Head of Global Privacy
The Head of Global Privacy role is responsible for the global data protection and privacy compliance program to promote the protection and confidentiality of restricted, proprietary, or personal information for both the organization and our clients and ensure that CSG complies with all data protection and privacy laws that apply to CSG’s internal and customer-facing operations.
General responsibility for the company’s privacy program, including developing, implementing and maintaining policies and procedures to ensure compliance with applicable privacy law and the company’s contractual commitments. This includes monitoring and advising the company on all issues related to the protection of personal data under applicable data protection laws, including, by way of example, the General Data Protection Regulation (“GDPR”).
- Provides leadership and guidance to company business units on all aspects of privacy and data protection This will include liaising with each business unit across CSG (HR, Sales, Product/Software Development, Operations, IT, Procurement, Security, Legal, and Compliance, etc.) in relation to the development of policies, procedures and practices.
- Foster a data protection culture within the organization and help to implement essential elements of privacy by design and by default; Develop, implement, maintain and monitor privacy policies and controls; Conduct audits to ensure data privacy compliance and address potential issues proactively.
- Educate and advise the company and employees on domestic and international privacy compliance requirements (including GDPR).
- Provide comprehensive data protection training and awareness communications to employees involved in data processing; Create training and awareness plans coordinated with other CSG units; Monitor and track training campaigns to completion.
- Provide advice on Data Protection Impact Assessments (DPIAs) and monitor their performance.
- Serve as the point of contact between CSG and Privacy regulatory agencies/supervisory agencies.
- Maintain comprehensive records of all data processing activities, including data flow diagrams and privacy impact assessments.
- Participate and advise in the review of Security Incidents and investigations or privacy complaints and undertake reporting/remedial actions, as necessary.
- Provide adequate response to and tracking of customer-requested Data Privacy assessments and questionnaires.
- Assist in drafting or reviewing privacy/data security related contract provisions with outside parties; assist in conducting due diligence of third party vendors and ensure any transfers of personal information comply with all applicable laws.
- Update leadership on the health and activities of the data privacy practice; Provide senior Managers and/or the CSG Board or other senior body with regular reports on data privacy compliance.
- Keeps abreast of all applicable regulations, laws, and policies as they presently exist and as they change or are modified.
- Ensures that the staff are trained and evaluated on their knowledge of and adherence to compliance policies and procedures specific to their jobs.
- Understands and adheres to CSG Security and Compliance standards as they appear in Information Security, Acceptable Use, Code of Conduct, and other corporate policies.
Education and Experience
- Bachelor’s degree in Business Administration or equivalent combination of education and experience.
- A minimum of 10 years’ data protection or related compliance experience, combined with recognized data protection qualifications such as CIPP/E, CIPP/M, or FIP
- Experience advising technology companies on data governance matters and applying data protection in business-to-business environments; BSS or telecommunications prior experience helpful.
- Experience with standards, guidance, control frameworks, and regulatory requirements crossing broad business operational areas encompassing: risk and governance, information technology, data security and privacy.
Knowledge, Skills and Abilities
- Personal integrity and high professional ethics.
- Knowledge and experience with global and US privacy laws, including an in-depth understanding of the GDPR.
- Comprehensive knowledge of data privacy requirements relative to credit card users, consumers, employees in a multi-national environment.
- Practical knowledge of privacy and security requirements, including ISO27001, FTC Act, CAN-SPAM, HIPAA, PCI, etc.
- Familiarity with privacy and securityrisk assessment and best practices, privacy certifications/seals, and information security standards certifications;
- Technically-minded with the ability to analyze data protection and processing issues within the context of IT systems, web based technologies, and functions.
- Ability to communicate effectively with data subjects, data protection authorities and other controllers and processors across national boundaries and cultures.
- Adequate self-awareness and confidence to acknowledge knowledge gaps and seek to fill them from reliable sources.
- Ability to communicate effectively with the highest levels of management and decision-making within the organization.
- Ability to use a personal computer. Proficiency with other Microsoft Office applications.
- Ability to read, write, speak and understand the English language in a business environment.