Senior Data Protection & Privacy Manager
San Francisco, CA

Job Description

Verisign, a global provider of domain name registry services and internet infrastructure, enables internet navigation for many of the world's most recognized domain names. Verisign enables the security, stability, and resiliency of key internet infrastructure and services, including providing root zone maintainer services, operating two of the 13 global internet root servers, and providing registration services and authoritative resolution for the .com and .net top-level domains, which support the majority of global e-commerce. To learn more about what it means to be Powered by Verisign, please visit Verisign.com.

Verisign's Governance Risk and Compliance team is looking for a strong hands-on leader who will oversee the execution of the Data Protection and Privacy program, working with cross-functional stakeholder groups to appropriately identify, track, and manage data protection and privacy. The role will also serve as a liaison to the Verisign Data Protection Officer (DPO), ensuring the DPO's requirements are incorporated into the program. The Senior Manager - Data Protection & Privacy will be primarily responsible for maintaining the enterprise-wide data protection and privacy compliance framework including its guiding principles, policies and procedures, risk management processes, and awareness and training.

Primary Responsibilities:

* Develop, implement and oversee all aspects of a comprehensive, enterprise-wide data protection and privacy program; including conducting periodic risk assessments; developing and implementing associated policies, standards, procedures and guidelines; and developing and delivering training and education to the organization
* Collaborate with Verisign DPO to perform enterprise-wide General Data Protection Regulation (GDPR) audit, risk, and compliance efforts
* Serve as a subject matter expert to internal security, privacy, and compliance stakeholders on specific topics/issues to enhance the performance of the tools and processes to support General Data Protection Regulation (GDPR)
* Provide oversight to the data mapping activities to facilitate compliance with regulations such as GDPR, CCPA, etc.
* Maintain, update and complete data mapping for the in-scope data in the privacy tool implemented by Verisign
* Communicate and champion the data protection program and related policies, standards, and procedures
* Report to management about the effectiveness of data protection, and make recommendations for the adoption of new procedures or controls
* Identify key measurement criteria, mechanism for data collection and dissemination, and trend analysis for the enterprise-wide data protection and privacy program
* Collaborate with Verisign DPO and the Law Department to translate corresponding applicable laws and regulations into data protection requirements
* Collaborate with cross-functional stakeholder groups to develop data protection impact assessment methodologies across the teams

Required:

* 10 years of progressively responsible experience in information security governance, risk, compliance, and program management
* 10 years developing data protection policies, risk assessments and compliance programs
* 5 years of experience leading teams and managing others in a matrixed environment
* 3 years of experience in data protection and privacy program development, policy development and ongoing program management
* Bachelor's degree in computer science, or related field or equivalent work experience
* Experience designing and managing enterprise-wide data protection policies and compliance programs
* Experience in assessing data security, compliance, and privacy risks around emerging and existing technologies, regulations, and trends
* Knowledge of standards, laws and regulatory environment and impact on data protection and privacy requirements (GDPR, Privacy Shield, CCPA, etc.)
* In depth knowledge of information security standards, assessments and risk frameworks
* Ability to think through complex problems, determine proper analytical processes and procedures, independently derive conclusions, and present results to management
* Excellent written and oral communication skills
* Ability to summarize and communicate technical data to a non-technical audience
* Must be highly-motivated, with a strong work ethic, and able to work effectively under minimal supervision

Preferred:

* Professional security management or privacy certification preferred, such as a Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC), Certified Information Privacy Professional - Europe (CIPP/E), Certified Information Privacy Manager (CIPM), or Certified Information Privacy Technologist (CIPT)