Lead Information Security Privacy Specialist
5 - 7 years experience • Business Services
The Technology Group (IT) at HMH is a dynamic team of technology professionals dedicated to the nimble delivery of quality educational content for a digital age. Not your traditional IT house, the Technology Group actively partners across HMH to develop applications and platforms across a diverse range of digital channels and devotes itself to identifying and implementing digital solutions that meet the challenges facing students, teachers, parents and lifelong learners today, both inside and outside the classroom.
We have a position on the Technology Security team at one of the world's largest providers of pre-K-12 education solutions. HMH specializes in dynamic learning content for students, teachers, parents and lifelong learners, so this role will allow you to use your security risk experience and expertise to make a difference in the lives of students around the world and in your own back yard.
Our security team works to provide continuous improvements through prevention, detection, processes, and policies for customer and company information to maintain privacy and security. The Data Privacy and Security Specialist will report to HMH’s Chief Information Security Office and will work closely with the other leads from Security, IT, legal and other business units to implement practices that meet defined policies and standards for information security. The ideal candidate will have a strong background and technical knowledge of information security and the capability to understand complex business and technical processes.
- Identify what Sensitive Student Data (SSD) is based on the myriad of standards, regulations and laws and what safeguards are required.
- Identify where in our platforms we store/use SSD.
- Determining the gaps in our safeguards (i.e. Secure Deletion, De-Identification) vis-à-vis the standards, regulations and laws.
- Work with Product Owners to evaluate risk and define the non-functional requirements to close the gaps and having them include them in product roadmaps.
- Develop and contribute to the implementation of data standards, policy, and procedures related to: de-identification, data use, authorization, privacy monitoring, data security risk assessment, and other areas relevant to data privacy and security.
- Work with HMH legal to develop required consent, user, and data use agreements governing data access.
- Develop guidance for authentication and authorization procedures for appropriate data access.
- Ensure compliance with all relevant federal and state regulations and requirements (FERPA, HIPAA, GDPR, State & District, etc.)
- Perform quality assurance monitoring to provide review and assurance that specific policies, regulations and requirements are being met and maintained.
- Assist with risk and vulnerability management and incident response coordination activities as requested.
- Monitor developments in technology, regulations, and guidance related to privacy and security and make recommendations based on this information, advising HMH on data privacy and security implications.
Required Education and Experience:1. Bachelor’s degree or equivalent combination of education and experience
2. 4+ years experience in computer science, management information systems, data privacy, security or other relevant field
Additional Technical Requirements:
- Knowledge of information security standards preferred
- Knowledge of technical aspects of data security preferred
- Advanced knowledge of federal and agency requirements, and ability to interpret laws, guidelines and regulations that govern data privacy and security required
- Experience in interpreting and developing policies, procedures and strategies to meet data privacy and security required
- Good analytical and problem-solving skills for resolving data privacy and security issues required
- Might be in a stationary position for a considerable time (sitting and/or standing)
- The person in this position needs to move about inside office to access file cabinets, office machinery, etc
- Constantly operates a computer and other office productivity machinery, such as a calculator, copy machine, and computer printer
- Must be able to collaborate with colleagues via face to face, conference calls, and online meetings
Job Requisition ID: 9101