This content was reproduced from the employer’s website on February 7, 2023. Please visit their website below for the most up-to-date information about this position.
What can you tell your friends when they ask you what you do?
I am responsible for working on risk and compliance programs, conducting data privacy risk assessments, identifying non-compliance issues, reporting on compliance and risk levels, responding to external compliance requests, and collaborating with cross-functional partners to manage remediation activities. The mission of this position is to assist in the execution of a Security and Privacy Compliance program that will proactively reduce security, privacy, and compliance risk to the organization.
You will be responsible for and take pride in…
● Implementing compliance controls, risk assessment frameworks, and programs to align the organization to regulatory requirements to ensure documented and
sustainable compliance
● Conducting investigations and analyses to determine the nature and scope of compliance privacy concerns, devise effective and efficient solutions, and drive solution
implementation based on risk
● Administering risk and compliance training programs and attestations
● Performing data privacy risk and impact assessments and data mapping exercises
● Analyzing risk and compliance impact on new products and technologies through vendor onboarding
sustainable compliance
● Conducting investigations and analyses to determine the nature and scope of compliance privacy concerns, devise effective and efficient solutions, and drive solution
implementation based on risk
● Administering risk and compliance training programs and attestations
● Performing data privacy risk and impact assessments and data mapping exercises
● Analyzing risk and compliance impact on new products and technologies through vendor onboarding
● Monitoring and maintaining control status in ISMS online and OneTrust, following up with control owners for updates, support completion of internal goals, and providing regular reporting to management on status
● Reviewing ISO 27001/701 program compliance.
● Reviewing and responding to the third party due diligence questionnaires and data subject requests
● Reporting to management on risk and compliance metrics
● Drafting, updating, and maintaining process documents
● Participating in projects to enhance data.ai’s privacy and compliance program including the development, measurement, and monitoring of key performance and key risk
indicators
● Reviewing ISO 27001/701 program compliance.
● Reviewing and responding to the third party due diligence questionnaires and data subject requests
● Reporting to management on risk and compliance metrics
● Drafting, updating, and maintaining process documents
● Participating in projects to enhance data.ai’s privacy and compliance program including the development, measurement, and monitoring of key performance and key risk
indicators
You should recognize yourself in the following…
● BS or MS in computer science, information security, or equivalent experience
● 2+ years experience in analyzing security and/or privacy risk and compliance
● CISSP, CISA, CISM, CRISC, or equivalent experience preferred or working to obtain such certifications
● Experience researching security and privacy requirements and regulations (GDPR, CPRA,
etc.)
● Experience with auditing security and working with internal and external auditors, including ISO 27001/701
● Experience in completing third-party risk assessments
● Knowledge and passion for security general computer controls
● Experience as an internal or external auditor preferred
● Exceptional project management, attention to detail, communication, problem-solving skills, a strong sense of ownership, and an innovative mindset
● Ability to work on multiple assignments simultaneously and effectively prioritize work
● Ability to work across multiple time zones for a global company; primarily Pacific US
● 2+ years experience in analyzing security and/or privacy risk and compliance
● CISSP, CISA, CISM, CRISC, or equivalent experience preferred or working to obtain such certifications
● Experience researching security and privacy requirements and regulations (GDPR, CPRA,
etc.)
● Experience with auditing security and working with internal and external auditors, including ISO 27001/701
● Experience in completing third-party risk assessments
● Knowledge and passion for security general computer controls
● Experience as an internal or external auditor preferred
● Exceptional project management, attention to detail, communication, problem-solving skills, a strong sense of ownership, and an innovative mindset
● Ability to work on multiple assignments simultaneously and effectively prioritize work
● Ability to work across multiple time zones for a global company; primarily Pacific US