5-7 years of work experience in a compliance, risk management, privacy or regulatory related function; exposure to data privacy related activities highly desired;
Experience collaborating and consulting across business lines and with external stakeholders;
Background using critical thinking skills and adding value through thoughtful analysis
Experience utilizing data privacy principles to protect information is preferred;
Demonstrated program and project management skills, including the ability to meet tight deadlines and manage multiple projects simultaneously, and influence outcomes ;
Proven ability to work autonomously and identify opportunities for enhanced risk mitigation;
Knowledge of information security frameworks and controls is desired, as the position will work closely with the information security team;
Strong research, writing and presentation skills including the ability to prepare clear and concise reports.

Chief Privacy Officer

Regeneron

Known for its scientific and operational excellence, Regeneron is a leading science-based biopharmaceutical company that discovers, invents, develops, manufactures, and commercializes medicines for the treatment of serious medical conditions. Regeneron commercializes medicines for eye diseases, high LDL-cholesterol, atopic dermatitis and a rare inflammatory condition and has product candidates in development in other areas of high unmet medical need, including rheumatoid arthritis, asthma, pain, cancer and infectious diseases.

Summary:

The Chief Privacy Officer (“CPO”) will ensure full compliance with all applicable privacy laws and regulations globally. The CPO will lead the Company’s Privacy Office and oversee all ongoing activities related to the development, implementation and maintenance of the Company’s privacy program and policies in accordance with applicable laws. In particular, the CPO will provide strategic direction to the Company regarding existing and emerging privacy and data protection laws.

Responsibilities:

Build and enhance a strategic and comprehensive privacy program, including appropriate policies and procedures, to enable consistent, effective data privacy practices, to minimize privacy risk and to ensure the confidentiality of personal data. Ensure privacy forms, policies, standards, and procedures are up-to-date and compliant with laws applicable to the organization.

Working closely with the Chief Information Security Officer (CISO) and Chief Compliance Officer (CCO) and other individuals with privacy and data handling responsibilities in the organization to set strategy, and develop global and regional approaches to complex privacy matters involving systems, data handling and data processing activities.

Work with senior management and the CCO to establish governance for the privacy program.

Collaborate with the Information Technology (IT) department to ensure alignment between security and privacy compliance programs including policies, practices, and investigations.

Establish, with the IT department, systems to track, investigate and report inappropriate or unauthorized access, loss or disclosure of personal data.

Collaborate with the Company’s business development/transactions and contracting teams to address data privacy issues with third parties.

Maintain and periodically update the Company’s data processing documentation including privacy risk assessments/analysis, mitigation and remediation.

Cooperate and collaborate with the Company’s compliance monitoring team in connection with periodic compliance and operational assessment of the Company’s privacy program.

Oversee and develop ongoing privacy training and communications to ensure that the Company’s employees understand how to comply with applicable privacy laws.

Where necessary or appropriate, represent the Company before data protection authorities and other relevant regulators and agencies.

Manage all required breach determination and notification processes under laws applicable to the organization.

Serve as the Company’s data privacy resource and expert regarding sharing of personal information and for all privacy related issues/activities.

In collaboration with the Compliance Department’s investigations team, establish and administer a process for investigating and acting on privacy and security complaints and potential violations of the Company’s privacy policies.

Initiate, facilitate and promote activities to foster data privacy awareness within the organization and related entities.

Must be knowledgeable of applicable global data privacy and security laws including federal, state and international privacy laws such as the GDPR.

Monitor advancements in information privacy technologies to ensure organizational adaptation of beneficial emerging technologies.

Work with the Legal and Compliance Departments, government affairs, and other related internal functions to represent the Company’s interests with regulators regarding data privacy legislation, regulations, or standards.

Manage and Chair the Company’s Privacy Steering Committee and report on a periodic basis regarding the status of the Company’s privacy program and privacy risks to senior management.

Requirements:

Law degree and/or Masters degree in regulatory/healthcare compliance preferred

At least 12+ years’ experience in the legal / privacy profession, including time in or advising pharmaceutical companies on healthcare privacy related activities

In-depth knowledge of global privacy laws related to the pharmaceutical industry and genetics

In-depth knowledge of legal, regulatory, compliance and business environment for the pharmaceutical industry

Experience with building and implementing a global privacy program

Experience dealing with European entities and data protection authorities

Demonstrated ability to work collaboratively within an organization and with all levels of the workforce

