Data Protection and Privacy Senior Associate

About The Position

Requirements

• Strong verbal and written communication skills
• Solid understanding of relevant firm business and area wide data protection issues and concerns
• Strong problem-solving skills
• Flexibility and the ability to take the initiative
• Ability to right-size risk
• Strong research skills
• Strong project management skills; ability to successfully handle multiple tasks
• Good working knowledge of information systems and common software packages
• Bachelor’s degree or equivalent work experience
• 1-4 plus years related experience

Nice To Haves

• Ability to reference existing firm data protection and privacy policies as well as knowledge and experience to review complex situations and assist in proposing solutions
• Strong knowledge of relevant global, national, and local data protection laws, regulations, and standards, as well as familiarity with other risk management initiatives outside of their specific area
• Sound understanding of high-level technology trends and issues surrounding data protection
• Privacy certification from ISACA or the International Association of Privacy Professionals (e.g., CIPP, CIPM, CDPSE, AIGP)
• Graduate degree or Juris Doctorate preferred

Responsibilities

• Conducting data protection due diligence reviews of business processes and data processing activities in order to enable EY compliance with legal/regulatory, EY firm, and EY client data protection and privacy requirements
• Developing procedures operationalizing data protection compliance measures, and monitoring and assessing adherence to implemented controls
• Collaborating with various functions within the organization, such as Talent, Finance, Service Line Quality, and business teams to maintain visibility over evolving and new processing activities and bake in Data Protection compliance measures as appropriate
• Creating reports on various data protection compliance activities to be delivered to key program stakeholders, including senior leaders within the organization
• Documenting, conducting, and assisting others with investigations of data incidents (i.e., instances of loss, theft, or inappropriate disclosure of confidential/personal information)
• Collaborating with clients, internal functions, and EY service lines to understand root cause, assess impact, and develop remediation plans
• Developing and maintaining EY confidential and personal information inventory, in partnership with EY internal functions and service lines, to understand types of information that require protection and to fulfil data protection regulatory requirements (e.g., Records of Processing Activities (ROPA))
• Continuously maintains and expands knowledge of field of expertise and communicates new developments and resulting impact to program stakeholders and team members
• Participates in various ad-hoc Data Protection and Privacy projects, as needs develop

Benefits

• Competitive compensation package where you’ll be rewarded based on your performance and recognized for the value you bring to our business
• Medical and dental coverage
• Pension plans
• 401(k) plans
• Minimum of 18 days of paid time off with additional time based on your level and years of service
• 12 observed holidays
• Range of programs and benefits designed to support your physical, financial and social well-being
• Comprehensive compensation and benefits package
• Wide range of paid time off options
• Flexible vacation policy
• Time off for designated EY Paid Holidays
• Winter/Summer breaks
• Personal/Family Care
• Other leaves of absence when needed to support your physical, financial, and emotional well-being