Privacy Operations Manager

Summary

Join Precision Medicine Group as a Privacy Operations Manager and operationalize our Privacy Program, ensuring compliance with global data protection regulations. Maintain and improve privacy processes, overseeing data subject access requests and incident response. Conduct privacy risk assessments and audits, and manage the Privacy Asset Owner Network. Develop and deliver privacy training programs, promoting a culture of privacy and data protection. Collaborate with IT and security teams to embed privacy controls in systems and processes. Track and report on privacy KPIs and metrics to senior leadership. This critical role requires strong knowledge of privacy regulations and IT technology, excellent communication and project management skills.

Requirements

• Bachelor’s degree in Information Security, IT, Data Management or Privacy related field (Master’s or JD preferred)
• 5+ years of experience in security, privacy, compliance, or data protection roles
• Strong knowledge of technical and organizational standards necessary for compliance with privacy regulations e.g., HIPAA, GDPR, CCPA, PIPIA
• Experience with IT technology and tools that can be leveraged for privacy management
• Excellent project management and communication skills

Responsibilities

• Implement and maintain privacy relevant procedures, processes as well as technical and organizational measures and standards
• Maintain and improve privacy processes, e.g. data onboarding, repurposing, retention or deletion, as well as data subject access requests, incident response, and privacy impact assessments (PIAs)
• Execute privacy relevant internal monitoring / audits against operational privacy requirements
• Oversee the intake, tracking, and fulfillment of data subject access requests (DSARs). Ensure timely and accurate responses in accordance with legal requirements
• Support QA and IT functions in review of privacy incidents, allocation them to appropriate workflows, developing review standards, checklists and templates facilitating quality driven efficient incident management
• Conduct privacy risk assessments and audits against risk matrix agreed with Head of Privacy and DPO, in particular for
• Support external privacy risk assessments and compliance reviews
• Maintain records of processing activities (RoPA) and data inventories using these to generate privacy risk insights and suggest operational / process activities or relevant configurations
• Keep and engage with Privacy Asset Owner Network by relevant communication, periodic trainings, acting on support inquiries and ensuring Owners are supported in their Privacy Asset configurations and processes
• Develop and deliver privacy training and awareness programs across the organization, focusing on practical and operational privacy compliance
• Promote a culture of privacy and data protection
• Liaise with IT on available IT technology potentially supporting privacy management, e.g. DLP, Smarsh etc
• Collaborate with IT and security teams to ensure privacy controls are embedded in systems and processes
• Track and report on privacy KPIs and metrics to senior leadership
• Prepare documentation for regulatory inquiries and audits

Preferred Qualifications

• Ability to work independently to suggest solutions, configurations, technology use cases and process improvements
• Strong analytical and problem-solving skills
• Ability to work in an organized and planned manner tracking progress against time
• Strong technical background and understanding of latest privacy relevant technology to act as interface between Legal and IT
• Familiarity with data governance and cybersecurity principles
• Experience working in a multinational or highly regulated environment
• Certifications such as CIPP/US, CIPM, or similar are a plus

Benefits

• Health insurance
• Retirement savings benefits
• Life insurance
• Disability benefits
• Parental leave
• Paid time off for sick leave and vacation
• Discretionary annual bonus