Job description / Role
Design and Develop
• Understand the organization and environment and then Designs and Develops the overall Data Privacy and Protection Regulatory Framework.
• Establishes, advises, and coordinates Client’s Data Privacy & Protection compliance framework.
• Designs, implements, and maintains an adequate integrated incident response and data breach notification procedure as required in line with Client’s policies, standards, and procedures.
• Develops, coordinates and provides guidance, assessments, training, and monitoring of the compliance and Data Privacy/Protection control environments within the business units.
• Develops and implements Data Classification Standards in line with internal policies and global frameworks by working with and managing senior stakeholders.
• Work with the business, including product and technology teams, to design innovative privacy solutions as part of pragmatic advice and conducting Privacy Impact Assessments.
• Develop and lead training and awareness sessions with the business to promote a culture of privacy and advise business and sector leads to understand how privacy requirements affect their area.
• Develops and implements the integrated Trusted Authenticated Identities and Privacy framework by working with other stakeholders.
• Identifies roles for citizens, processes, and technologies required for trusted identification, authentication, and authorization within the Trusted Identity Ecosystem.
• Develops a Trust Framework that defines the rights and responsibilities of Client’s staff in the Identity Ecosystem.
Implement, Operate and Manage
• Supports the Compliance, Legal, Data Governance, Physical Security and Cyber Security Teams, respectively, in strengthening Client’s compliance and data privacy and protection efforts.
• Monitors and communicates relevant developments globally and more specifically in the region relating to Data Privacy and Protection.
• Leads the design, creation, coordination, and implementation of policies, procedures, and training addressing Data Privacy and Data Protection issues in Client’s while serving on and supported by the Cyber Security team.
• Provides guidance and negotiates data provisions contained in advertising, marketing, and commercial agreements, including data rights agreements, data protection agreements, and data provisions.
• Assists compliance and legal team members on advising senior leadership on data policy issues and in connection with compliance matters for data and privacy laws and regulations, including GDPR, the California Consumer Privacy Act, and other data protection, data retention, data security, and data breach regulations.
• Develops and performs project-based, privacy-related impact assessments and audits cross-functionally on an adhoc basis and periodically to ensure high compliance to global Data Privacy and Protection requirements within Client.
• Review and analyze new products and services, including online and mobile applications, for compliance with applicable privacy laws.
• Create dashboard views to critical Data Privacy and Protection risk metrics to drive alerts, progress and continuous improvement.
• Works with internal Departments and stakeholders to ensure that Client’s internal staff, its Customers and third parties are all covered within the Data Privacy and Protection standards.
• Works with other entities to understand their solutions and key projects to evaluate and monitor data privacy and protection compliance, paying attention to details, while understanding the big picture
• Manages other duties as assigned related to Data Privacy and Protection by Identifying and executing against key milestones in a fast-paced, team-oriented environment.
• Collaborate with relevant business stakeholders on continuous improvement initiatives designed to improve the performance and maturity of Client’s privacy program
• Foster partnerships with the business as a Data Privacy and Protection trusted advisor and subject matter expert
• Maintain knowledge of applicable privacy laws, regulations, standards, and advancements in technologies
• Manage and take ownership of privacy incidents to completion.
• Support and conduct Issue Response Management and complaint handling for privacy issues, deviations and non-compliance within area of responsibility.
• Acts as point of contact with data subjects, supervisory authorities and internal teams
• Identifies and evaluates Client’s data processing activities
• Provides advice and conducts Data Protection Impact Assessments (DPIAs) and Data Inventorization
• Monitors data management procedures and compliance within Client’s
• Participates in meetings with managers to ensure privacy by design at all levels
• Maintains records of processing operations
• Ensures Client’s addresses all queries from data subjects within legal timeframes (e.g. delete their information from databases)
• Liaises with other organizations that process data on Client’s behalf
• Writes and updates detailed guides on data protection policies
• Performs privacy audits and determines whether we need to alter Client’s procedures to comply with regulations
• Offers consultation on how to deal with privacy breaches
• Follow up with changes in law and issue recommendations to ensure compliance
• Provide oversights and SME input to the design, build and implementation of technology tools that support the Information Classification and Protection strategy, objectives and operational requirements.
