Director of Privacy and Compliance

October 20

Apply Now

Receive Emails with Similar Jobs

ThalamusGME

WebsiteLinkedInAll Job Openings

Graduate Medical Education • Residency and Fellowship Interview Management • Residency and Fellowship Application Management • Residency and Fellowship Travel Planning • Residency and Fellowship Data Analytics

11 - 50

Description

• Thalamus is hiring a Director of Privacy and Compliance to oversee data privacy and regulatory compliance, and manage risks related to the handling and processing of customer and employee data. • Lead the process to achieve and maintain SOC2 Type 2 certification • Develop and implement data privacy programs to ensure ongoing GDPR and CCPA compliance • Develop and enforce data retention policies to ensure compliance with regulations • Ensure customer and vendor contracts meet data privacy and security compliance requirements • Ensure company-wide compliance with customer contracting requirements • Review third-party vendor contracts to ensure data handling and privacy standards align with the company’s compliance framework • Serve as the point of contact for regulatory bodies, customers, and auditors during inspections or audits • Conduct regular audits and privacy impact assessments to identify and mitigate risks in data-handling and processing, and develop a risk register • Create and manage a data inventory, and ensure proper data classification and security controls across the organization • Train employees & contractors on compliance policies and data privacy practices to ensure company-wide adherence • Conduct third-party due diligence and maintain a vendor risk management program • Work with insurance brokers to ensure optimal coverage levels are in place • Ensure timely and accurate reporting to stakeholders, regulatory authorities, and customers • Oversee privacy incident management, including breach notifications, investigations, and reporting • Work with legal teams to ensure timely and appropriate responses to data breaches or regulatory concerns • Work closely with the Director of Security & IT to develop joint incident response playbooks, vendor risk management processes, and product review checklists

Requirements

• A bachelor’s degree in law, business administration, information technology, or a related field; advanced degree preferred • Minimum 8 years of experience in privacy compliance, risk management, or a related role in a product technology or SaaS environment • In-depth knowledge of data privacy laws and regulations (SOC2, GDPR, CCPA) • Strong analytical skills and experience conducting audits and assessments • Excellent communication and interpersonal skills, with the ability to engage and influence stakeholders at all levels • Proven ability to develop and implement effective compliance programs and policies • Experience in incident management and partnering with legal teams on data breaches