Data Privacy Manager

Job Description

To work closely with the Global Cybersecurity Governance, Risk, Compliance and Data Privacy Director in supporting the UL enterprise with Privacy related Regulatory requirements globally. On a day-to-day basis be a point of contact for UL Associates in respect of queries on data protection. Provide advice and guidance, directing colleagues and others to the relevant policies and procedures and to exercise good judgement to escalate any breaches and requests to direct leader when required. To log and track any information required to ensure that UL is operating within regulatory guidelines and update the direct leader with trends analysis for process improvement and reporting.

Responsibilities

• Manages the performance of direct reports by developing accountabilities, establishing performance objectives, providing career counseling, feedback, and guidance, and ensuring that all policies are understood and adhered to.
• Develop, maintain, and implement UL Solutions’ privacy program and the resulting privacy policies, procedures, and documentation for the processing of personal data in coordination with appropriate members of the organization (e.g., business process owners, legal, information security, the works council, risk management, and the ethics and compliance officers).
• Monitor continuous adherence to the privacy program’s requirements.
• Establish and manage an enterprise Data Privacy Working Group
• Devise and update policies and procedures for customers, employees and data breach incident responses, ensuring alignment with the actual implementation of personal data processing activities.
• Deliver impact through deploying qualitative and quantitative analysis, concepts, frameworks and story board skills to advise senior leadership on delivering a measurable impact in focus areas
• Advise stakeholders in designing, deploying, and managing technology and process solutions to reduce the potential of data compromise
• Support strategic initiatives to accomplish Data minimization program objectives
• Assist in risk management process and related program delivery items, including reporting, engagement in senior leadership meetings, drafting and reviewing materials for senior management
• Own process for conducting Privacy by Design reviews, create Records of Processing Activities, initiating Data Privacy Impact Assessments, and Privacy Impact Assessments
• Assist in creating blogs/internal communications on privacy-related updates; and coordinate with Global Cybersecurity Governance team to disseminate
• Support implementing operational processes of the corporate business units and operations support teams in accordance with applicable privacy laws and regulations, as well as assisting or leading key strategic priorities.
• Support reporting and analysis to identify themes/trends, new risks, and mitigation strategies
• Lead privacy analysis and assessments of products throughout development cycle to ensure compliance with privacy and data protection laws
• Assist with coordinating and driving cross-stakeholder alignment regarding implementation of privacy requirements and proposed remediations
• Performs other duties as directed.
  
  

Qualifications

Education and Training

• Bachelor's degree or higher in business administration, law, finance, accounting, computer science or a related discipline is required.
• An advanced degree in law (J.D.), business (M.B.A.), information science (MIS), information security or a related field is preferred.
• The candidate has obtained one or more of the following certifications: Certified Information Privacy Professional (CIPP), Certified Information Privacy Management (CIPM), and/or Certified Information Privacy Technologist (CIPT), and one or more of: Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM) and Certified Information Systems Auditor (CISA) is preferred.
  
  

Previous Experience

• 3 to 5 years of experience in privacy, data protection, security, risk management, auditing and/or compliance
• OR: 3 to 5 years of legal experience in government, law firms or multinational corporations preferred, with at least the past 2 to 5 years focused on privacy.
• Knowledge of U.S. laws and regulations, such as HIPAA, California privacy laws
• Knowledge of the EU General Data Protection Regulation (GDPR).
• Experience with Standard Contractual Clauses, Binding Corporate Rules, APEC Cross-Border Privacy Rules for international data transfers.
  
  

Knowledge And Skills

• Strong analytical and problem resolution skills.
• Sound business judgment, with the ability to think strategically and give practical advice by balancing business needs with legal risks.
• Strong written and verbal communication skills, as well as the ability to work well with a diverse client base.
• Knowledge of the privacy aspects of the product development life cycle, data handling and asset classification, and knowledge of the role of a privacy professional in ensuring that customer data is properly managed.
• Interest in national and international privacy developments, constitutional privacy guarantees, international privacy guidelines and principles, privacy by design, protection by default, data subject's rights, privacy accountability and minimal disclosure.
• Ability to articulate the importance of customer privacy. Comfort with promoting privacy up and down the management chain, including audiences who have varying levels of familiarity with the topic.
• Ability to maintain proper documentation, relevant records and archives in an orderly, transparent fashion.
• Knowledge of software development life cycles (SDLCs) is beneficial.
  
  

Personal Characteristics

• Has accessibility and ability to interface with, and gain the respect of, stakeholders at all levels and roles in the company.
• Is a confident, energetic self-starter, with strong interpersonal skills.
• Has good judgment, a sense of urgency and has demonstrated commitment to high standards of ethics, regulatory compliance, customer service and business integrity.
• Willingness to be available for incident and emergency handling outside standard office hours, where necessary.
• Willingness to travel to determine and influence privacy requirements in jurisdictions the organization is operating in.
  
  

About Us

A global leader in applied safety science, UL Solutions (NYSE: ULS) transforms safety, security and sustainability challenges into opportunities for customers in more than 110 countries. UL Solutions delivers testing, inspection and certification services, together with software products and advisory offerings, that support our customers’ product innovation and business growth. The UL Mark serves as a recognized symbol of trust in our customers’ products and reflects an unwavering commitment to advancing our safety mission. We help our customers innovate, launch new products and services, navigate global markets and complex supply chains, and grow sustainably and responsibly into the future. Our science is your advantage.