ERT is looking to hire a Data Privacy Engineer to contribute as part of the Data Privacy Team, to all on-going activities related to the development, implementation, maintenance of, and adherence to the company's data privacy and security governance program. This person will be the technical advocate for privacy decisions and discussions across the company and relied upon to provide engineering and product teams with the privacy expertise necessary to make confident product decisions.
- Play a key role in driving architecture reviews, as well as global cross-company privacy reviews of products and services, aligned to ISO/IEC 27001, HIPAA/HITECH, and 21CFR Part 11 compliance.
- Conduct “privacy-by-design” technical reviews for new products and services, ensuring required data privacy impact assessments are completed, where required, and identify any privacy concerns. Work closely with technical and non-technical teams, including R&D, Product Management, IT, and any other applicable stakeholders.
- Provide product teams with the guidance and best practices to help protect data subjects’ privacy and mitigate any risk.
- Work closely with IT-Security to ensure “security-by-design,” to ensure company-wide product and services define, implement, and document perimeter and internal network controls, host-based security controls, applications access controls and data access controls.
- Implements, and manages, integration of privacy-software solutions used across the organization to support Program compliance.
- Under the direction of the DPO, in accordance with the Program monitoring schedule, perform on-going monitoring of all company business units; document the results and implement any corrective actions or remediations that may be required.
- Participate in internal and external data privacy audits, such as GDPR and HIPAA compliance.
- In collaboration with other Data Privacy Team members, ensure applicable privacy and security requirements are incorporated in Policies, SOPs, and other controls, implemented for a project, product, or platform.
- Act as a data privacy and compliance liaison, under the direction of the DPO, to the business, to ensure compliance with applicable data protection laws, such as GDPR, CCPA, and HIPAA.
- Under the direction of the DPO, develops Program report metrics, e.g. against data privacy impact assessments, to aid the DPO in presenting Program metrics to the executive management team.
- Maintains all related Program data in the central database to ensure that accurate and concise information is obtained and captured to allow reporting of Program-related obligations.
- Provides general support and assistance to the DPO, when necessary, including filing, generating outgoing correspondence, archiving, and any other privacy and security-related projects necessary to support the Program.
- Participates in meetings with the Data Privacy Team, and other departmental meetings, as needed.
OTHER DUTIES AND RESPONSIBILITIES:
- Serve as an internal advisor, to the business, to efficiently (and effectively) manage internal (and external) data privacy inquiries.
- Provide any due diligence support required for external vendors, including review of any required data privacy impact assessment checklist(s) and full assessment.
- Stay abreast of global privacy legislation and regulatory requirements.
- Provides other support, as necessary, by the DPO.
The duties and responsibilities listed in this job description represent the major responsibilities of the position. Other duties and responsibilities may be assigned, as required. ERT reserves the right to amend or change this job description to meet the needs of ERT. This job description and any attachments do not constitute or represent a contract.
- B.S. or M.S. in Computer Science, Information Systems, or related field or equivalent experience.
- Demonstrated technical knowledge of architecture reviews, aligned to ISO/IEC 27001, HIPAA/HITECH, and 21CFR Part 11 compliance.
- Possess one or more advanced professional privacy or security certifications related to chosen discipline (e.g. CIPP, CISSP, etc.) is highly-desired.
- 4+ years of work experience in privacy engineering or security engineering.
- Demonstrated experience working IT, Security, and R&D teams to achieve a coordinated privacy and security practice.
- Experience working in a highly-regulated industry, ensuring compliance with GDPR, CCPA, HIPAA and other regulatory requirements.
- Experience communicating highly-technical concepts to a non-technical audience.
- Have defined, documented, implemented, and established privacy policies and procedures across the organization.
- Ability to manage and communicate with multiple stakeholders in a fast-paced work environment.
- Effective organizational, analytical, confidentiality, multi-tasking, and time management skills.
- Strong presentation skills, particularly in the development of professional and thoughtful materials.
- Excellent judgment, attention to detail, communication and direct customer skills, plus the ability to work as part of a team, as well as an individual contributor.
- Must be able to travel both domestic and internationally (~10-15%)
We are an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status, or any other characteristic protected by law.