Advyz- Privacy Consulting Manager
We are currently seeking a U.S. / Global Privacy subject matter advisor to lead and oversee privacy related projects for clients. Working closely with Entisys360/Advyz senior leadership and client senior leadership you will work with cross functional product teams throughout client organizations including sales, marketing, development, information technology, digital, etc.
As the Privacy subject matter advisor you will be responsible for the assessment, design & build, operationalization, and audit / monitoring of local, regional, and global privacy programs for our clients.
You will work to ensure that all products originating from, and operated by, the client(s) meet the enterprise standards for global privacy requirements (e.g. General Data Protection Regulation (GDPR)), associated advisories (e.g. Health Insurance Portability and Accountability Act (HIPAA)), state privacy requirements (e.g. California Consumer Privacy Act (CCPA), California Privacy Rights Act (CPRA), and other similar state legislation), and other regulatory requirements with domain requirements such as notice, choice and consent, privacy by design, data subject rights, data protection and security standards, privacy incident response, and third party risk management.
Keys to the ideal candidate’s success will include a strong drive for results, deep interpersonal skills, ability to operate in an organization with diverse cultural norms, maintain a consistent positive attitude, and be comfortable managing and coordinating cross functional teams including those with strongly held beliefs and in senior corporate positions. The ideal candidate will have a strong business acumen and familiarization with health care provider as well as other industries. Additionally, they will be able to understand and prioritize competing user stories, doing the right thing for the right reason, regulatory requirements, corporate culture, and the possibility of reputational and/or financial harm. They should also have strong organization and planning skills with a consistent track record for delivering commitments on time.
As a dynamic and entrepreneurial consultancy, Entisys360 offers ample opportunities for professional development and growth suited to each individual’s personal and professional goals. We offer internal, and subsidize external, trainings, and reimburse the cost of technology certification exams and / or renewals. Our family-owned business sees work life fit is a core value that all of our practitioners practice – the value you add to your team is more important than the time that you ‘clock in and out.’ As a small boutique consultancy, you will have numerous opportunities to interface with senior leadership, and benefit from mentorship internally and / or introductions through external networks to support your growth.
The work you will do for our clients
- Interface with business unit compliance, information security, architecture, engineering, and infrastructure teams to capture and present requirements specific to patient/consumer permissioned data while enabling opportunities across the enterprise
- Focus on the U.S. health care, consumer, and global regulatory requirements specific to the collection and protection of personally identifiable information /personal data along with primary and secondary use requirements
- Manage third party risk(s) and negotiate data requirements with third party providers
- Manage data provider relationships specific to the consumer permissioned data platform, including business associate agreements (BAAs)
- Analyze relevant business unit documents to create clear business and technical requirement specifications
- Analyze the technical and product requirements from a privacy perspective
- Ensure complete and current documentation of data sources, connections, and standards
- Support backlog prioritization and roadmap prioritization
- Provide analysis to support resource and financial planning
- Drive functional requirements with technical teams wrestling with product issues through to resolution
- Perform interviews and conduct workshops to dissect current state operations
- Apply risk management and information governance principles to our client’s data privacy and information protection environments
- Conduct research and analysis to maintain current knowledge of global data privacy regulations such as GDPR, PIPEDA, HIPAA, CCPA, VCDPA, CPRA, CMIA, Mass 201, etc.
- Support the execution of privacy maturity and risk assessment remediations
- Support the implementation of data privacy compliance processes
- Support data breach response planning and playbook development
- Guide clients through risk management and control implementation efforts
- Review and implement draft policies, standards, and other data privacy guidance documents and implement the policies within the organization
- Draft reports and deliver client read-outs
The work you will do for our business
- Create methods, frameworks, marketing and sales collateral, to support sales of our privacy services
- Support pre- and post- sales meetings and presentations with our clients, including development of proposal decks and statements of work (SOW)
- Maintain awareness of industry trends and evaluate applicability of new regulatory directions
- Obtain certifications relevant to job function
- Deliver projects with excellence and a client experience focus
- Develop collateral including whitepapers and other materials
- Mentor and train junior consulting team members
Qualifications & Desired Skills
- A four-year degree with a preference for an advanced degree in Business, Technology, or a Juris Doctorate
- 5+ years in a consumer-focused company or with a consulting firm in a client focused privacy role that included deep experience in healthcare, ecommerce, or a technology where you were able to demonstrably enhance business operations
- One or more certifications by the International Association of Privacy Professionals (IAPP) including CIPP/US, CIPP/E, CIPM, FIP, etc.
- Understand, and be able to, espouse the specifics of global regulatory requirements including the EU General Data Protection Regulation (EU GDPR), the upcoming EU E-Privacy Regulation, HIPAA, CCMIA, Texas H&SC 181, CCPA, the Virginia Consumer Data Protection Act (VDCPA), CAN-SPAM, COPPA, and other similar U.S. and global regulatory requirements
- Experience in third party risk management including vendor due diligence and privacy related vendor maturity / risk(s)
- Be able to voice insights on data compliance issues, etc.
- Ideally located in Southern California or expected travel up to 50% post COVID-19 travel restrictions
- Due to demands of our clients, we are presently implementing a COVID-19 vaccination policy that requires vaccinations for all employees