• Develops Data Classification Standards for Client’s
• Develop DLP incident management and escalation workflows
• Develop employee communication strategies and security awareness training
• Conduct Data Classification DLP tool training with staff and others
• Develop DLP policy
• Document DLP processes and procedures
• Strategize incident retention
• Develop methods for risk reduction (reports and dashboards)
• Monitor and tune program process
• Owns and manages Data Classification and DLP tool configuration, ensuring appropriate governance and change control arrangements are operating across the business.
• Knowledge and experience of establishing and running monthly information protection technology boards, acts at chairperson.
• A minimum of a Bachelor’s degree and a strong interest in IT applications and operations.
• Minimum of 10-15 years professional experience in IT and at least 5 years of consulting experience in a big 4 or equivalent consulting firm.
• Certification as a Certified Information Systems Security Professional (CISSP) and/or Systems Security Certified Practitioner (SSCP) is desirable.
• Minimum of 10 years of experience in a combination of risk management, information security, security operations, and Product Engineering roles.
• At least 4 years in a senior leadership role in security.
• Relevant experience managing security for companies that leverage cloud technologies such as Amazon Web Services (AWS), Google Cloud Platform (GCP), or Azure and / or offer platform as a service (PaaS) with security commitments to customers and partners.
• Relevant experience working in the healthcare/life sciences industry with a deep understanding of regulatory frameworks such as ISO, GDPR, FDA, CE, HIPAA, HITRUST, etc. is highly desired.
• Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate security and risk-related concepts to technical and non-technical audiences.
• Must be able to effectively liaise with internal direct reports and senior management as well as external customers, clients, partners and stakeholders.
• Must be a critical thinker, with strong problem-solving skills.
• Ability to lead and motivate cross-functional, interdisciplinary teams to achieve tactical and strategic goals.
• The incumbent must have an in-depth understanding of IT agile software development frameworks, strong knowledge of IT best practices and protocols, operational risk management, and in-depth knowledge and expertise of the Client’s operations, including IT practices. Specific expertise should include:
• IT Management practices and protocols, including in-depth knowledge of international IT standards.
• Solid knowledge of IT application design, development, support and Operations Audit methodology
• A practical and proactive problem-solver who possesses strong business acumen and is confident, mature, and calm.
• Excellent time management skills with the ability to prioritize and multitask and work under shifting deadlines in a fast-paced environment.
• Ability to work independently and in a team environment with both the local and global Compliance and Legal teams and the information security teams.
• Excellent written and verbal communication skills.
• Bachelors or Masters degree in IT, computer science, Software engineering, Data Privacy
• Experience with Internet of Things, Cloud data services (Azure, Google IoT)
• Industry certification in one or more of the following: C++, Java, SQL, Python, MCSE, CCNP, CCSA, CISA, CA, CCSP, ISC, ITIL, etc.
About the Company
Parisima specialises in building high performing workforces that improve business performance. Our experience has demonstrated that the most effective organisations view their employees as their most important asset and view Talent Management as a holistic end-to-end complementary process.
Whether it’s a partial or fully outsourced recruitment solution or a focus on a particular area of your talent acquisition cycle, our solutions are tailored to address your specific challenges. We are experts in optimising talent acquisition and resourcing functions to build high performing organisations with high performing individuals.
Through key strategic partnerships, Parisima is the only organisation in the Middle East that specialises in addressing the full employee lifecycle. This includes Hiring (talent acquisition, applicant-tracking systems, assessments for recruitment and development) and Retention (employee engagement surveys, employee recognition and reward programs and executive leadership programs).