Data Protection and Privacy Supervising Associate - Technology Reviews

About The Position

Requirements

• Strong verbal and written communication skills
• Solid understanding of relevant firm business and area wide data protection issues and concerns
• Strong problem-solving skills
• Flexibility and the ability to take the initiative
• Ability to right-size risk
• Strong research skills
• Strong project management skills; ability to successfully handle multiple tasks
• Good working knowledge of information systems and common software packages
• Bachelor’s degree or equivalent work experience; Graduate degree or Juris Doctorate preferred
• 5+ years of related experience

Nice To Haves

• Ability to reference existing firm data protection and privacy policies as well as knowledge and experience to review complex situations and assist in proposing solutions
• Strong knowledge of relevant global, national, and local data protection laws, regulations, and standards, as well as familiarity with other risk management initiatives outside of their specific area
• Sound understanding of high-level technology trends and issues surrounding data protection
• Privacy certification from ISACA or the International Association of Privacy Professionals (e.g., CIPP, CIPM, CDPSE, AIGP)

Responsibilities

• Conducting data protection due diligence reviews of systems and technologies including Artificial Intelligence (AI) solutions in order to enable EY compliance with legal/regulatory, EY firm, and EY client data protection and privacy requirements.
• Conducting business process assessments and developing and maintaining EY confidential and personal information inventory, in partnership with EY internal functions and service lines, to understand the types of information that require protection and to fulfil data protection regulatory requirements (e.g., Records of Processing Activities (ROPA)).
• Managing vendor due diligence reviews to assess data protection and privacy risks and ensure appropriate contractual, security, and data handling controls are in place.
• Collaborating with various functions across the organization, such as EY’s Information Security, Technology Risk Management, Service Line Quality, Talent, and members of the business to maintain visibility over technology deployment pipelines and to design and implement Data Protection by Design controls in order to protect confidential/personal information.
• Leading and supporting cross-functional data protection projects to strengthen operational processes and enable scalable compliance across the Americas.
• Creating reports on various data protection compliance activities to be delivered to key program stakeholders, including senior leaders within the organization.
• Documenting, conducting, and assisting others with investigations of data incidents (i.e., instances of loss, theft, or inappropriate disclosure of confidential/personal information).
• Collaborating with clients, internal functions, and EY service lines to understand root cause, assess impact, and develop remediation plans.
• Continuously maintains and expands knowledge of field of expertise and communicates new developments and resulting impact to program stakeholders and team members.

Benefits

• medical and dental coverage
• pension and 401(k) plans
• a wide range of paid time off options
• flexible vacation policy
• designated EY Paid Holidays
• Winter/Summer breaks
• Personal/Family Care
• other leaves of absence