DuPont Chief Privacy Officer/Global Privacy Leader in Wilmington, Delaware

Chief Privacy Officer/Global Privacy Leader (Job Number: 193688W-01)

Description

Privacy laws are changing rapidly, and the impact to companies that do not comply is growing quickly. Data Privacy legislation has been enacted in 106 countries across every region. These laws apply to personal information collected from employees, customers, contractors, partners and third-party providers. Compliance in the US is complex for multi-national companies because Privacy laws in other countries and regions affect US headquarters and may conflict with US practices. Failure to comply can include fines in the millions of dollars, sanctions, and criminal prosecution, reputational harm and loss of the right to operate. New fines under the Global Data Protection Regulation are up to 4% global annual revenue of the parent company. Conversely, privacy done right can provide a competitive advantage.

The incumbent must have considerable experience and expertise in Privacy law and policy, privacy program management and industry best practices in privacy. He/she must collaborate with legal privacy counsel to be able to translate the legal requirements into effective management programs by understanding how they affect business processes across the organization including HR, finance, IT, sourcing and businesses’ marketing and sales organizations. He/she will need to gain consensus for changes in the Global Privacy Policy that affect the Corporation and implement a program strategy that builds or maintains compliance across businesses/functions and throughout the regions.

Responsible for Privacy Policy, Strategy and Risk Assessments including:

  • Sets Strategy for Privacy Compliance and gains Legal alignment which includes how to comply with country personal data transfer restrictions

  • Responsible for Global Information Privacy Policy (GIPP) (with Legal)

  • Creates and presents annual reviews on Privacy for oversight risk committees and provides regular reviews for Information compliance committees and Privacy Sponsors

  • Performs an annual Risk Assessment for Privacy based upon the current state of affairs and consideration of recent acquisitions and divestitures

  • Ensures business processes comply with both applicable privacy laws & global policy

  • Sets Privacy Standards, procedures and processes to support the GIPP

  • Ensure privacy standards are met by vendors processing personal information

  • Maintains up to date privacy templates for all privacy notices and data transfer agreement contracts

  • Develops Global Compliance Plans

  • Performs global and US Privacy Impact Assessments

  • Collaborates with Internal Audit on Privacy Audit strategy & approach

Oversees and provides functional guidance for both the global and North America compliance programs. Develops and leads the program based upon the 7+ Steps for an Effective Compliance program including:

  • Establishes Policies, Standards and Procedures

  • High Level Responsibility : Provides oversight and staffing to ensure an effective compliance program

  • Ensures appropriate Delegation of Authority for privacy roles

  • Education & Awareness : Practical communication of standards, procedures, and other aspects of compliance program

  • Auditing, Monitoring, Evaluating, & Reporting: Ensure compliance through auditing and monitoring. Evaluate effectiveness of the program.

  • Enforcement: Appropriate incentives and disciplinary measures

  • Response to Issues: Appropriate response to prevent further, similar issues

  • Risk Assessment - Internal Audit: Assess design of compliance program and extent of implementation

  • Risk Assessment – Privacy: Assess the risk of inappropriate conduct. Modify compliance program to reduce the risk.

  • Advocacy for Privacy that is strong and visible

  • Networks and Benchmarks with other companies and engages in forums with other corporate privacy officers in order to attain industry best practices and keep pace with compliance approaches in industry

  • Develops Privacy expertise via industry best practice channels and forums

  • Builds knowledge of existing Data Protection and Privacy laws that apply to the corporation globally and stays up to date with regulatory changes. This includes: the US Breach Notification and State Security and SSN laws , HIPAA, The EU Data Protection Directive of 95/98 and forthcoming GDPR, and country specific privacy laws applicable based upon the geographic presence of the operations.

  • Takes reasonable steps to ensure corporate and regional business processes comply with privacy and personal data protection laws

  • Leads and collaborates across the regions on creation of Global Privacy Standards & processes to support the GIPP

  • Builds Privacy By Design into global projects and Corporate or US-centered initiatives when personal data is affected

  • Ensures Privacy By Design for regional projects via Governance outside the US

  • Develops and provides training and functional guidance to regional leaders and NA cross functional team to implement privacy within function & business

  • Lead Processes and partners with legal privacy counsels to assess the impact of new or changed data protection privacy laws; Regulatory Assessment process, and establish plans to close gaps either at the global or country level

  • Consults with functional Privacy leaders on procedures & processes to implement privacy standards within function

  • Assesses global and NA privacy risk assessments

  • Consults with businesses and functions as privacy subject matter expert and helps the functions develop procedures to support and meet the established standards (e.g. employee notices, consumer website notice, collection of customer consents, supplier data transfer agreements, etc.).

  • Develops and implements auditing and monitoring processes

  • Develops and Leads processes to: respond to privacy related complaints both internally and externally, respond to incidents involving personal information including compliance with breach notification laws

  • Acting Subject Matter Expert (along with Legal) for Corporate Awareness Materials as it relates to privacy matters. Defines, evaluates and recommends the company’s expectations of employees (privacy specific content in Code of Conduct), the education and awareness materials such as Legal Eagle for general employee awareness of privacy law and policy.

Qualifications

  1. Bachelor of Science degree with minimum 15 years work experience

  2. Five or more yrs. experience in Privacy Compliance, implementing management programs to meet legal or regulatory requirements and minimum 2 yrs. as chief privacy officer

  3. Demonstrated leadership in global teams

  4. Demonstrated influence management skills

  5. Demonstrated ability to respond and shift privacy strategies as needed due to unexpected changes in legal environment

  6. Ability to create and present privacy program reviews and issues to senior leadership in order to keep senior leadership aware of state of affairs

  7. Ability to take country based laws, extract the most common and trending requirements and create global standards while ensuring local obligations are met at a local level

  8. Ability to work in a team environment and effectively network to complete tasks

  9. Strong organizational and interpersonal skills

  10. Excellent written and oral communication skills and ability to communicate at various management levels

  11. Ability to prioritize work using both a risk based approach and taking into account business critical considerations

  12. Basic to Medium understanding of Information Technology

  13. Knowledge of international privacy principles such as the OECD Guidelines, FIPS, EU Directive/GDPR, APEC Privacy framework

Primary Location: NA-United States-Delaware-Wilmington

Organization: Corporate

Schedule: Full-time

Education Level: Bachelor's Degree (±16 years)

Employee Status: Regular

Job Type: Experienced

DuPont is an equal opportunity employer. Qualified applicants will be considered without regard to race, color, religion, creed, sex, sexual orientation, gender identity, marital status, national origin, age, veteran status, disability or any other protected class. If you need a reasonable accommodation to search or apply for a position, please visit our Accessibility Page for Contact Information. For US Applicants: See the “Equal Employment Opportunity is the Law” poster.