Lead - Governance, Risk & Compliance

Description:

Location:

San Francisco, CA

Responsibilities:

1. Develop Data Privacy and Ethics Strategies:

• Lead the development, implementation, and enforcement of data privacy and ethics compliance strategies across the organization.

• Align the company's operations with global data protection regulations (e.g., GDPR, CCPA, HIPAA, etc.) and ethical standards.

• Design and update policies to reflect changes in data protection laws, ethical best practices, and emerging risks in the industry.

2. Regulatory Compliance:

• Ensure that the organization's data handling, storage, processing, and sharing practices comply with relevant local and international data protection laws and regulations.

• Monitor and analyze changes in data privacy regulations and assist in adapting the organization's practices to remain compliant.

• Oversee the company's compliance with privacy rights, including handling data subject requests (e.g., access, correction, deletion requests).

• Conduct regular audits and assessments to identify potential compliance gaps and implement corrective actions.

3. Risk Management and Mitigation:

• Identify and assess data privacy risks across all business units, including internal and third-party data processing practices.

• Develop and implement risk mitigation strategies for handling sensitive information and personal data.

• Collaborate with the security team to ensure data protection measures are in place and effective.

4. Privacy Impact Assessments (PIAs) & Data Protection Impact Assessments (DPIAs):

• Conduct Privacy Impact Assessments (PIAs) and Data Protection Impact Assessments (DPIAs) to evaluate the potential impact of new projects, systems, or processes on data privacy.

• Provide recommendations on how to minimize risks to personal data during the development of new products or services.

5. Internal Training and Awareness:

• Develop and deliver training programs to raise awareness of data privacy policies, ethics standards, and compliance requirements across the organization.

• Provide guidance to employees on the ethical handling of data, promoting a culture of compliance and responsibility.

• Foster awareness of the organization's ethical standards, ensuring employees understand the importance of data privacy in day-to-day operations.

6. Policy and Documentation:

• Create, maintain, and update data privacy and ethics policies, ensuring they meet legal requirements and are easily accessible to relevant stakeholders.

• Ensure clear documentation of data processing activities, including data collection, sharing, storage, and retention practices.

• Regularly review and revise policies to ensure they reflect best practices and align with current regulations.

7. Third-Party and Vendor Management:

• Ensure that third-party vendors, partners, and service providers adhere to the organization's data privacy and ethical standards.

• Conduct regular audits of third-party contracts, ensuring data privacy clauses are present and being followed.

• Negotiate and implement data protection agreements with third-party vendors and ensure that adequate safeguards are in place when transferring data.

8. Incident Management and Breach Reporting:

• Respond to data privacy incidents, breaches, or violations by leading investigations, reporting findings, and implementing corrective actions.

• Ensure compliance with breach notification requirements, including timely reporting to regulators and affected individuals when necessary.

• Work with legal and security teams to develop and implement incident response plans specific to data privacy breaches.

9. Stakeholder Communication:

• Act as the main point of contact for all data privacy-related issues within the organization, including communication with executives, employees, regulators, and external stakeholders.

• Prepare and present regular reports on compliance status, data privacy incidents, and strategic initiatives to senior leadership.

10. Ethical Business Practices:

• Advocate for and ensure that ethical considerations are integrated into business practices, particularly with regards to data usage, privacy, and security.

• Review the organization's operations and initiatives to…