Director of ComplianceThe Director of Privacy and Compliance maintains Throtle’s data governance, risk, and compliance (GRC) program. They serve as the security and privacy subject matter expert with a focus on Personal Information (PI) and Personal Health Information (PHI) privacy and security programs. The Director of Privacy and Compliance will ensure that all business and data management processes reflect privacy requirements and comply with applicable state and federal laws and regulations. In addition, they will confirm that compliance monitoring, auditing, and remediation are efficient and effective.
The Director of Privacy and Compliance reports to the CTO and serves as Throtle’s leader for privacy and regulatory compliance company-wide. They will collaborate with the information security manager to ensure alignment between security and privacy compliance programs including policies, practices, and investigations, and act as a liaison to the information systems department.
Responsibilities:
· Maintain Throtle’s “Privacy by Design” approach to ensure that Data Protection and Privacy requirements are considered throughout the lifecycle of technology, product, service, and change management functions.
· Identifying initiatives that will improve Throtle’s overall GRC.
· Creating and updating policies and coordinating and providing security and privacy input to procedures
· Participation in client meetings for questions related to data privacy and protection matters.
· Ensures privacy forms, policies, standards, and procedures are up-to-date.
· Maintain current knowledge of applicable federal and state privacy laws and accreditation standards and initiate changes in the organization's processes as required.
· Plan and direct privacy training programs and communications
· Lead research and prepare communications in response to security or privacy-related events or consumer, government, or media inquiries.
· Presenting clear, accurate, and timely reports on privacy and data protection risks, risk mitigation measures, and compliance activities.
· Perform initial and periodic privacy risk assessment/analysis, mitigation, and remediation.
· Initiates, facilitates, and promotes activities to foster information privacy awareness within the organization and related entities.
· Participate and respond to client RFIs
Qualifications:
· 3 plus years of experience in a GRC or GRC-related role.
· Bachelor’s degree
· Knowledge of AdTech and/or the Healthcare industry
· Demonstrate strong initiative, collaboration skills, and communication proficiency.
· Possess problem-solving and analytical skills.
Skills and qualifications:
· IAPP certification(s) (e.g. CIPP,CIPP/E, CIPM)
· Familiarity with Amazon Web Services Benefits:Throtle offers a competitive benefits package that includes:
Medical
Dental
Vision
Life Insurance
Long Term Disability
401k company match
Perks:
•Fridays: The office closes at 3 p.m. /Memorial Day – Labor Day the office closes at 1p.m.!
•The office is closed between Christmas and New Year's.
•Hybrid Scheudle-works from home on Mondays and Fridays.
•We sponsor office lunches 1x a month (sometimes more!).
•We always have fun company swag coming your way.
Throtle, Inc. is an equal opportunity employer that is committed to diversity and inclusion in the workplace. We prohibit discrimination and harassment of any kind based on race, color, sex, religion, sexual orientation, national origin, disability, genetic information, pregnancy, or any other protected characteristic as outlined by federal, state, or local laws.
Flexible work from home options available.