• Creating Data Flow diagrams capturing business processes and capabilities.
• Performing Supplier Assessments.
• Assessing risk and issuing recommendations.
• Monitoring compliance with regulations and internal policies in relation to the protection of personal data.
• Co-operating with regulatory authorities.
• Creating new policies, procedures and accountability frameworks.
• Reviewing third-party and data processor contracts in conjunction with Legal.
• Implementing data transfer agreements.
• Reviewing and providing advice on DPIA to business and IT stakeholders.
• Monitoring improvements to organizational and technical measures.
• Create and deliver training and awareness sessions.

Skills: Data Flow Diagram Creation, Supplier Assessment, Risk Assessment, Regulatory Compliance Monitoring, Policy Development, Contract Review, Data Transfer Agreements, Training Delivery

• Implementing and supporting the Vendor Privacy Assessment Process
• Ensuring assessments are completed on time
• Advising the business of any risks and ensuring these are documented
• Maintaining relationships with Security and Procurement teams to ensure the process runs effectively
• Assist and support the Privacy Compliance Manager in breach/non-compliance investigations
• Researching Global data protection laws to provide effective support for the business
• Creating materials and supporting in delivering face-to-face Privacy training and awareness for the business in key risk areas of marketing, HR, Sales and Operations
• Assessing and working with the business to ensure the web estate adheres to global privacy standards
• Assist in the development of guidance templates and the development of the internal portal to support the Privacy awareness communications plan
• Monitoring Compliance activities and effectiveness of internal controls by conducting assessments and audits
• Provide support for processing responses to rights requests

Skills: Vendor Risk Assessment, Regulatory Knowledge, Stakeholder Collaboration, Compliance Monitoring, Training Development, Risk Documentation, Web Compliance Assessment, Response Management

• Inform and advise GreenSlate global data privacy and security regulations (including but not limited to GLBA, GDPR, CCPA/CPRA, cross-border transfer, and emerging regulations)
• Communication and training of privacy and security regulation requirements
• Developing and implementing a robust compliance plan
• Ensuring privacy and data protection is taken into account ("by design") in services, products, and data architectures (including cloud)
• Collaborating with the relevant operational teams to ensure that Data Subject requests and complaints are addressed in a timely manner
• Data Loss Prevention (DLP) technology support, administration, and event handling
• Work with vendors to support the DLP technology (troubleshooting, upgrades, etc.)
• Understand and follow the incident response process through event escalations
• Monitor the industry landscape to keep visibility on evolutions, trends, and best practices related to Data Privacy.
• Use data anonymization, pseudonymization, and encryption to develop systems that preserve and improve privacy protections.
• Ensuring identification and classification of personal and other controlled data across the enterprise and in enterprise repositories

Skills: Regulatory Compliance, Privacy Training, Compliance Planning, Privacy by Design, Data Subject Requests, Data Loss Prevention (DLP), Incident Response, Data Classification

• Provide accurate and timely advice, guidance and training to the business on data protection and privacy-related matters to allow the business to follow the appropriate regulations and internal policies and standards.
• Lead the review of internal policies, guidance, and promotional literature, about any necessary references to data protection and privacy, to ensure we maintain compliance with legislation/regulation and group-wide standards.
• Provide advice on, and where appropriate lead the drafting of responses to Subject Access Requests under the Data Protection Act, liaising with the Information Commissioner’s Office (ICO) about data privacy complaints as necessary.
• Review privacy breaches and incident reports. 
• Advise and support Privacy Representative's (i.e nominated individuals within the business and BUCOs) investigations and resolution of privacy breaches, both within and outside business to ensure the business minimizes such events
• Monitor developments in relation to forthcoming European Data Protection regulation and advise on actions to assist implementation planning
• Produce and analyze data privacy-related management information, ensuring data privacy incidents and near misses are recorded in the Governance, Risk and Compliance (GRC) framework.
• Provide support to the wider compliance function as necessary in relevant administration tasks
• Working with key stakeholders on data privacy matters
• Coordinating and supporting the global Data Privacy Team in tasks
• Proactive research on global privacy regulations

Skills: Data Protection Advisory, Policy Review and Compliance, Subject Access Request Management, Incident Review and Response, Privacy Breach Investigation, Regulatory Monitoring, Data Privacy Reporting, Stakeholder Collaboration

• Fostering a data protection culture across the company
• Support the Information Security Risk Analyst, the Data Protection Officer and the wider Information Security and Privacy team
• Supporting the company in implementing the essential elements of GDPR
• Engaging with the relevant regulatory authorities for example the Data Protection Commission (DPC) on personal data breach reporting, complaints, and investigations
• Monitoring GDPR compliance across the company and reviewing documents that evidence Privacy by Design, including Records of Processing (ROPAs) and Data Protection Impact Assessments (DPIAs)
• Providing data protection advice to business areas across the group, including supporting data protection projects across the organization
• Providing advice on behalf of the DPO to the wider business from a data protection perspective
• Producing management information, communications, and ad-hoc reporting
• Acting as a point of escalation for the Data Protection Officer (DPO)
• Maintaining Policies and Procedures related to Data Protection and Security
• Managing the Data Protection mailbox (DPO)
• Monitoring privacy & risk compliance across all of the company's 3rd Parties
• Supporting the Information Security & Privacy team in identifying and managing IT and cyber security risks in an effective and efficient manner

