Essential Duties And Responsibilities (Include But Not Limited To)

To perform this job successfully, an individual must be able to perform each essential duty satisfactorily.

• Builds, maintains and/or executes a strategic and comprehensive data protection program that defines, develops, maintains, and implements policies and processes that enable consistent, effective information privacy and security practices which minimize risk and ensure the confidentiality, integrity and availability of sensitive and/or protected information assets, paper and/or electronic, across all media types. Ensures data protection forms, policies, processes, standards, and procedures are up-to-date.
• Collaborate with other members of the information security and privacy team to ensure alignment between security and privacy compliance programs including policies, practices, investigations, and acts as a liaison to the organization's technical and business stakeholders.
• Works with organization senior management, risk, and legal counterparts to establish governance for the data protection program.
• Serves in a leadership role for privacy and security compliance in their area of accountability and across the organization.
• Develops and delivers initial and ongoing privacy and security training to the workforce.
• Initiates, facilitates, and promotes activities to foster information privacy and security awareness within the organization.
• Performs or oversees initial and periodic privacy and security risk impact assessment/analysis, mitigation, and remediation.
• Conducts related ongoing compliance monitoring activities in coordination with the organization's other compliance and operational assessment functions.
• Takes a lead role to ensure the organization has and maintains appropriate privacy and confidentiality consents, authorization forms, and information notices and materials reflecting current organization and legal practices and requirements.
• Participates in the development, implementation, and ongoing compliance monitoring of all data controllers, processors, business associates, and associated legal agreements to ensure all privacy and security concerns, requirements, and responsibilities are addressed.
• Works cooperatively with applicable organization units in overseeing data subject rights and facilitation of data subject and/or legal requests, when appropriate.
• Establishes, maintains, and administers a process for investigating and acting on privacy and security complaints.
• Establishes, maintains, and administers an ongoing process to track, investigate, and report inappropriate access and disclosure of sensitive and/or protected information. Monitor patterns of inappropriate collection, access, and disclosure of sensitive and/or protected information.
• Performs required breach risk assessment, documentation, and mitigation. Works with key sta