20 days old

Audit & Compliance Privacy Lead

Glen Mills, PA 19342
  • Job Code

The Privacy Officer is responsible for the organization's Privacy Program (GDPR) including, but not limited to, daily operations of the program, development, implementation, and maintenance of policies and procedures, monitoring program compliance, and investigation and tracking of incidents and breaches in accordance to the GDPR (General Data Protection Regulation). Is also the privacy lead for the Privacy Shield program.

The incumbent works closely with the other internal groups, leadership and member firm technology teams to ensure privacy policies and procedures are incorporated in all applicable processes. He/she is the service delivery owner and is accountable for maintaining all GDPR and Privacy policies and procedures.

This Lead Privacy role requires mastery skills that enable the individual to deliver a high level of service to the business and to meet the service management expectations of a highly available agile infrastructure. Mastery knowledge of core, specialized and technical competencies is required, along with a very solid understanding of an enterprise IT infrastructure operational environment. The incumbent should be a subject matter expert in Information Security processes and standards. In addition, the incumbent should possess knowledge of Information Technology Infrastructure Library (ITIL) and IT Service Management (ITSM).

Role Specific Responsibilities

  • Builds a strategic and comprehensive privacy program (In accordance with the Privacy Office) for the company that defines, develops, maintains and implements policies and processes that enable consistent, effective privacy practices which minimize risk and ensure the confidentiality of protected information across all media types.
  • Works with organization senior management, security, and corporate compliance officer to establish governance for the GDPR program.
  • Ensures privacy policies, standards, and procedures are up-to-date.
  • Collaborate with the information security and the privacy office to ensure alignment between security and privacy compliance programs including policies, practices and investigations.
  • Establishes, with the information security officer and the privacy office, an ongoing process to track, investigate and report inappropriate access and disclosure of protected information. Monitor patterns of inappropriate access and/or disclosure of protected information.
  • Performs or oversees initial and periodic data privacy risk assessments and analysis, mitigation and remediation.
  • Conducts related ongoing compliance monitoring activities in coordination with the organizations other compliance and operational assessment functions.
  • Takes a lead role to ensure the organization has and maintains appropriate privacy and confidentiality consents, authorization forms and information notices and materials reflecting current organization and legal practices and requirements.
  • Participates in the development, implementation, and ongoing compliance monitoring of all business associates and business associate agreements, to ensure all privacy concerns, requirements, and responsibilities are addressed.
  • Manages all required breach determination and notification processes under GDPR rules and requirements.
  • Establishes and administers a process for investigating and acting on privacy and security complaints
  • Performs required breach risk assessment, documentation, and mitigation.
  • Serves as information privacy resource to the organization regarding release of information and to all departments for all privacy related issues.

  • Ensure awareness, training and compliance with all Privacy policies and procedures.

Knowledge Sharing / Documentation

  • Collate data and distribute daily and monthly operational reports OR Produce daily and monthly reports on Privacy activities
  • Contribute to, produce and maintain processes, procedures, operational documentation as well as drive continual improvement initiatives related to GDPR and PIA process.
  • Work with CTO leadership and applications teams in reviewing new documentation as it is available for GDPR
  • Ability to explain GDPR in nonprofessional business language for consumption by business leaders, practitioners and client engagement team leaders. Level of knowledge, confidence and finesse to represent IT security in meetings with senior leaders.

Education (degree): Bachelor's Degree in Computer Science or other technology subject or equivalent industry experience. Master's Degree a plus

Years of Experience: 10 plus years in a large global enterprise environment (ideally Microsoft-based), at least 8-10 years of information security and 5 or more years of audit experience managing and leading various audit processes. The candidate must have a strong Service Management and/or Security background

Excellent communication and leadership skills.

Technical Skills

  • Proven experience with ISO and SOC2. Additional experience with HIPPA and Privacy Shield is a plus
  • Advanced understanding and recent experience with ISO 2700 family of standards including (but not limited to): ISO 27001 requirements (clauses 4-10) and ISO 27002 control guidance, ISMS methodology implementation, solution design and process design
  • Risk treatment management and corrective action planning
  • Core Microsoft infrastructure applications including but are not limited to: Microsoft Windows Server Operating System, Exchange, IIS, SQL, System Center and other applications as deployed by the firm
  • Demonstrates ability to influence decision-making through high level analysis and interpretation of data from multiple sources. Ability to critically analyze results to detect data errors, anomalies or conflicts.
  • Executes design activities and establishes standards / leading practices for service design activities
  • Demonstrated knowledge and strong interest in keeping abreast of Information Technology Service Management trends, directions and emerging technologies including systems/technologies integration and design/architecture
  • Strong understanding of service process and frameworks/ standards such as CMMI, MOF and COBIT.

Other Qualifications

  • Professional Qualifications are preferred, including:

    • ISO 27001 Lead Implementer and/or Lead Auditor
    • PMP
    • CISSP or CISM certification
    • CISA


  • Information Technology

Randstad utilizes a technology-driven focus with a human touch to provide better staffing and business solutions to organizations around the world. Our team of experts match professionals with available career opportunities in a variety of fields.

Featured Jobs

Career News

Share this job:

Audit & Compliance Privacy Lead

Randstad Technologies
Glen Mills, PA 19342

Share this job

Audit & Compliance Privacy Lead

Randstad Technologies
Glen Mills, PA

Separate email addresses with commas

Enter valid email address for sender.

Join us to start saving your Favorite Jobs!

Sign In Create Account
Powered ByCareerCast