Menu

Find Remote Jobs
SPINS
Work From Home Jobs   /   Remote Others Jobs   /   Head of Data Privacy and Compliance at SPINS
Back to Remote Others Jobs See All Jobs

Possible expired job

This job was posted a year ago and may be expired now. If that's the case, you can browse similar jobs here. Apologies for the inconvenience.

Head of Data Privacy and Compliance

Head of Data Privacy and Compliance

Location: United States

Who We Are

SPINS is the leading provider of retail consumer insights, analytics, and consulting for the Natural, Organic and Specialty Products Industry. We transform raw data into intelligent and actionable business solutions that enable consumers to pursue wellness. At SPINS, we believe data is important, but our people are the real differentiator. That’s why we maintain a culture that is focused on collaboration, flexibility, and open communication.

At SPINS, we are passionate advocates of natural products that promote healthy living. As the leading provider of retail consumer insights, analytics, reporting, and consulting services for the Natural, Organic and Specialty Products Industry, our business offerings are helping to drive retailers in this high growth area to connect people with the brands that they love.

Our team is comprised of subject matter experts that acquire, consolidate, and transform raw data into detailed analytics and insights. We deliver timely and actionable information that impacts business decisions and drives revenue for thousands of manufacturers and retailers every day.

SPINS is proudly invested in aligning Retailers, Brands and Consumers. Naturally.

Summary of Position

SPINS is searching for a Head of Data Privacy and Compliance who will be the process owner of all assurance activities related to the availability, integrity and confidentiality of customer, business partner, employee, and business information in compliance with the organization’s information security policies. A key element of this role is to determine acceptable levels of risk for the organization. This Head of Data Privacy and Compliance is responsible for establishing and maintaining a corporate-wide security, privacy, and compliance management program to ensure that the organization’s assets are adequately protected. The person in this position should have a passion for the protection of customer data, consumer’s data, and cyber security.

The responsibilities include reviewing/developing/maintaining the company’s policies and procedures in accordance with regulatory requirements, company accreditations and best practice/ standards (such as NIST & Hitech) applicable to healthcare information security. The position will also be responsible for setting the strategic direction of the Information Security and the day-to-day management security issues and IT assets.

Key Responsibilities

Data Privacy and Compliance

  • Collaboratively develop strategic, proactive positions and processes on key privacy and data policy issues.
  • Examine global legislative and regulatory proposals concerning the intersection of technology, privacy, data use, and platform regulation and assess/communicate impact across the organization.
  • Independently lead projects collaborating with cross functional stakeholders, including narrative development, research design, and strategic policy planning.
  • Serve as an effective representative for SPINS regarding privacy issues, including in executive, board and other external meetings
  • Collaborate with software developers, designers, lawyers, product managers, and others to help interdisciplinary teams simultaneously address policy, legal, engineering, user interface, business, marketing and other privacy requirements
  • Determine applicable schedules specific to individual departments and partner with department heads to ensure compliance data commitments are met and validated.
  • Implement a program to ensure regulatory required deletion and retention requirements across the data lifecycle are met, educate employees on the requirements, review actual department compliance with them and conduct audits to ensure policies are appropriately applied.

Security:

  • Building a comprehensive security program that includes physical safety and cybersecurity policies.
    • Own Disaster Recovery/Business Continuity
      • Documentation of the plans
      • Regular testing/auditing of those plans
    • Define and annually audit Data Privacy and Secure Coding standards and practices
    • Develop and maintain Internal security + privacy training
      • Annual employee certification
    • Own and enforce Vendor Security management
    • Define and audit process for introduction of new tools/frameworks/services to existing tech stack
  • Manage security risk for entire business
    • Review existing security measures and update protocols as needed
    • Establish and communicate clearly defined prioritization of risks
    • Own resolution based on priorities
    • Provide guidance that balances business requirements with the firm’s cyber security standards
  • Review and evaluate company operations to identify potential security risks and room for improvements.
  • Foster a culture of physical and digital security awareness by conducting training sessions and communicating with personnel.
  • Manage, evaluate, and ensure resolution of any physical or digital security incidents or breaches.
  • Ensure that the company’s security policies comply with federal laws and legislation.
    • Responsible for data privacy and compliance standards
    • Own the framework and potentially build a team for data privacy and compliance enforcement
  • Present risk assessments and improved security policies to management team members.
  • Together with management develop and implement an appropriate budget for security programs.
  • Audit SPINS’ departments for their security responsibilities
    • Create a defined/documented “security program”
    • Ensure department leaders are fulfilling their responsibilities
  • Risk + Impact Reporting
    • To CEO + Board at least twice a year
    • To C-levels + Senior Leadership at least every quarter
  • Stay informed about the dynamic regulatory landscape, industry trends, internal operations, and cyber security threats
    • Socialize new standards and manage discussions around potential adoption and implementation issues
    • For example, raise the alarms for things like the log4shell vulnerability, and solarwinds breach, etc.
  • Responsible for ensuring communication of potential breaches (or similar), both internal and external
  • Responsible for filling out security questionnaires for 3rd parties, and preparing documentation for this purpose
    • Also responsible for creating our own questionnaire to send to 3rd parties we do/will work with

Knowledge & Skills Required

Education/Training/Work Experience

  • Bachelor’s degree in Computer Science, Management Information Systems, Cybersecurity, or equivalent professional experience
  • Preferred: Professional security management certification
  • 10+ years of experience in a combination of risk management, information security, data privacy/compliance and IT jobs
  • Knowledge of common information security management frameworks, such as ISO/IEC 27001, and NIST
  • Experience with contract and vendor negotiations and management including managed services.
  • Experience with Cloud computing/Elastic computing across virtualized environments.
  • Hands on knowledge of contemporary DevSecOps practices

Candidate Attributes, Knowledge & Skills

  • Excellent written and verbal communication skills and high level of personal integrity
  • Advanced Program Management Skills
  • Ability to adjust to constantly changing priorities and fast paced environment
  • Ability to work effectively without constant supervision while working in the office or remotely
  • Strong vendor management skills

#LI-RS1 #LI-Remote

What SPINS Offers

We have enjoyed tremendous growth over the years and, as a leader in a fast-growing industry, we have no plans to slow down! While all that growth brings excitement, it is also an opportunity for SPINS to show it values the health and wellness of its team members. Whether you are based at our Chicago headquarters or remote, we continue to stay true to SPINS:

  • We embrace hybrid and remote work options so that you have the flexibility to create a work/life balance that actually works!
  • Virtual yoga, HIIT, meditation classes, and team SPINS Peloton rides
  • Each employee is allotted paid time to use to volunteer with an organization of their choice and charitable donations are matched.
  • CEO Connect, a monthly informal small group Q&A session with our top leader
  • Semi-annual company-wide survey that is used to shape company programs, perks, and culture.

The SPINS Way

  • Direct We communicate with clarity, honesty and respect in all situations and embrace opportunities to provide solution-oriented feedback.
  • Determined We are committed to overcoming all obstacles to achieve results. We adapt to change, seek opportunities to learn and rapidly translate that learning into action.
  • Passionate We go above and beyond to help our partners achieve their goals. We challenge assumptions and are comfortable forging new paths.
  • Collaborative We leave our egos at the door, believing that working together we will produce an outcome that’s greater than each individual contribution.

THEWFHJOBS

Work From Home Blog

REMOTE JOB ROLES

Find Remote Jobs Remote Software Developement Jobs Remote Marketing Jobs Remote Data Entry Jobs Remote Support Jobs Remote Writing Jobs Remote Virtual Assistant Jobs Remote Design Jobs Remote Product Jobs Remote Sales Jobs Remote Finance & Accounting Jobs Remote Teaching Jobs Remote HR & People Jobs Remote Legal Jobs
TheWFHJobs logo © 2024 TheWFHJobs. All Rights Reserved Terms of use · Privacy policy Twitter · LinkedIn · Facebook