Education equivalent to Bachelor's Degree in Information Technology or the equivalent in related experience; Experienced privacy professionals preferred (Privacy consulting, CIPP, CIPM, CIPT); a J.D. or M.S. in Information Security is a plus.
Working knowledge of global data protection laws and regulations, including General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), Personal Information Protection and Electronic Documents Act (PIPEDA), etc.
Strong leadership abilities, with the capability to develop and guide IT team members and operations personnel, and work with minimal supervision.
Proficiency in performing risk, business impact, control and vulnerability assessments, and in defining treatment strategies.
Two to five (2-5) years of experience as a privacy analyst or equivalent experience.
Strong analytical skills to analyze security requirements and relate them to appropriate security controls.
Knowledge of data protection, security, privacy, data governance, and data lifecycle methodologies and concepts.
Familiarity with compliance regulations, IT, security frameworks and standards (i.e., NIST 800-X, ISO/IEC 27001, HIPAA, PCI, SOX).
Experience with Data Protection or Data Governance tools (e.g., risk analysis, data discovery, data mapping, data lineage, data loss prevention).
Experience working with legal, audit and compliance staff.
Experience developing and maintaining policies, procedures, standards and guidelines.
Project Management or Audit training / certification an asset.
Is it important that you work for a reputable and environmentally-conscious company? Are you driven by making a positive impact in a dynamic and flexible environment? Do you get excited about the opportunity to drive process improvements? If so, Stericycle is just what you're looking for! Apply now to start the conversation and become our Newest Team Member!
Data protection refers to the practices, controls, and requirements for safeguarding personal information from compromise, corruption, or loss. It aims to strike a balance between individual privacy rights while still allowing data to be used for business purposes. The importance of data protection increases as the amount of data created and stored continues to grow at exponential rates.
This position will work with the VP, Data Protection to build and implement a global privacy program and execute the supporting processes. This role will also support ongoing information governance initiatives, such as data retention and data classification.
Key Position Activities:
1) Work closely with business and technology departments to conduct privacy risk assessments, as well as to remediate identified risks for continuous privacy improvement.
2) Support the organization's efforts to monitor, educate on, and promote compliance with all federal, state, and international privacy requirements.
3) Support the data breach response plan and process.
4) Guide business and technology departments in the creation and maintenance of records of processing.
5) Support the fulfillment of data subject access requests.
6) Coordinate the creation and maintenance of privacy legal documentation.
7) Build and maintain effective working relationships with internal and external stakeholder groups.
8) Participate in data protection and information governance projects and initiatives.
9) Aid in the development of compliance-based metrics and reporting mechanisms to track privacy and data incident concerns as reported into or otherwise identified by compliance.
10) Support the organization's data classification efforts.
Stericycle is a global provider of specialized medical and hazardous waste management and secure information services for healthcare organizations and commercial businesses.