Job Description

Develops and manages processes for Privacy Impact Assessments (PIAs) and Data Protection Impact Assessments (DPIAs) in addition to analyzing responses to identify risks involving the collection, access, use, protection, storage and destruction of personal and/or sensitive information. Works with stakeholders to develop and implement risk mitigation plans as needed.
Owns the privacy area in the vendor management process (in collaboration with the Information Security team), which includes conducting Vendor Due Diligence (VDD) assessments of vendors, analyzing their responses to highlight privacy issues, and proposing steps to reduce risk to Seismic.
Partners with stakeholders to ensure that privacy-affected activities align with Seismic’s Privacy Protection Policy, as well as relevant privacy regulations across the globe. This includes enforcement of privacy-by-design principles in product development and marketing activities.
Manages and documents data collection and sharing practices for projects, products, websites, and mobile apps. This includes documenting data inventories, data maps, and data flows.
Creates, reviews, and maintains process for Seismic’s privacy policies (Internal and External). Also supports the Vice President, Information Technology and the Director, Information Security in reviewing and maintaining Seismic’s Security Incident Response Plan and other operational documentation.
Investigates and researches Privacy incidents, including issues involving consumer complaints and employee access and use of Personal Information.
Collaborates with Seismic’s Information Security on activities involving Personal Information such as potential breach incidents, vendor management, or company-wide risk assessments.
Produces reports on new and changing Privacy federal/state privacy regulations to assess how Seismic is impacted, its compliance with them, and proposes corrective action plans in collaboration with the Legal department.
Remains current on the privacy landscape via participating in external professional Privacy webinars and forums or networks such as the International Association for Privacy Professionals (IAPP) and others.
Leads effort in creating annual Privacy training content, as well as planning instructor led-events and webinars. Conducts and promotes Privacy training and awareness to the workforce in coordination with other teams.

What you’ll bring to the team:

Bachelor’s degree preferred or equivalent experience.
3+ years of Privacy experience, with the ability to think critically about the application of Data Protection & Privacy objectives.
Working knowledge of GDPR, CCPA, COPPA, and other Privacy regulations. This includes the ability to identify and assess how these complex rules impact Seismic.
Experience managing and conducting PIAs/DPIAs.
Independent, self-motivated, and self-organized with the ability to operate autonomously.
Extremely organized and possessing keen attention to detail to spot issues, track them for continued awareness, and escalate appropriately.

Valid through: 5/21/2021