From the beginning our goal was to establish an advisory firm that stands apart from the rest one that is grounded in our Core Values and dedicated to creating a positive experience not just for our clients but for our people too. We firmly believe in the strength of collaboration enthusiasm generosity and perseverance as the driving forces behind our success. With advisory solutions spanning accounting and risk technology-enabled transformation and transactions we partner with our clients to solve todays challenges and deliver present and future value.
Our commitment to our people has earned us numerous awards including Inc5000s Fastest Growing Companies and Glassdoors Best Places to Work. Explore what our employees have to say about our unique culture by clicking here.
CrossCountry is looking to hire a Privacy & Third-Party Risk Program Senior Manager to create and mature the Firms privacy program to maintain current and future regulatory requirements ensuring our privacy compliance posture.
The Privacy & Third-Party Risk Program Senior Manager will work closely with stakeholders (e.g. DPO CISO VP of CTS Cybersecurity and Technology Lead Senior Legal Counsel and Executive Leadership Team) and must have the skill set necessary to manage the privacy program through every stage of its lifecycle as well as proactively identify ways to mature over time. This individual will also be responsible for identifying privacy requirements for the Firm managing risks arising from the collection and use of personal data maintaining policies and procedures and facilitating a privacy-focused culture within CrossCountry.
Responsibilities:
Data Privacy:
Must have prior experience building a data privacy program.
Create and manage CrossCountrys privacy management program.
Partner with the Firms Cybersecurity and Technology team to define a data management framework policies and procedures that supports CrossCountrys privacy vision.
Monitor and track existing updated and new requirements of both global and domestic privacy and data protection regulations (e.g. GDPR CPRA) and their applicability to CrossCountry.
Create update and maintain CrossCountrys internal privacy policies and external privacy notices/statements.
Lead and coordinate Privacy Risk Assessments Privacy Impact Assessments (PIA) and Data Protection Impact Assessments (DPIA) as required.
Collaborate with the Firms Data Protection Officer (DPO) Senior Legal Counsel Cybersecurity and other relevant stakeholders to communicate and escalate privacy questions and issues as needed (e.g. breach notifications).
Own manage and improve privacy and data protection processes and record keeping such as Records of Processing Activities (ROPA).
Develop workflows and procedures for key privacy processes (e.g. retention and destruction minimization).
Respond to and manage time-sensitive Data Subject Requests (DSRs) and other privacy inquiries.
Plan and execute privacy audits to evaluate the effectiveness and maturity of the privacy program and facilitate remediation actions.
Develop a data privacy reporting dashboard with recommended key metrics (e.g. KPIs).
Serve as liaison and primary point of contact within CrossCountry and externally on privacy and data protection matters.
Deliver privacy and data protection training and awareness for the entire Firm.
Third-Party Risk:
Establish and maintain CrossCountrys third-party risk management program framework that aligns with relevant laws regulations and standards.
Partner with key departments such as legal corporate technology solutions and information security.
Identify and categorize third-party risks based on business activities and data handling.
Conduct thorough due diligence on vendors including risk-based assessments.
Map risks to business activities and classify vendors accordingly.
Develop and enforce policies for acquiring and engaging third-party services.
Ensure privacy and security are integrated into the vendor approval process.
Perform continuous monitoring of third-party relationships and risk exposures.
Conduct regular assessments and audits to ensure compliance and performance.
Assist in privacy contractual review and ongoing monitoring for clients and/or third-party agreements.
Other:
Respond to and manage time-sensitive requests from the practice (e.g. Data Privacy Reviews Questionnaires MSAs DPAs etc).
Qualifications:
8 years of experience managing or consulting on privacy data protection or third-party risk management programs or serving on a privacy operational role
At least one privacy certification such as CIPP/US CIPP/EU CIPM CIPT or CDPSE required
Extensive and working knowledge of global privacy and regulatory frameworks including GDPR and CPRA
Proficiency of the components of a comprehensive privacy program including governance privacy principles awareness and training third party risk management consent management etc.
Experience with privacy risk assessment audits and privacy-related tools and applications
Ability to lead and work as part of a team
Polished verbal and written communication skills
Excellent organization time and project management skills
Professionalism and discretion in interacting with executives and clients
Strong attention to detail
A great sense of humor and passionate about privacy
Education:
A bachelors degree (or higher)
#LI-Hybrid #LI-BW1
Benefits Summary
The CrossCountry total rewards package includes comprehensive healthcare options including medical dental and vision coverage; flexible spending accounts; and a 401(k) with company matching. Additionally employees can take advantage of generous parental and maternity leave policies technology stipends and wellness reimbursement programs all designed to support both professional growth and personal well-being. For detailed information about benefits at CrossCountry please visit our dedicated benefits site: Employment Opportunity (EEO)
CrossCountry provides equal employment opportunities (EEO) to all employeesand applicants for employment and believes that respect and fair treatment are critical to creating a productive and inclusive workplace.
As an equal opportunity employer CrossCountry is fully committed to comply with all federal state and local laws and prohibits discrimination and harassment of any type without regard to race color religion age sex national origin disability pregnancy genetics sexual orientation veteran status gender identity or expression or any other protected characteristic. The company also complies with pay transparency and labor laws applicable to all terms and conditions of employment.
Disclaimer: Drjobpro.com is only a platform that connects job seekers and employers. Applicants are advised to conduct their own independent research into the credentials of the prospective employer.We always make certain that our clients do not endorse any request for money payments, thus we advise against sharing any personal or bank-related information with any third party. If you suspect fraud or malpractice, please contact us via contact us page.