Data Protection and Privacy - Assistant Director (Data RiskManager)

Data Protection and Privacy - Assistant Director (Data RiskManager)

Location : Anywhere in Country

At EY, we’re all in to shape your future with confidence. We’ll help you succeed in a globally connected powerhouse of diverse teams and take your career wherever you want it to go. Join EY and help to build a better working world.

Data Protection and Privacy – Assistant Director (Data Risk Manager)

Risk Management supports our people in managing the risks that arise during our daily working lives. We work closely with all parts of the organization to identify, manage and monitor risk, providing coordinated advice and assistance on independence, conflicts, compliance, regulatory, policy, security issues, as well as dealing with claims and any queries regarding ethics.

The opportunity

We are operating in an increasingly connected world that is changing how to manage risk. With fast-paced technology advancements, new innovations within emerging technologies, and an ever-challenging regulatory environment, it is business critical for our organization to not only identify the risks, but also the opportunities these present. As a Data Risk Manager, you will make educated, thoughtful decisions on Risk Management. Our brand depends on it. It’s all part of our long-term commitment to building a better working world and in return, you can expect plenty of opportunities to take on new responsibilities and develop your career.

Your Key Responsibilities

As part of EY Americas Data Protection (Confidentiality, Data Privacy) function, you will assist in the development, implementation, and monitoring of various activities within the Data Protection program. The position involves managing the firm’s confidential and personal information inventory and data subject rights (DSR) request process. The position also involves investigating and addressing data incidents (loss, theft, and inappropriate disclosure or use of confidential / personal information) in accordance with EY’s policies and procedures.

You will serve as the primary point of contact for EY client serving teams and work across functions (Legal, IT, Investigations, Executive Leadership) to coordinate various efforts (e.g., incident response, data inventory management, DSRs). You will help with interpreting data protection and privacy laws and policies, determining required actions to standard and non-standard situations, and making recommendations based on firm guidance, professional standards, and acquired experience. The position involves coordination and reporting of various Data Protection activities to stakeholders and interacts with executive-level personnel.

Skills And Attributes For Success

Leads Data Risk Management activities within the Data Protection program, including but not limited to :

Maintaining EY confidential and personal information inventory, in partnership with EY internal functions and service lines, to understand types of information that require protection and to fulfil data protection regulatory requirements (e.g., Records of Processing Activities (ROPA))

Responding to data subject rights (DSR) and internal data access requests in accordance with applicable data protection legal and regulatory requirements and EY policies

Documenting, conducting, and assisting others with investigations of data incidents; collaborating with clients, internal functions, and EY service lines to understand root cause, assess impact, and develop remediation plans

Collaborating with EY Information Security functions to design and implement controls (e.g., data loss prevention, insider threat detection) to protect confidential and personal information

Developing, driving, and executing strategy to continuously build out the Data Risk Management function to align with industry leading practices and data protection regulatory requirements

Assists other functions of the Data Protection program, including but not limited to : tracking and analyzing new and / or revised applicable data protection laws, regulations, and standards (e.g., CPRA, CCPA, HIPAA)

Developing and maintaining EY U.S. data protection policies, guidance, training, and awareness communication plan to reflect new and / or changes to data protection laws

Interacts with various stakeholders and functions across the organization, such as EY’s Information Security, Risk Management, General Counsel’s Office (GCO), Service Line Quality, Talent, and client serving teams

Partnering with local and Global teams across the above Data Protection processes

Working with Service Line Quality teams to understand and recommend enhancements to service line policy or awareness efforts

Assisting in reporting on various data protection program activities to key stakeholders, including senior leaders within EY Service Line Quality, GCO, Risk Management, and others

Developing relationships across teams / functions

Maintains and expands knowledge of the field and communicates new developments to program stakeholders

Participates in other ad hoc projects as assigned

To qualify for the role you must have

Strong verbal and written communications skills, and the ability to interface and communicate effectively with all levels of EY personnel

Solid understanding of relevant firm business and data protection issues

Strong project management and problem-solving skills

Strong investigative mindset with ability to assess situations and determine impact

Proven ability to lead under pressure

Flexibility and initiative

Independent decision-making skills and discretion on when to escalate to senior members of the Americas Data Protection team

Ability to right-size risk

High degree of cultural and emotional intelligence

Ability to deliver tough messages to executive leaders

Strong organizational skills and ability to manage multiple tasks and deadlines in a fast-paced environment

Ability to train and supervise local or virtual teams

Ability to foster teamwork and maintain effective working relationships with internal clients / stakeholders

Responsiveness with ability to manage high workload volumes

Good working knowledge of information systems and common software

Experience with data protection technologies (e.g., Data Loss Prevention) preferred

Bachelor’s degree or equivalent work experience; Graduate degree preferred

4-6 plus years related experience

Ideally, you’ll have

Ability to reference existing firm data protection and privacy policies and propose solutions for complex situations

Strong knowledge of global, national, and local data protection laws and standards

Familiarity with other risk management initiatives outside of data protection

Understanding of high-level technology trends and data protection issues

Privacy certification from ISACA or IAPP (e.g., CIPP, CIPM, CDPSE)

What We Look For

We’re looking for people who can right-size risk and propose creative solutions to complex problems and take responsibility for complex Risk Management projects.

What We Offer You

EY offers a comprehensive compensation and benefits package, including a competitive base salary and Total Rewards. Our hybrid model expects most client-facing roles to work in person 40-60% of the time. We support flexible vacation and leave policies to support well-being.

EY is an equal opportunity employer. We provide reasonable accommodation to qualified individuals with disabilities, including veterans.

For more information about EY, visit our careers page. EY focuses on high ethical standards and integrity among its employees.

#J-18808-Ljbffr