The Global Governance, Security and Privacy (G-GSAP) team is responsible for developing, implementing, and administering Catalina’s global security, privacy, and data governance compliance programs. With data governance, security, risk and privacy concerns so prevalent, Catalina’s GSAP organization’s mission is to protect Catalina’s brand by identifying and reducing risk across the enterprise to improve: data quality, levels of privacy, cybersecurity, and resilience. GSAP will identify data use issues, risks, recommend solutions, and handle investigations, breaches, and incidents to ensure Catalina’s data is of high fidelity and that there is a trusted and private environment that provides Catalina and Catalina clients the freedom to innovate, grow, pursue strategic goals, and to do business anywhere and anytime.
This position will report to the VP, Security and Privacy (Chief Information Security Officer/Chief Privacy Officer)
- The role is focused on Privacy (70%) with the remaining focusing on information security (10%) and management (20%).
- Successful candidate will join a team of highly qualified individuals who collaborate and support each other.
- Candidate will have the opportunity to grow their knowledge not only in privacy but also security and data governance.
- Lead a small team of privacy analysts; responsible for hiring, training, and empowering the team to successful outcomes.
- Develop and manage a privacy program for consumer and personal data/personal information; and deploy required resources, policies, and procedures.
- Evaluate, lead, and ensure global compliance for GDPR, CCPA, and other applicable privacy laws.
- Monitor and respond to regulatory changes through regular review and revision of policies/documentation and internal procedures, ensuring compliance with global privacy laws.
- Work with operations and product development teams to ensure company products comply with applicable privacy laws and follow the concept of privacy by design.
- Oversee data mapping and lead privacy audit activities via OneTrust platform.
- Acts as subject matter expert for all data privacy related tools and applications, including OneTrust platform.
- Collaborate with DPO’s and security champions to ensure alignment across the global privacy program.
- Stay up-to-date on GDPR, APPI, CCPA, and other relevant privacy regulations.
- Through analysis, deliver guidance to ensure consumer experiences and internal data collection are consistent with Catalina’s privacy principles as well as applicable laws.
- Review and update Catalina’s Privacy Notice.
- Review, comment, and coordinate on contracts, security assessments/questions, DPIAs and other such tasks that align to information security and privacy.
- Evaluate and authorize any release of customer information and data, whether externally or for internal (affiliate) use, in strict conformance with the law.
- Perform or oversee second level review of all privacy related issues, requests, & complaints.
- Oversee Data Subject Rights (DSR) process; oversees & tracks completion and compliance within timelines.
- Encourage privacy best practices through consistent analysis, feedback, & follow-through with external teams.
- Periodically review Catalina’s information systems to monitor for privacy compliance
- Work with other members of the GSAP leadership team to ensure alignment between security and privacy compliance programs including policies, practices, investigations, training, and awareness and act as a liaison to the information systems department.
- Develop, inform, and deliver privacy training to Catalina employees and, in some cases, vendors.
- Oversee the Data provider due diligence process.
- Participate in breach preparedness training and readiness tests and support the investigation of any potential breach incidents, including remediation.
- Support business initiatives regarding digitalization and mobility by ensuring proper privacy measures are implemented in the business solutions and related commercial contract terms.
- Embed security and privacy by design into all releveant processes and procedures; review proposed solutions and recommend the risk appropriate security direction, or acceptable alternatives.
- Member of the incident response team; help troubleshoot and remediate incidents.
- Establish and maintain a mechanism to track access to and use of PII, NPPI and other sensitive data as required. by law and to allow qualified individuals to review or receive a report on such activity
- Review and provide input into compliance courses on the internal Learning Management System tool.
- Serve as primary point of contact from Legal and internal audit for any internal or external requests.
- Liaise with country, federal, and state regulators/supervisor authorities, as needed.
- Liaise with other team members and with the Legal department to maintain subject matter expertise, contribute to team knowledge, and maintain consistency with our business partners.
- Expected travel 15% or less
- Bachelor’s Degree or other degree demonstrating focus on the intersection of technology, compliance, or policy
- Experience with One Trust; ability to drive efficiency and ensure maximum implementation
- IAPP Certification obtained within 18 months of hire
- Minimum of 5 years related experience of which 3 years is privacy experience
- Proven people leadership experience or a minimum of 5 years of privacy experience and on a management track (i.e. served in a lead capacity)
- Knowledge of GDPR, APPI, HIPAA, CCPA, and other privacy regulations; experience with compliance such as internal or external audit
- Must have foundational understanding of security controls, frameworks
- Experience implementing privacy and risk management frameworks at department and enterprise levels
- Experience working with Information Technology teams
- Experience and exposure to working with teams, globally, and adapt accordingly to potential cultural differences to deliver communications and effectively execute deliverables
- Experience working with, and influencing, business leaders in promotion of consistent practices and policy
- Strong ability to communicate the importance of privacy by design as a business differentiator and core value, beyond legal compliance
- Must be able to speak, read, and write English; effective verbal and written communication and skills
- Ability to successfully drive projects in collaboration with multiple stakeholders
- Adaptable to change and ambiguity; ability to work independently without direct supervision
- Excellent client relationship skills at the project leadership level, demonstrated effective teamwork, and a track record of consistently exceeding goals
- Ability to attract, retain, engage and develop teams in a fast-paced, transformational environment
- Ensure there is a focus on accountability and performance, with clear line of sight between organization strategy and individual goals
- Without fail, embody Catalina values
Catalina is a recognized leader in highly targeted, personalized digital media that drives, tracks and measures sales lift for leading CPG retailers and brands. Powered by the most extensive shopper database in the world, Catalina's mobile, online and in-store networks personalize the consumer's path to purchase, delivering $7.9 billion in relevant consumer value each year. Catalina has no higher priority than ensuring the privacy and security of the data entrusted to us and maintaining the consumer trust paramount to the continued success of our business partners and Catalina. Based in St. Petersburg, FL, Catalina has operations in the United States, Europe and Japan. To learn more, please visit www.catalina.com or follow us on Twitter @Catalina.
The intent of this job description is to describe the major duties and responsibilities performed by incumbents of this job. Incumbents may be required to perform other job-related tasks other than those specifically included in this description.
All duties and responsibilities are essential job functions and requirements and are subjected to possible modification to reasonably accommodate individuals with disabilities.
We are proud to be an EEO employer M/F/D/V. We maintain a drug-free workplace.