Data Privacy & Risk Specialist
The Judge Group is seeking a Data Privacy & Compliance Specialist. The individual in this position will represent the Data Privacy team within the North America businesses, translating policy and privacy standards into requirements within our IT and business environments. This role will be responsible for advising the company on Privacy and Information Risk by Design with respect to all information systems and practices, acting as the technical subject matter expert on all elements related to data privacy protection and risk mitigation. As part of this role, this individual will work with colleagues across IT, Legal, Finance, HR, Digital, Customer Service, and Marketing on building data protection principles into the implementation of new projects and initiatives as well as the development of compliant systems and processes.
- Driving the Data Privacy vision and objectives for North America.
- Partnering with IT and business owners to provide advisory and consulting services around data privacy and associate risk mitigation;
- Assessing current software and systems for compliance with data protection principles and recommending changes and new technologies to help mitigate privacy vulnerabilities and prevent potential future privacy risks;
- Defining and implementing risk-based solutions to ensure Privacy and Information Security by Design is adequately embedded in IT and Business projects and systems across the company, including through the development and training of users to help drive toward compliant design;
- Maturing enterprise-wide information lifecycle management strategy and governance process to identify, classify and protect personal data over its lifecycle;
- Serving as the “go to” person for business stakeholders to help them implement advice from the Privacy Team;
- Helping and getting started with at flight privacy, information security and risk project: Data Retention, Data Classification, Data mapping, alignment of global privacy operation. It’s a small and growing team where you’ll get experience working on a broad range of projects.
- Assisting with IT training and awareness campaigns, particularly with a focus on data protection initiatives, including managing anti-phishing campaign;
- Providing forensics and management from the IT perspective of any suspected personal data incidents, working with the IT Compliance and Security Operations;
- Advising on data anonymization, pseudonimization and encryption techniques to develop systems that preserve and improve privacy protections;
- Overseeing asset inventories to meet regulatory requirements
- Working with business functions to conduct regular privacy assessments of operational processes, identifying, and mitigating risks across the company.
- BS or MS degree in computer science, computer engineering, information systems, privacy engineering or related field of study
- 3-4 years' experience in privacy / data protection or a graduate degree or concentration in privacy engineering
- CIPP/E, CIPP/US, CIPM, CIPT, or other privacy certifications, preferred
- OneTrust Product Certification, Preferred
- CISSP, CISA, CISM or other similar certifications, preferred
- PMP preferred
- OneTrust privacy Platform, preferred
- Proficient in the use of Microsoft Office Suite, including Office 365, OneDrive, SharePoint and Visio
- Knowledge and/or experience with GRC platforms, information governance software, records management software, or similar technologies, preferred
- Knowledge of Microsoft SQL, Oracle and/or other database solutions, preferred
- Executive presence, and ability to act as primary contact on assigned projects
- Capable of working with global corporate teams
- Strong analytical and advanced research skills related to industry trends and technology
- Ability to interact effectively with people at all organizational levels of the Firm and with Vendors
- Capacity to build and maintain strong relationships with internal and external personnel