Director, Privacy by Design
- Barcelona
- Permanente
- Tiempo completo
- Minimum of 10 years of progressive privacy experience
- Minimum of 5 years of experience in a global company
- Comprehensive knowledge of UK, EU, Swiss, US, and APAC data protection regulations and their application, including technical and organizational measures and procedures
- Broad knowledge of EU AI Act and AI/ML
- Expert understanding of processes and information flows of business and corporate functions that manage customer and employee data as well as other confidential information
- Strong problem-solving skill and comfortable making logical decisions when faced with ambiguous requirements
- Ability to communicate effectively with stakeholders
- Strong written and verbal communication skills
- Undergraduate college degree, or the equivalent, in business, law, finance, technology, or other relevant subject area
- Master’s degree, or the equivalent, in data protection, business, law, or technology
- Certified Information Privacy Professional – Europe Accreditation (CIPP/E)
- Provide compliance technical advice and consulting as a subject matter expert in data protection standards and strategically developing, enforcing and leading the global privacy compliance program;
- Continue to improve and build upon a strong global privacy compliance program that keeps pace with applicable global regulations in the UK, EU, US, Switzerland, EMEA, APAC, and other relevant jurisdictions;
- Ensure effective execution of privacy requirements, maintenance and adherence to related policies and procedures, commensurate with the level of privacy risk;
- Work collaboratively with the Chief Privacy Officer, Chief Information Security Officer, Sr. Director, Privacy, and other internal stakeholders across governance forums, strategic projects and engagements to drive the execution of the global privacy compliance program;
- Assist the business and corporate functions with the design and execution of internal controls to address privacy business requirements and mitigate privacy risks;
- Leverage expertise to embed enhancements to enterprise Privacy By Design, Security By Design and AI BY Design frameworks into applicable business processes;
- Independently manage privacy risk assessments (e.g., TIAs, DPIAs, PIAs, etc.,);
- Create a records of processing activities register within the organization;
- Manage Data Subject Access Requests for GDPR, CCPA, and other relevant regulation;
- Support incident response for privacy breaches in coordination with internal partners who oversee mitigation strategies and regulatory communications for the UK, EU, US, Switzerland, EMEA, APAC and other relevant jurisdictions;
- Assist with preparing for or leading privacy related regulatory examinations, ISO audits, and internal audits;
- Manage record retention to comply with regulatory and business requirements;
- Ensure that controllers and data subjects are informed about their data protection rights, obligations and responsibilities and raise awareness;
- Give advice and recommendations to the organization about the interpretation or application of the data protection rules;
- Handle queries or complaints on request by the organization, the controller, other person(s);
- Cooperate with and act as the contact point for the data protection authorities (responding to requests about investigations, complaint handling, and inspections, etc.);
- Proactively manage privacy risks through managing governance forums, performing risk assessments, directing monitoring and testing efforts, and implementing related training programs;
- Ensure privacy practices align with regulatory and compliance standards by identifying potential areas of vulnerability and developing and executing risk mitigation action plans; and
- Champion privacy awareness across Clarivate by leading Privacy Awareness campaigns, training and educational programs to help ensure privacy considerations and embedded in business processes.