Skills: Data Protection Culture Development, Regulatory Engagement, GDPR Implementation Support, GDPR Compliance Monitoring, Data Protection Advisory, Management Information Reporting, Policies and Procedures Maintenance, Cybersecurity Risk Management

• Experience in information risk management, compliance audit, or similar governance operations function
• Knowledge of key privacy laws and regulations such as GDPR, CCPA, CPRA, CDPA, and interest to stay up-to-date on privacy regulation developments
• Strong collaboration and partnering skills to influence and build working relationships that enable business results
• Strong analytical skills to weigh the costs and benefits of possible actions, examine risks, and identify the best course of action for the business
• Strong communication skills to engage with partners across all levels in the business
• Strong data analysis skills
• Experience in financial services or a highly regulated industry
• Experience in data management, data governance, or other data-intensive roles preferred
• Experience in enterprise risk management
• Knowledge and use of a Governance, Risk and Compliance system, such as Archer or ServiceNow GRC
• Familiarity with national and global industry practices and regulations in Privacy, Risk, and Security compliance, including CCPA/CPRA, VCDPA, CPA, GDPR, PIPL, China DSL, etc.
• Familiarity with Data Privacy Risk Management market tools

Qualifications: BA in Information Systems with 5 years of Experience

• Experience in security systems administration
• Experience with technical hands-on data protection practitioner experience.
• Familiarity with administering directory services, databases, role-based access, DLP, data classification and governance solutions.
• Familiar with regulatory requirements and laws such as Payment Card Industry (PCI), Federal Financial Institutions Examination Council (FFIEC), Sarbanes-Oxley Act (SOX), HIPAA, GDPR, California Consumer Privacy Act (CCPA) and Gramm-Leach-Bliley Act (GLBA).
• Experience in one or more of the following frameworks such as ISO 17799, ITIL, NIST Cybersecurity Framework (CSF).
• Experience with one or more scripting languages (e.g., Python, PowerShell and Bash).
• Track record acting with integrity, taking pride in work, seeking to excel, and being curious and flexible.
• Strong written and oral communication skills across varying levels of the organization.
• Understanding of data protection principles and control frameworks.
• Organized with the ability to prioritize and complete tasks within defined SLAs.
• Excellent judgment and the ability to make quick decisions when working with complex situations.

Qualifications: BS in Data Science with 4 years of Experience

• Ability to contextualize privacy requirements in communication with business stakeholders
• Ability to develop privacy-related awareness and organizational communications
• Experience managing data privacy initiatives in a global organization
• Ability to develop information-sharing governance with partnering business departments
• Ability to ensure privacy is included within the Incident Response and Business Continuity plans including related tabletop exercises.
• Ability to develop and maintain effective relationships with business stakeholders
• Experience in privacy, compliance or risk management
• Competent project management capabilities
• Proficient communication and continuous personal development
• Significant experience in maintaining effective relationships with business stakeholders
• Privacy-specific experience with privacy laws and regulations i.e., CCPA, PIPEDA, GDPR

Qualifications: BA in Cybersecurity with 3 years of Experience

• Understanding of Privacy principles, and experience with other Risk & Compliance topics
• Good understanding of GDPR, CCPA, and other global privacy regulations
• Solid communication and customer relationship skills
• Fantastic communication and customer relationship skills
• Strong collaboration and partnering skills with the ability to positively influence and motivate teams
• Ability to work in a fast-paced environment with minimal supervision
• Experience with cybersecurity or information technology practitioner experience.
• Experience with security systems administration with data protection management solutions
• Experience with endpoint, network or application security solutions.
• Ability to possess Information privacy certification(s) i.e., CIPP/US, CIPP/E
• Experience with privacy platforms and technologies

Qualifications: BS in Computer Science with 5 years of Experience

• Experience with a strong focus on data privacy, particularly compliance with the GDPR
• A high standard of technical knowledge in data privacy obligations under the GDPR.
• Experience fostering a data protection culture within the organization and helping to implement elements of the privacy program.
• Previous operational experience in using OneTrust
• Experience with CIPP/US, or CIPP/E
• Demonstrated organizational skills
• Critical thinking skills, attention to detail, and resourcefulness
• Strong interpersonal skills, organizational savvy and an ability to influence others
• Ability to think creatively to resolve issues
• Strong project management skills 
• Fluency in English, Japanese
• Strong written and verbal communication skills

Qualifications: BA in Information Technology with 2 years of Experience