Data Privacy Engineer (Remote, US)
DISQO is changing the way that the world’s largest brands, agencies and consumer intelligence companies get to know their consumers. We’ve built the first identity-based platform that combines consumer attitudes and behaviors together to power the most accurate and predictive insights solutions for our customers, and we do all of that with the willing participation of our consumers and without using outdated technologies like third-party cookies. We help our customers get a cross-platform view into consumer sentiment, measure advertising effectiveness, analyze consumer purchase journeys, and ultimately grow their brands.
Our mission at DISQO is to engage people to share their opinions and behaviors openly to help our customers make the right decisions. With over one million active members sharing their attitudes and behaviors, DISQO is looking to expand, improve and create world-class applications for people to openly share their data for research.
Check out the DISQO Developer Blog for the latest from our DISQOTECH team.
DISQO is a platform-as-a-service (PaaS) that powers brand decisions with breakthrough insights on consumer experience. People experience brands in different ways. DISQO’s platform allows you to understand what people think and do throughout the entire brand experience.
DISQO is searching for a Data Privacy Engineer to join our Global Information Security & Privacy organization to help build a world class security & privacy program that enables A world where people trust in sharing information to improve the human experience.
As Data Privacy Engineer, you will lead privacy program initiatives within the information security team at DISQO and collaborate heavily with a cross-functional team involving legal, product and engineering to improve and maintain privacy-related technology and processes. You will analyze sensitive data storage and transmission both within the DISQO platform and with connected third parties. Your role is to help DISQO comply with all applicable regulatory requirements regarding privacy, build privacy into DISQO’s suite products.This person will be the technical advocate for privacy decisions and discussions across the company and relied upon to provide engineering and product teams with the privacy expertise necessary to make confident product decisions.
What you will do:
- Conduct “privacy-by-design” technical reviews for new products and services, ensuring required data privacy impact assessments are completed, where required, and identify any privacy concerns.
- Provide product teams with the guidance and best practices to help protect data subjects’ privacy and mitigate identified risk.
- Work closely with Information Security to ensure “security-by-design,” to ensure company-wide product and services define, implement, and document perimeter and internal network controls, host-based security controls, applications access controls and data access controls.
- Implements, and manages, integration of privacy-software solutions used across the organization to support Program compliance.
- Under the direction of the Director of Information Security & Privacy, in accordance with the program monitoring schedule, perform on-going monitoring of all company business units; document the results and implement any corrective actions or remediations that may be required.
- Participate in internal and external data privacy audits.
- Ensure applicable privacy and security requirements are incorporated in policies, SOPs, and other controls, implemented for a project, product, or platform.
- Develops Program report metrics, e.g. against data privacy impact assessments, to aid in presenting program metrics to the executive management team.
- Maintains all related Program data in the central database to ensure that accurate and concise information is obtained and captured to allow reporting of Program-related obligations.
- Provides general support and assistance to the Security & Privacy Team, when necessary, including filing, generating outgoing correspondence, archiving, and any other privacy and security-related projects necessary to support the Program.
- Serve as an internal advisor, to the business, to efficiently (and effectively) manage internal (and external) data privacy inquiries.
- Stay abreast of global privacy legislation and regulatory requirements.
- Play a key role in driving architecture reviews, as well as global cross-company privacy reviews of products and services, aligned to SOC2 and NISTResearch, evaluate and communicate client privacy requirements and identify current posture against these requirements to the internal team.
- Discover, map and classify personal information across the business and its information systems, including DISQO software products.
- Ensure that data is appropriately de-identified where required, and develop a process to audit data warehouses to ensure ongoing compliance with legal requirements and privacy policies.
- Work with our legal team to transform privacy policies and standards into actionable processes and procedures that help DISQO build privacy into our everyday operations and our products.
- Advise peers on how to implement privacy controls and identify areas of concern or risk in DISQO products. Translate privacy policies into actionable software engineering requirements.
- Manage Data Protection Impact Assessments and Privacy Impact Assessments Identify potential privacy issues in DISQO products. Recommend projects to address the privacy concerns you’ve identified.
- Build a scalable process for responding to data subject rights requests to account for the growth of the business.
- Support incident response management, including incident investigation, fact-gathering and documentation, and regulatory or state breach notification procedures.
What you bring to the table:
- B.S. or M.S. in Computer Science, Information Systems, or related field or equivalent experience.
- Demonstrated knowledge of architecture reviews, aligned to NIST-CSF, NIST 800-53 and CIS CrontrolsPossess one or more professional privacy certifications (e.g. CIPP, CIPM, CDPSE) Security certifications (CISSP, CISM, Security+) a plus4+ years of work experience in privacy engineering or security engineering.
- Demonstrated experience working with IT, Security, and Development teams to achieve a coordinated privacy and security practice.
- Experience ensuring compliance with GDPR, CCPA and/or other regulatory requirements.
- Knowledge and experience with OneTrust products, Assessment Automation, Data Mapping, Data Discovery and Classification, Vendor Risk Management, Privacy Rights, Cookies Consent, Preference Management, as well as Policy and Notice Management.
- Ability to perform privacy assessment interviews, reporting, and delivery of regulatory assessments risk analyses, information inventory and data mapping, vendor management assessments, and additional privacy-related projects.
- Experience communicating highly-technical concepts to a non-technical audience.
- Have defined, documented, implemented, and established privacy policies and procedures across the organization.
- Ability to manage and communicate with multiple stakeholders in a fast-paced work environment.
- Effective organizational, analytical, confidentiality, multi-tasking, and time management skills.
- Strong presentation skills, particularly in the development of professional and thoughtful materials.
- Excellent judgment, attention to detail, communication and direct customer skills, plus the ability to work as part of a team, as well as an individual contributor.
#LI-Remote #LI-SG1
Perks & Benefits:
·100% covered Medical/Dental/Vision for employee, 80% for dependents
·Equity
·Unlimited Vacation
·Flexible work hours
·Quarterly Offsites
·401K
·Life Insurance
·FSA
·Paid Maternity/Paternity leave
·Disability Insurance
·Travel Assistance Program
·24/7 Counseling Services offered to employees
DISQO is an equal opportunity employer. Discovery, innovation, and growth are possible when we open ourselves to new possibilities, perspectives, and approaches. That’s why, at DISQO, we welcome, support, and empower individuals from diverse backgrounds. Exceptional teams are rooted in extraordinary people, each with a unique story and a compelling set of skills. DISQO does not discriminate against employees based on race, color, religion, sex, national origin, gender identity or expression, age, disability, pregnancy (including childbirth, breastfeeding, or related medical condition), genetic information, protected military or veteran status, sexual orientation, or any other characteristic protected by applicable federal, state or local laws.
*Recruiting firms that submit resumes to DISQO without first entering into a written contract will not be entitled to any compensation on candidates referred by that firm.