Tech Risk Management

Description:

The Global Technology Chief Operating Office organization is seeking a Lead, Tech Risk Management- Privacy, who will collaborate with Global Technology’s various functional areas, individual business units/corporate functions, and other control functions to identify, mitigate, and improve areas of risk that may impact our organization. Reporting to the Global Technology Privacy Officer in the IT Operational Risk (ITOR) first line of defense, this role will help maintain the Global Technology Privacy program in line with the Company standards . In addition to deep expertise and experience, you will bring excellent problem solving, communication and teamwork skills, along with agile ways of working, strong business insight, an inclusive leadership attitude and a continuous learning focus to all that you do.

Here is What You Can Expect on a Typical Day  

Facilitate Global Technology adherence to the company’s Privacy Program, HIPAA, and related programs, as applicable, as well as any local or business-specific privacy requirements
Perform first line of defense privacy activities and promote Privacy by Design related to Global Technology’s implementation ensuring adherence to privacy policies, procedures, standards, and requirements
Coordinate demand from product and service owners, ensure all activities are reflected on the Kanban with GT-aligned priorities, benefits, business value, dependencies and risks
Assist with the annual privacy risk self-assessment process, lead and conduct privacy impact assessments and HIPAA privacy assessments; all with an eye to ensuring that appropriate controls are in place to mitigate privacy risks within the business/corporate function
Collaborate with technology and business stakeholders to participate in reviewing and documenting projects and processes pertaining to the collection, use, storage, and disposal of Personal Information within the organization
Maintain Global Technology’s inventory and data mappings to identify all systems, business processes, repositories, and third parties, where personal information is used, stored, or accessed
Enable the Global Technology to identify, investigate, and remediate privacy incidents (including privacy breaches) in a timely manner consistent with legal requirements, apply a lesson learned approach and ensure the Privacy incident platform is updated timely
Report on privacy incidents, operational risk events relating to privacy and key risk indicators occurring within Global Technology, and identity and follow up on privacy issues and action plans with the ability to drive incidents and issues to closure in a timely manner
Utilize educational tools including training and awareness sessions to reinforce strong privacy protection practices within Global Technology
Help drive the evolving privacy program and overall protection of personal information by helping educate key stakeholders on privacy compliance risks and privacy risk management; deliver training, streamline advice, update knowledge repository
Participate in continued privacy, technology and Information security education to build your knowledge and use to enhance the program

The Skills & Expertise You Bring  

Bachelor’s Degree or equivalent work experience
Proven experience of demonstrated success in leading, implementing, and executing IT operational risk processes and initiatives 
Core Risk/Governance Technical Skills: Should have technical acumen related to IT processes, practices and capabilities with subject matter knowledge of components and risks within Cloud, Information & Cyber Security, Agile development methodology, Computer and Network Infrastructure and Privacy 
Ability to develop, refine, and lead IT key risk indicators, and advance usage of risk data to identify and analyze trends, provide timely informative analytics and document risk appetite for key risks 
Knowledge of relevant global IT risk management frameworks (e.g., NIST, ITIL, ISO, COBIT, SANS) for development, maintenance, and enterprise alignment of the risk framework and taxonomy with enterprise processes, risk frameworks and reporting constructs 
Comprehension of relevant client, legal, and regulatory requirements and ability to perform compliance-based gap analysis using regulatory based frameworks, such as System & Organization Control (SOC 1 & 2) Sarbanes-Oxley Act (SOX), Health Insurance Portability and Accountability Act (HIPAA), European Union General Data Protection Regulation (GRPR), and California Consumer Privacy Act (CCPA) 
Ability to apply risk leadership skills in execution of IT operational risk and control assessments and third-party risk assessments, to determine risk opinion that product technologies and capabilities are fit for the risk appetite of the organization 
Knowledge of IT Governance, Risk, and Compliance (GRC) software (e.g., RSA Archer, IBM Open Pages, SAP GRC, ServiceNow GRC) for effective organization and utilization of IT risk data 
Ability to rapidly find, assimilate and correlate information correctly
Strong analytical, critical thinking skills and solution oriented
Ability to work independently and as part of a team with the ability to think outside the box
Demonstrated ability to influence with comfort and ability working between organizational structures to effect significant change, self-starter comfortable working independently and within a team environment 
Exceptional verbal and written communication skills, including the ability to connect, build relationships and influence business leaders, across all levels 
Lead and effectively leverage diverse ideas, experiences, thoughts and perspectives to the benefit of the organization. 
Knowledge of business concepts tools and processes that are needed for making sound decisions in the context of the company's business 
Ability to learn new skills and knowledge on an on-going basis through self-initiative and tackling challenges 
Excellent problem solving, communication and collaboration skills.