DuPont Chief Privacy Officer/Global Privacy Leader in Wilmington, Delaware
Chief Privacy Officer/Global Privacy Leader (Job Number: 193688W-01)
Privacy laws are changing rapidly, and the impact to companies that do not comply is growing quickly. Data Privacy legislation has been enacted in 106 countries across every region. These laws apply to personal information collected from employees, customers, contractors, partners and third-party providers. Compliance in the US is complex for multi-national companies because Privacy laws in other countries and regions affect US headquarters and may conflict with US practices. Failure to comply can include fines in the millions of dollars, sanctions, and criminal prosecution, reputational harm and loss of the right to operate. New fines under the Global Data Protection Regulation are up to 4% global annual revenue of the parent company. Conversely, privacy done right can provide a competitive advantage.
Sets Strategy for Privacy Compliance and gains Legal alignment which includes how to comply with country personal data transfer restrictions
Creates and presents annual reviews on Privacy for oversight risk committees and provides regular reviews for Information compliance committees and Privacy Sponsors
Performs an annual Risk Assessment for Privacy based upon the current state of affairs and consideration of recent acquisitions and divestitures
Ensures business processes comply with both applicable privacy laws & global policy
Sets Privacy Standards, procedures and processes to support the GIPP
Ensure privacy standards are met by vendors processing personal information
Maintains up to date privacy templates for all privacy notices and data transfer agreement contracts
Develops Global Compliance Plans
Performs global and US Privacy Impact Assessments
Collaborates with Internal Audit on Privacy Audit strategy & approach
Oversees and provides functional guidance for both the global and North America compliance programs. Develops and leads the program based upon the 7+ Steps for an Effective Compliance program including:
Establishes Policies, Standards and Procedures
High Level Responsibility : Provides oversight and staffing to ensure an effective compliance program
Ensures appropriate Delegation of Authority for privacy roles
Education & Awareness : Practical communication of standards, procedures, and other aspects of compliance program
Auditing, Monitoring, Evaluating, & Reporting: Ensure compliance through auditing and monitoring. Evaluate effectiveness of the program.
Enforcement: Appropriate incentives and disciplinary measures
Response to Issues: Appropriate response to prevent further, similar issues
Risk Assessment - Internal Audit: Assess design of compliance program and extent of implementation
Risk Assessment – Privacy: Assess the risk of inappropriate conduct. Modify compliance program to reduce the risk.
Advocacy for Privacy that is strong and visible
Networks and Benchmarks with other companies and engages in forums with other corporate privacy officers in order to attain industry best practices and keep pace with compliance approaches in industry
Develops Privacy expertise via industry best practice channels and forums
Builds knowledge of existing Data Protection and Privacy laws that apply to the corporation globally and stays up to date with regulatory changes. This includes: the US Breach Notification and State Security and SSN laws , HIPAA, The EU Data Protection Directive of 95/98 and forthcoming GDPR, and country specific privacy laws applicable based upon the geographic presence of the operations.
Takes reasonable steps to ensure corporate and regional business processes comply with privacy and personal data protection laws
Leads and collaborates across the regions on creation of Global Privacy Standards & processes to support the GIPP
Builds Privacy By Design into global projects and Corporate or US-centered initiatives when personal data is affected
Ensures Privacy By Design for regional projects via Governance outside the US
Develops and provides training and functional guidance to regional leaders and NA cross functional team to implement privacy within function & business
Lead Processes and partners with legal privacy counsels to assess the impact of new or changed data protection privacy laws; Regulatory Assessment process, and establish plans to close gaps either at the global or country level
Consults with functional Privacy leaders on procedures & processes to implement privacy standards within function
Assesses global and NA privacy risk assessments
Consults with businesses and functions as privacy subject matter expert and helps the functions develop procedures to support and meet the established standards (e.g. employee notices, consumer website notice, collection of customer consents, supplier data transfer agreements, etc.).
Develops and implements auditing and monitoring processes
Develops and Leads processes to: respond to privacy related complaints both internally and externally, respond to incidents involving personal information including compliance with breach notification laws
Acting Subject Matter Expert (along with Legal) for Corporate Awareness Materials as it relates to privacy matters. Defines, evaluates and recommends the company’s expectations of employees (privacy specific content in Code of Conduct), the education and awareness materials such as Legal Eagle for general employee awareness of privacy law and policy.
Bachelor of Science degree with minimum 15 years work experience
Five or more yrs. experience in Privacy Compliance, implementing management programs to meet legal or regulatory requirements and minimum 2 yrs. as chief privacy officer
Demonstrated leadership in global teams
Demonstrated influence management skills
Demonstrated ability to respond and shift privacy strategies as needed due to unexpected changes in legal environment
Ability to create and present privacy program reviews and issues to senior leadership in order to keep senior leadership aware of state of affairs
Ability to take country based laws, extract the most common and trending requirements and create global standards while ensuring local obligations are met at a local level
Ability to work in a team environment and effectively network to complete tasks
Strong organizational and interpersonal skills
Excellent written and oral communication skills and ability to communicate at various management levels
Ability to prioritize work using both a risk based approach and taking into account business critical considerations
Basic to Medium understanding of Information Technology
Knowledge of international privacy principles such as the OECD Guidelines, FIPS, EU Directive/GDPR, APEC Privacy framework
Primary Location: NA-United States-Delaware-Wilmington
Education Level: Bachelor's Degree (±16 years)
Employee Status: Regular
Job Type: Experienced
DuPont is an equal opportunity employer. Qualified applicants will be considered without regard to race, color, religion, creed, sex, sexual orientation, gender identity, marital status, national origin, age, veteran status, disability or any other protected class. If you need a reasonable accommodation to search or apply for a position, please visit our Accessibility Page for Contact Information. For US Applicants: See the “Equal Employment Opportunity is the Law” poster.