Privacy & Data Compliance Specialist - USDS

We seek a highly motivated, experienced, and dynamic professional to join our team. This is an opportunity to work on the most innovative platform in the industry, strengthening security and privacy, in our mission to Inspire Creativity and Enrich Lives. The Privacy and Data Compliance Specialist plays an important role in advancing our privacy practices at USDS, through aligning USDS privacy practice with the global privacy compliance framework (PCF), working closely with global legal, R&D, Privacy and Data Protection Offices (PDPO) as well as USDS privacy operation teams. The ideal candidate will have a strong background in privacy compliance assessment, a deep understanding of privacy control mechanisms at the technical layers, and a passion for privacy considerations from an end-user perspective. Initially reporting to the Head of Privacy and Integrated Security, the reporting structure may evolve as the capability grows.

In order to enhance collaboration and cross-functional partnerships, among other things, at this time, our organization follows a hybrid work schedule that requires employees to work in the office 3 days a week, or as directed by their manager/department. We regularly review our hybrid work model, and the specific requirements may change at any time.

Responsibilities
- Collaborate with global PDPO to ensure alignment with the global privacy compliance framework (PCF). Promote the global framework within USDS operating arms.
- Actively support privacy compliance assessments, identifying gaps in the alignment of operations with the global Privacy Compliance Framework (PCF), including privacy controls and safeguards across a broad spectrum of products.
- Based on identified gaps, draft and implement necessary policies, processes, and Standard Operating Procedures (SOPs) to formalize privacy practice and improve privacy operations at USDS, continuously improving USDS privacy posture while contributing to the broader global privacy framework.
- Build strong relationships with global and US stakeholders. Build rapport with R&D/PDPO and US privacy operations. Champion privacy best practices of global impacts and integrate them into USDS operations.
- Support privacy risk assessments with a focus on control implementation. Provide actionable recommendations to mitigate identified risks and enhance privacy compliance.
- Demonstrate empathy towards business and engineering cost considerations while advocating for robust privacy practices.
- Engage in special projects and additional responsibilities may be needed as the team expands and capabilities are enhanced.

Qualifications

Minimum Qualifications
- Major in information security, computer science, law or a related field. Candidates with significant relevant experience in security, privacy and data protection fields will also be considered in lieu of a formal degree.
- 3-5+ years of compliance experience. Excellent fundamental knowledge of industry standards frameworks (NIST Privacy Framework, ISO 27001, ISO/IEC 27701, NIST RMF, ISO 31000, IAPP guidelines, etc.)
- Must be able to adapt to the people, process and technology complexities in a large enterprise.
- Understand the laws and regulations of important countries, such as GDPR, CCPA, COPPA, etc..
- Familiar with PIA/DPIA methods, and able to propose practical and feasible privacy controls based on the results of privacy risk assessment, with considerations on business processes, technical solutions and capabilities.

Preferred Qualifications
- Experience presiding over GDPR/CCPA external compliance reviews, SOC2, ISO27001, ISO27701 system construction, data governance system construction, etc.
- Familiar with common technical features of mobile/web/server/data platforms of Internet platforms.
- Candidates who are familiar with data governance and data security technology solutions
- Certifications such as CIPT, CIPM, CIPP, CISSP, CRISC, etc.