We are currently looking for an AVP, Privacy Officer & Privacy Counsel to lead and guide the development and execution of the US Privacy Office. This includes non-IT data security practices in alignment with the business and in compliance with US laws, regulations and standards. The AVP will champion an organizational culture where privacy and information security are a priority, as well as working collaboratively cross-functionally to guide, influence and communicate appropriate levels of governance.
The AVP will plan, direct, and execute activities for the Privacy Office domestically with accountability for multiple complex and high priority projects, including:
US Privacy Office
Serve as designated privacy subject matter expert for Assurant domestically. Operate as the main contact internally and externally on privacy and security issues. Collaborate with other privacy officers to create, implement, and champion a holistic approach to privacy and security across and throughout Assurant through direction and guidance to other business units within the company on key privacy and information security issues that affect the organization.
Develop strategic plans to ensure that long-term goals, vision, objectives, and overall direction of the Privacy Office support corporate long-term goals and objectives and determining resource requirements (i.e.; staffing, funding, equipment) based on business objectives or operational needs in conjunction with the Deputy Chief Compliance Officer.
Operate as primary legal counsel on all privacy and information security issues, including contract negotiations, regulatory matters and mergers and acquisitions activities.
Guide, interface and influence interactions and communications with senior level leaders on governance of the strategies of the Privacy Office.
Work cross-functionally with legal and IT security to provide direction and guidance on Enterprise wide projects. The scope of this position is expansive as it interfaces globally across the organization and varying levels of leadership.
Stay abreast of, and be accountable for, compliance with ever changing privacy laws, regulations and industry standards. Guiding and developing governance and processes to ensure compliance and mitigate risk.
Policies and Procedures
Develop and oversee the creation, implementation, and maintenance of privacy and information security policies and procedures at the business unit, consistent with the corporation’s compliance standards and aligned with the corporate strategy.
Drive the privacy and information security policies, standards and guidelines to build sound practices into the corporate culture.
Develop and monitor privacy program to document, track, investigate and respond to all inquiries and complaints regarding the business unit’s privacy policies and practices.
Compliance
Maintain privacy program to validate compliance with privacy and security laws, practices and procedures by:
Being informed and knowledgeable about all applicable state and federal laws and regulations and oversee the implementation of measures required for compliance.
Continuous review of business unit practices, including encouraging the development and implementation of privacy best practices.
Remaining up-to-date on latest trends and best practices in the industry.
Enforcing privacy and security policies and procedures, including working with human resources to impose sanctions for failure to comply.
Overseeing the timely and cost efficient distribution of privacy notices, as required by state and federal laws and regulations.
Training and Awareness
Participate in the development and delivery of Assurant corporate and business unit privacy and security training and awareness programs for all workforce members, contractors, business associates and other third parties when requested.
Develop and implement business unit specific training and awareness programs.
Provide on-going communications and participate in relevant events to increase employee’s awareness regarding privacy issues.
Assessments
Routinely conduct assessment and/or collaborate with others to access key risk areas, internally and externally. Assessment should validate that the policies, procedures and training have been effectively implemented and have resulted in operational compliance, through:
Development of appropriate criteria to determine level of privacy and security compliance.
Development and maintenance of appropriate procedures, forms and sampling methodologies to appropriately evaluate the area’s standing on the criteria and determine compliance findings.
Review of remediation efforts regarding privacy and security deficiencies, in coordination with appropriate departments and management
Incident Response
Oversee development and maintenance of the business unit’s incident response program, and function as an incident coordinator in situations in which the program must be implemented.
Lead cross-functional project team responsible for executing incident response plan.
Management
Staffing – Determine appropriate staffing levels based on workload. Hire and/or train staff as appropriate for their role.
Department Leadership – Develop goals and plans for the department, including work prioritization and performance goals; routine meetings to discuss work activities and goals, establishing career progression standards, and developing training programs.
Development and Performance Management – Provides employee development and feedback through annual performance reviews, audits of work, investigating all complaints concerning area of responsibility and staff, and taking corrective or disciplinary action if necessary.
What you’ll need:
8+ years experience in insurance, compliance, privacy, or legal
Prior experience developing & implementing a privacy program
Knowledge & application of laws & regulations affecting privacy & security such as, GLB, HIPAA, COPPA, CAN SPAM, PIPEDA, GDPR and other privacy principles
Demonstrated leadership skills
Demonstrated ability to influence C-suite leaders without direct authority
College level degree
JD and active standing in a bar association
We are working remotely due to Covid-19. This role will be based in either our Atlanta or Miam
i office once we are back onsite, with the flexibility to work at home as needed.
