Sr. Manager/Director Level Privacy Officer (Contractor)
The Global Security and Privacy (GSAP) team is responsible for developing, implementing, and administering Catalina’s global security and privacy compliance program. With security, risk and privacy concerns so prevalent, Catalina’s GSAP organization’s mission is to protect Catalina’s brand by identifying and reducing risk across the enterprise to improve levels of privacy, cybersecurity, and resilience. GSAP will identify risks, recommend solutions, and handle investigations, breaches, and incidents to ensure Catalina has a trusted and private environment that provides Catalina and Catalina clients the freedom to innovate, grow, pursue strategic goals, and to do business anywhere and anytime.
CLIENT is seeking a senior privacy SME for a 6-month contractor. This person will be responsible for developing and leading CLIENT’s global personal and consumer privacy strategy with specific focus on U.S. The position will develop and implement a privacy program that aligns to the new privacy laws like CCPA. This position reports directly to the Chief Information Security & Privacy Officer. The primary location for this position is St. Petersburg, FL.
WHAT YOU WILL BE DOING
- Develop and manage a privacy program for consumer and personal data/personal information; and deploy required resources, policies, and procedures.
- Evaluate, lead, and ensure global compliance for GDPR, CCPA, and other applicable privacy laws.
- Monitor and respond to regulatory changes through regular review and revision of policies/documentation and internal procedures, ensuring compliance with global privacy laws.
- Modify/morph the current vendor management program into a third party compliance program to ensure that all agreements have appropriate data security and privacy terms.
- Work with operations and product development teams to ensure company products comply with applicable privacy laws and follow the concept of privacy by design.
- Review data mapping and lead privacy audit activities via OneTrust platform.
- Provide strategic direction to DPO’s and security champions to ensure alignment across the Privacy program.
- Stay up-to-date on GDPR, APPI, and other relevant privacy regulations.
- Through analysis, deliver guidance to ensure consumer experiences and internal data collection are consistent with Catalina’s privacy principles as well as applicable laws.
- Review and update Catalina’s Privacy Notice.
- Review, comment, and coordinate on contracts, security assessments/questions, DPIAs and other such tasks that align to information security and privacy.
- Evaluate and authorize any release of customer information and data, whether externally or for internal (affiliate) use, in strict conformance with the law.
- Performs or oversees second level review of all privacy related issues, requests, & complaints
- Handles all Data Subject Rights (DSR) requests; oversees & tracks completion and compliance within timelines.
- Encourage privacy best practices through consistent analysis, feedback, & follow-through with external teams.
- Periodically review Catalina’s information systems to monitor for privacy compliance
- Works with other members of the GSAP team to ensure alignment between security and privacy compliance programs including policies, practices, investigations, and acts as a liaison to the information systems department.
- Develops, informs, and delivers privacy training to Catalina employees and, in some cases, vendors.
- Provide guidance, recommendations, and supports the Vendor Assurance process, when needed, for vendor due diligence.
- Participates in breach preparedness training and readiness tests and supports the investigation of any potential breach incidents, including remediation.
- Support business initiatives regarding digitalization and mobility by ensuring proper privacy measures are implemented in the business solutions and related commercial contract terms
- Security and privacy by design; reviews proposed solutions and recommends the right security direction, or acceptable alternatives.
- Member of the incident response team; helps troubleshoot and remediate incidents.
- Establish and maintain a mechanism to track access to and use of PII, NPPI and other sensitive data as required by law and to allow qualified individuals to review or receive a report on such activity
- Review and provide input into compliance courses on the internal Learning Management System tool.
- Serve as primary point of contact from Legal and internal audit for any internal or external requests.
- Liaise with country, federal, and state regulators/supervisor authorities, as needed.
- Liaise with other team members and with the Legal department to maintain subject matter expertise, contribute to team knowledge, and maintain consistency with our business partners.
WHAT YOU BRING TO THE TEAM
- Bachelor’s Degree in Computer Science, Engineering, or other degree demonstrating focus on the intersection of technology, compliance, and policy, with 5 years relevant professional experience accepted in lieu of a degree.
- IAPP Certification
- 8 years of privacy experience
- Knowledge of CCPA, GDPR, APPI, and other privacy regulations that are in flight throughout the US states
- Must have foundational understanding of security controls, frameworks
- Knowledge of risk management, internal control principles, process control/improvement, & DR/BCP
- Experience implementing privacy and risk management frameworks at department and enterprise levels
- Experience working with Information Technology teams
- Experience working with, and influencing, business leaders in promotion of consistent practices and policy
- Strong ability to communicate the importance of privacy by design as a business differentiator and core value, beyond legal compliance
- Must be able to speak, read, and write English; effective verbal and written communication and skills
- Ability to successfully drive projects in collaboration with multiple stakeholders
- Adaptable to change and ambiguity; ability to work independently without direct supervision
ADDITIONAL PREFERRED SKILLS
- Master’s degree or JD
- Security certification such as CISSP, CISA, CISM
- Ability to speak and/or read a second language such as German, Japanese, Italian
CATALINA CORE VALUES
Be a trusted partner: Act with integrity and positive intent
Focus on the customer: Keep the needs of both internal and external customers as well as
consumers front and center
Act like an owner: Think holistically about how your role helps fulfill our Mission
Be innovative: Share and scale the best ideas regardless of origin
Strive for simplicity: Add meaning and eliminate complexity
Value personal and professional growth: Contribute to an environment that enables
individual, team and organizational success
The intent of this job description is to describe the major duties and responsibilities performed by incumbents of this job. Incumbents may be required to perform other job-related tasks other than those specifically presented in this description.
All duties and responsibilities are essential job functions and requirements and are subject to possible modification to reasonably accommodate individuals with disabilities.
We are proud to be an EEO employer M/F/D/V. We maintain a drug-free workplace.
Note to Recruiters and Placement Agencies: We do not accept unsolicited resumes from outside recruiters /placement agencies. Catalina will not pay fees associated with resumes presented through unsolicited means.