VP, Privacy and Risk
As a senior member of the Chief Legal Officer Staff, the VP, Privacy and Risk Officer is responsible for the Company’s Privacy, Enterprise Risk Management, Information Security and Compliance programs, including strategy, policy, and governance. This includes managing a team of information security and compliance professionals responsible for providing advice and guidance to the company on a global basis.
- Monitoring current data protection legislation (US State and Federal, European and other jurisdictions where Ensono does business), pending legislation, lobbying efforts, industry trends and other early indicators of what the privacy landscape may look like in the near and long-term future.
- Evangelizing Data Privacy, Compliance, Risk Management and Information Security within Ensono and to clients, utilizing a high degree of personal influence. Partnering with leaders across the Company to ensure compliance in all operating territories.
- Participating and leading pre-sales activities with respect to privacy, security and compliance.
- Partnering with senior leaders and the Culture and People Experience organization to provide training and create reinforcing cultures around all four areas.
- Serving as Ensono’s senior most global privacy, data protection and compliance officer with regulators, policy makers, media, and clients in Privacy & Data Protection matters.
- Establishing procedures for crisis management and leading all aspects security breach events including necessary communications with clients, regulatory authorities and other appropriate parties.
- Reporting ongoing breach/ incident trends to senior management and the Board of Directors or Audit Committee as appropriate.
- Evaluating proposed vendors for privacy risk and conducting annual vendor privacy reviews
- Integrating clear and up to date global information security policies, implementation standards, and Privacy considerations into all key products, services and business processes
- Partnering with the Information Technology and Operations leaders to ensure that policies are effectively executed within their systems and processes
- Establishing privacy frameworks and compliance structures at Enterprise and business unit/ functional level. Ensuring that Ensono’s businesses make informed decisions about managing Privacy risks and that ongoing feedback is provided to the business on their compliance through audits, consultations, and impact assessments.
- Creating, monitoring and updating global risk processes and policies
- Establishing a consistent approach to assessing and reporting risk across all businesses and regions
- Maintaining effective relationships with business line management and staff to support business’ risk management practices including risk evaluation, monitoring, and response.
- Monitoring and communicating risks and mitigation plans to stakeholders including senior business leaders, including the following areas
- Security (Logistical/Physical)
- Reputation & Brand
- Employee risk
- Providing inputs and tools, and collating/reporting and effectively managing risks at the enterprise level; working with Functional leaders who are responsible for risk assessment and response in their areas (e.g., HR for employment risk, Finance for financial risk, General Counsel for legal risk, Facilities/ site leaders for physical risk etc.). Regular reporting to the Board, Audit Committee, or Company’s auditors on the ERM program and material risks facing the Company.
- Overarching goals will include: best-in-class compliance in legal, regulatory, stakeholder and policy requirements, recognized thought leader in the IT services industry; and making Privacy and Information Security a differentiator for Ensono and our clients; well-developed enterprise risk assessment and mitigation policies, plans, and procedures.
- Fifteen or more years’ experience in the Information Technology industry with a Privacy, Compliance, or Legal background
- Demonstrated ability to influence colleagues at all levels throughout the organization
- Ability to succinctly and effectively synthesize information from a wide range of sources
- Deep understanding of privacy laws at international, and US federal and state levels
- Excellent oral and written communication skills
- Proven analytical and problem-solving skills
- Strong management and organizational skills, including ability to prioritize several projects at a time and drive for success