Data Protection and Privacy Supervising Associate - Technology Reviews

About The Position

Requirements

• Strong verbal and written communication skills
• Solid understanding of relevant firm business and area wide data protection issues and concerns
• Strong problem-solving skills
• Flexibility and the ability to take the initiative
• Ability to right-size risk
• Strong research skills
• Strong project management skills; ability to successfully handle multiple tasks
• Good working knowledge of information systems and common software packages
• Bachelor’s degree or equivalent work experience
• 5+ years of related experience

Nice To Haves

• Graduate degree or Juris Doctorate preferred
• Ability to reference existing firm data protection and privacy policies as well as knowledge and experience to review complex situations and assist in proposing solutions
• Strong knowledge of relevant global, national, and local data protection laws, regulations, and standards, as well as familiarity with other risk management initiatives outside of their specific area
• Sound understanding of high-level technology trends and issues surrounding data protection
• Privacy certification from ISACA or the International Association of Privacy Professionals (e.g., CIPP, CIPM, CDPSE, AIGP)

Responsibilities

• Drive compliance with legal and regulatory requirements as part of technology development and deployment at EY via interfacing with technology teams and performing data protection due diligence activities around systems/technology (i.e., Data Protection/Privacy Impact Assessments (PIAs)), vendors, and business processes.
• Interpret data protection and privacy laws and policies, determine required actions to standard and non-standard situations, and make recommendations based on firm guidance, professional standards, subject matter expertise, and acquired experience.
• Conduct data protection due diligence reviews of systems and technologies including Artificial Intelligence (AI) solutions to enable EY compliance with legal/regulatory, EY firm, and EY client data protection and privacy requirements.
• Conduct business process assessments and develop and maintain EY confidential and personal information inventory, in partnership with EY internal functions and service lines, to understand the types of information that require protection and to fulfill data protection regulatory requirements (e.g., Records of Processing Activities (ROPA)).
• Manage vendor due diligence reviews to assess data protection and privacy risks and ensure appropriate contractual, security, and data handling controls are in place.
• Collaborate with various functions across the organization, such as EY’s Information Security, Technology Risk Management, Service Line Quality, Talent, and members of the business to maintain visibility over technology deployment pipelines and to design and implement Data Protection by Design controls in order to protect confidential/personal information.
• Lead and support cross-functional data protection projects to strengthen operational processes and enable scalable compliance across the Americas.
• Create reports on various data protection compliance activities to be delivered to key program stakeholders, including senior leaders within the organization.
• Document, conduct, and assist others with investigations of data incidents (i.e., instances of loss, theft, or inappropriate disclosure of confidential/personal information).
• Collaborate with clients, internal functions, and EY service lines to understand root cause, assess impact, and develop remediation plans for data incidents.
• Continuously maintain and expand knowledge of field of expertise and communicate new developments and resulting impact to program stakeholders and team members.

Benefits

• Comprehensive compensation and benefits package
• Medical and dental coverage
• Pension and 401(k) plans
• Wide range of paid time off options
• Flexible vacation policy
• Designated EY Paid Holidays
• Winter/Summer breaks
• Personal/Family Care leave
• Other leaves of absence