Excellent oral and written communication skills

Data Privacy Compliance Manager

Booz Allen Hamilton

Key Role:
Support and enable our existing data privacy and protection compliance program within legal and ethics and compliance. Serve as a key member of a team that drives ethical behavior, shapes our culture of ethics and integrity, designs and implements compliance programs, enforces compliance initiatives, and builds awareness for employees around ethics and compliance. Manage the day-to-day operations of the data privacy program, including incident response and drafting privacy impact assessments and data subject access requests. Participate in the design, development, and implementation of data privacy program enhancements and process improvements necessary to achieve the program’s objectives. Coordinate and work with the program management office to support project planning activities, including drafting and maintaining robust project plans, documenting decisions and dependencies, and spotting and remediating potential gaps or weaknesses in program controls. Work with the data privacy counsel to maintain standards and controls to comply with state, national, and international data privacy regulations and laws.

Basic Qualifications:

8+ years of experience in a professional work environment
5+ years of experience with working in a data privacy program
Experience with drafting privacy impact assessments
Knowledge of incident response processes, procedures, and requirements
Ability to comprehend and work with new and emerging technologies
Ability to collaborate effectively with diverse stakeholders, including business-focused teams, legal and compliance teams, and finance and accounting teams
Ability to work with the data privacy counsel in communicating regulatory guidance
BA or BS degree required

Additional Qualifications:

Experience with using Microsoft Office, including PowerPoint and Excel
Ability to implement processes and procedures with precision and attention to details
Ability to track, organize, and coordinate projects independently to achieve results
Ability to be a team player who fosters professionalism, integrity, and confidentiality in all actions and help the team on a wide variety of tasks, as needed
Ability to be flexible, when required, achieve against tight deadlines, and organize and prioritize work
Possession of excellent analytical skills, including attention to detail
Possession of excellent interpersonal skills, including developing collegial relationships with colleagues at all levels
Possession of excellent oral and written communication skills

People Data Privacy Lead

Facebook

Facebook’s mission is to give people the power to build community and bring the world closer together. Through our family of apps and services, we’re building a different kind of company that connects billions of people around the world, gives them ways to share what matters most to them, and helps bring people closer together. Whether we’re creating new products or helping a small business expand its reach, people at Facebook are builders at heart. Our global teams are constantly iterating, solving problems, and working together to empower people around the world to build community and connect in meaningful ways. Together, we can help people build stronger communities — we’re just getting started.

Facebook’s People Compliance team is looking for a People Data Privacy Lead to help drive the evolution of our people data privacy related processes and operations. This role will report into the Head of People Data Privacy and work closely with cross-functional partners and global stakeholders to manage daily program operations, triage and respond to People Data Privacy related data requests and drive process improvements. A successful candidate will have substantive experience working on and driving solutions around data retention, HR data privacy and/or compliance related issues, with strong analytical and operational background as well as interpersonal and project-management skills.

RESPONSIBILITIES

Assess, process and facilitate Facebook’s cross-functional processes for internal and external people data access requests

Collaborate with cross-functional internal and external points of contact, including global legal partners, to ensure regulatory compliance and mitigate risk

Effectively communicate needs and insights to different levels of cross-functional audiences

Incorporate feedback and interpret results in a fast-paced ambiguous environment, adapting quickly

Help define and enforce best practices and alignment with privacy framework and operations

Support response to people data requests related to data privacy with minimal guidance or oversight

Meet multi-tiered internal SLAs associated with critical due dates

Document, track and report relevant program metrics and milestones

Contribute to continuously improving processes and procedures around data privacy relevant aspects across People teams

Partner closely with a variety of internal stakeholders to design, development, and deploy a data management and archiving process

Proactively identify opportunities to enhance policies relating to the retention and archiving of different types of data and implementation of automated solutions for managing the life cycle of generated data

Maintain strict confidentiality and privacy

MINIMUM QUALIFICATIONS

6+ years experience in Human Resources or Legal Compliance and/or Operations

Experience developing command of regulations and compliance related concepts

Experience communicating issues to cross-functional partners at all levels

Problem solving and conceptual thinking experience

Demonstrated experience issue spotting and assessing information for risk mitigation

Experience working independently and as part of a team, across different regions and time zones

Experience in roles that demand accuracy and quality, prioritization and execution against deadlines

Knowledge of MS Office

Experience with organizing, coordinating, multi-tasking, and process-improvement

PREFERRED QUALIFICATIONS

In-depth knowledge of data privacy (including GDPR) and risk/compliance management concepts in a global context

Experience working in a global, large-scale, complex, and fast-paced environment

Experience with privacy law, policy, or other related field

Experience working within case management systems with strict SLAs

Knowledge of global data retention implementation strategies