Lead - Governance, Risk & Compliance

Overview

Location : San Francisco, CA

Responsibilities

• Lead the development, implementation, and enforcement of data privacy and ethics compliance strategies across the organization.
• Align the company\'s operations with global data protection regulations (e.g., GDPR, CCPA, HIPAA, etc.) and ethical standards.
• Design and update policies to reflect changes in data protection laws, ethical best practices, and emerging risks in the industry.
• Ensure that the organization\'s data handling, storage, processing, and sharing practices comply with relevant local and international data protection laws and regulations.
• Monitor and analyze changes in data privacy regulations and assist in adapting the organization\'s practices to remain compliant.
• Oversee the company\'s compliance with privacy rights, including handling data subject requests (e.g., access, correction, deletion requests).
• Conduct regular audits and assessments to identify potential compliance gaps and implement corrective actions.
• Identify and assess data privacy risks across all business units, including internal and third-party data processing practices.
• Develop and implement risk mitigation strategies for handling sensitive information and personal data.
• Collaborate with the security team to ensure data protection measures are in place and effective.
• Conduct Privacy Impact Assessments (PIAs) and Data Protection Impact Assessments (DPIAs) to evaluate the potential impact of new projects, systems, or processes on data privacy.
• Provide recommendations on how to minimize risks to personal data during the development of new products or services.
• Develop and deliver training programs to raise awareness of data privacy policies, ethics standards, and compliance requirements across the organization.
• Provide guidance to employees on the ethical handling of data, promoting a culture of compliance and responsibility.
• Foster awareness of the organization\'s ethical standards, ensuring employees understand the importance of data privacy in day-to-day operations.
• Create, maintain, and update data privacy and ethics policies, ensuring they meet legal requirements and are easily accessible to relevant stakeholders.
• Ensure clear documentation of data processing activities, including data collection, sharing, storage, and retention practices.
• Regularly review and revise policies to ensure they reflect best practices and align with current regulations.
• Ensure that third-party vendors, partners, and service providers adhere to the organization\'s data privacy and ethical standards.
• Conduct regular audits of third-party contracts, ensuring data privacy clauses are present and being followed.
• Negotiate and implement data protection agreements with third-party vendors and ensure that adequate safeguards are in place when transferring data.
• Respond to data privacy incidents, breaches, or violations by leading investigations, reporting findings, and implementing corrective actions.
• Ensure compliance with breach notification requirements, including timely reporting to regulators and affected individuals when necessary.
• Work with legal and security teams to develop and implement incident response plans specific to data privacy breaches.
• Act as the main point of contact for all data privacy-related issues within the organization, including communication with executives, employees, regulators, and external stakeholders.
• Prepare and present regular reports on compliance status, data privacy incidents, and strategic initiatives to senior leadership.
• Advocate for and ensure that ethical considerations are integrated into business practices, particularly with regards to data usage, privacy, and security.
• Review the organization\'s operations and initiatives to ensure they align with corporate social responsibility (CSR) goals and ethical standards.
• Ensure the organization\'s use of data aligns with its stated values and commitment to protecting individuals\' privacy rights.
• Keep up to date with evolving data privacy laws, regulations, and ethical standards to ensure ongoing compliance. Participate in industry groups, attend conferences, and maintain professional certifications to stay ahead of trends and challenges in data privacy and ethics.

Requirements

#J-18808-Ljbffr