Privacy Program Manager
The Privacy Program Manager’s primary role will be to build out the companies privacy compliance and controls framework, drive continuous improvement and strengthen controls. Furthermore, you will interface with departments including information security, marketing, and operations to position the company to meet regulatory requirements and to ensure it continues to support the dynamic data protection environment.
Additionally, while the Company’s accounting and finance department is currently working remote, the expectation is that this position will be primarily office-based once employees are able to return to the office.
Essential Duties & Responsibilities
· Design the program for any new or existing privacy regulations, including understanding the regulation, identifying key requirements which require improvement or change in current practices and operationalizing our response to meet those requirements.
· Lead, coordinate and manage internal and external assessments of privacy program and processes to meet global requirements.
· Manage internal privacy processes under applicable regulatory regimes (such as access and deletion requests, maintaining records of data processing activities, and conducting privacy impact assessments).
· Collaborate with various teams to prioritize projects and solutions to reduce privacy risk and improve compliance.
· Ensure progress on priority work-streams, help build decision-making frameworks and deliverables.
· Prepare communication materials and progress tracking for multiple audiences including leadership, legal, operations and security teams.
· Build and maintain an inventory of all global privacy regulations and a map of our compliance and product positions vis-a-vis those regulations.
· Build a long-term view on global privacy regulations and distill them into an actionable privacy framework for the company.
· Educate and train teams about privacy and data protection.
· Lead a system for embedding privacy by design into companies culture and ensuring adherence to its policies for responsible use of data.
· Establish and manage measures for mitigating risks related to collection and use of data while preserving ability to innovate and serve its customers.
· Work with senior management to enhance and maintain privacy training, compliance programs, vendor management on privacy issues, and audits.
· Work with the legal team to stay current in legal risks and requirements across all countries where we operate, and implement changes required for compliance and harmonization of practices.
· Work with the legal team to respond to inquiries from regulators, enforcement agencies, and data protection authorities.
· Monitor the effectiveness of privacy-related risk mitigation and compliance measures.
· Validate and update controls to protect data from unauthorized access and use while ensuring easy access for proper uses.
· Communicate privacy principles both internally and externally and in a consumer-centric way.
· Assess privacy-related risks arising from existing products and services.
This position is ideally suited for an individual who is detail oriented and driven by growth and change. This individual should have excellent time management skills and strong relationship management capabilities. Other qualifications include:
· Bachelor’s degree
· Law degree, a plus
· CIPP, CIPM, CIPT, CISSP, or other related certification
· 5+ years relevant experience in data privacy compliance
· Subject matter experience with privacy and data protection measures, including regulations such as GDPR and CCPA.
· Knowledge of compliance methods, standards, processes, governance models, and industry standard compliance frameworks.
· Ability to work as part of a team, as well as an individual contributor
· Independent, proactive, and “roll up your sleeves” attitude
· Ability to work in a global environment across multiple locations
· Demonstrated experience in developing and managing a privacy compliance program that balances risk and the needs of the business.
· Excellent interpersonal, verbal, and written communication skills with the ability to communicate privacy concepts to a broad range of technical and non-technical staff.
· Demonstrated success working with internal audit, external auditors, outside consultants, and legal outside counsel.
· Equally comfortable working with other members of the team, as well as independently.
· Strong technical foundation to be able to develop Viking’s privacy program best practices based on compliance requirements systems and processes.
· Ability to manage multiple projects