Position Details: Lead - Governance, Risk & Compliance

Location: San Francisco, CA

Responsibilities:

1. Develop Data Privacy and Ethics Strategies:

•Lead the development, implementation, and enforcement of data privacy and ethics compliance strategies across the organization.

•Align the company's operations with global data protection regulations (e.g., GDPR, CCPA, HIPAA, etc.) and ethical standards.

•Design and update policies to reflect changes in data protection laws, ethical best practices, and emerging risks in the industry.

2. Regulatory Compliance:

•Ensure that the organization’s data handling, storage, processing, and sharing practices comply with relevant local and international data protection laws and regulations.

•Monitor and analyze changes in data privacy regulations and assist in adapting the organization’s practices to remain compliant.

•Oversee the company’s compliance with privacy rights, including handling data subject requests (e.g., access, correction, deletion requests).

•Conduct regular audits and assessments to identify potential compliance gaps and implement corrective actions.

3. Risk Management and Mitigation:

•Identify and assess data privacy risks across all business units, including internal and third-party data processing practices.

•Develop and implement risk mitigation strategies for handling sensitive information and personal data.

•Collaborate with the security team to ensure data protection measures are in place and effective.

4. Privacy Impact Assessments (PIAs) & Data Protection Impact Assessments (DPIAs):

•Conduct Privacy Impact Assessments (PIAs) and Data Protection Impact Assessments (DPIAs) to evaluate the potential impact of new projects, systems, or processes on data privacy.

•Provide recommendations on how to minimize risks to personal data during the development of new products or services.

5. Internal Training and Awareness:

•Develop and deliver training programs to raise awareness of data privacy policies, ethics standards, and compliance requirements across the organization.

•Provide guidance to employees on the ethical handling of data, promoting a culture of compliance and responsibility.

•Foster awareness of the organization’s ethical standards, ensuring employees understand the importance of data privacy in day-to-day operations.

6. Policy and Documentation:

•Create, maintain, and update data privacy and ethics policies, ensuring they meet legal requirements and are easily accessible to relevant stakeholders.

•Ensure clear documentation of data processing activities, including data collection, sharing, storage, and retention practices.

•Regularly review and revise policies to ensure they reflect best practices and align with current regulations.

7. Third-Party and Vendor Management:

•Ensure that third-party vendors, partners, and service providers adhere to the organization’s data privacy and ethical standards.

•Conduct regular audits of third-party contracts, ensuring data privacy clauses are present and being followed.

•Negotiate and implement data protection agreements with third-party vendors and ensure that adequate safeguards are in place when transferring data.

8. Incident Management and Breach Reporting:

•Respond to data privacy incidents, breaches, or violations by leading investigations, reporting findings, and implementing corrective actions.

•Ensure compliance with breach notification requirements, including timely reporting to regulators and affected individuals when necessary.

•Work with legal and security teams to develop and implement incident response plans specific to data privacy breaches.

9. Stakeholder Communication:

•Act as the main point of contact for all data privacy-related issues within the organization, including communication with executives, employees, regulators, and external stakeholders.

•Prepare and present regular reports on compliance status, data privacy incidents, and strategic initiatives to senior leadership.

10. Ethical Business Practices:

•Advocate for and ensure that ethical considerations are integrated into business practices, particularly with regards to data usage, privacy, and security.

•Review the organization’s operations and initiatives to ensure they align with corporate social responsibility (CSR) goals and ethical standards.

•Ensure the organization’s use of data aligns with its stated values and commitment to protecting individuals' privacy rights.

11. Stay Informed and Up-to-Date:

•Keep up to date with evolving data privacy laws, regulations, and ethical standards to ensure ongoing compliance.

Participate in industry groups, attend conferences, and maintain professional certifications to stay ahead of trends and challenges in data privacy and ethics.

Requirements: -

*Minimum of 10 years of total experience

1.Educational Background:

Bachelor’s or Master’s degree in Law, Information Security, Business Administration, or a related field.

 Certification in data privacy (e.g., CIPP, CIPM, or equivalent) or legal qualifications related to compliance (e.g., JD, LLM).

2.Technical Skills:

•In-depth knowledge of data privacy laws and regulations, including GDPR, CCPA, HIPAA, and other global data protection regulations.

•Experience with privacy and compliance tools, risk management platforms, and privacy impact assessments.

•Familiarity with security technologies and practices used in data protection (encryption, access controls, etc.).

•Understanding of ethical frameworks in business operations, including corporate social responsibility (CSR) and sustainability goals.

•Strong understanding of corporate ethics standards, data ethics, and the importance of responsible data handling.

•Knowledge of ethical AI and the implications of data usage in machine learning and AI models

3.Soft Skills:

•Excellent communication skills, both written and verbal, to clearly explain complex privacy concepts to both technical and non-technical stakeholders.

•Strong analytical and problem-solving skills to evaluate risks and create practical solutions

•Ability to manage sensitive and confidential information while maintaining the highest ethical standards.

•Strong organizational and project management skills, with the ability to manage multiple compliance initiatives and tasks simultaneously.

•Leadership and the ability to influence others to adopt a data privacy culture.

4.Experience:

•10+ years of experience in data privacy, compliance, legal, or ethics roles, ideally within a technology, finance, healthcare, or large enterprise environment.

•Experience with data protection frameworks, audits, and certifications (e.g., ISO 27001, SOC 2).

•Familiarity with data management and security best practices.

•Experience working in a cross-functional environment and interacting with various departments, including IT, legal, security, and operations

5.Preferred Qualifications:

•Experience with managing data privacy in a multi-jurisdictional, international environment.

•Expertise in handling data privacy in emerging technologies like AI, IoT, and blockchain.

•Certification or membership in professional organizations such as the International Association of Privacy Professionals (IAPP).

•Knowledge of privacy-enhancing technologies (PETs) and their application in data protection.

6.Work Environment:

•Collaborative and fast-paced work environment.

•Opportunity to work with state-of-the-art technologies.

•Supportive and dynamic team culture

#LI-AD1