Cyber Security - GRC - Data Security - job 1 of 2

The Opportunity The Regional Data Privacy Head, Americas recommends and implements all strategies and operational plans to ensure that CSL's Data Privacy policies are observed and maintained in the Americas region, and the Data Privacy policies follow all applicable laws within the Americas region where CSL operates and CSL's Risk Appetite Statement. You will be responsible for all CSL Group entities in the Americas including Behring and Seqirus.You are also responsible for developing an Americas region strategy for execution and directs the execution of the Data Privacy program, which includes for the identification, implementation, and adherence to CSL's Data Privacy policies in the region. You in this role is the Data Privacy advisor and main partner to the CSL enterprise in the Americas region and supports the businesses in the region in ongoing Data Privacy risk identification, management, controls, and mitigations. You also represent CSL's Data Privacy interests with external parties (such as competent authorities) as the primary contact for the Americas region. You will identify opportunities for improvement in the Data Privacy area including technology (in collaboration with IT) and recommend those to the Global Head of Data Privacy. You will design routines that are both globally prescribed and locally established to manage and investigate regulatory/enforcement and business changes and considering 'best practices' in the industry to any impacts to CSL, and then address the issue.You will assess and communicate information about Data Privacy with all sites, functions, and businesses across the region. It develops and implements controls and risk-based approaches toward Data Privacy compliance following CSL's Risk Appetite Statement and observing the Data Privacy laws. In the role, you will be the recognized leading expert in Data Privacy in the Americas region tasked with managing large projects of strategic importance to our organization. The colleague will recommend operational strategies and plans that will directly affect the achievement of overall functional results of the Data Privacy Office.The Role1. Recommend, direct, and implement strategies and operations plans for implementation and maintenance of CSL's Data Privacy policies in the Americas region and within the global framework. Responsibilities include promoting activities to foster data protection and privacy awareness in the Americas across all CSL Group entities.2. Be the Data Privacy advisor and important partner to CSL in the Americas region and represent CSL's Data Privacy interests with external parties such as Data Privacy or other competent authorities (official contact in the region).3. Strategizes, defines operational plans, and executes programs to ensure that Data Privacy processes are implemented, and documented to promote compliance with Data Privacy laws, regulations and policies globally and within the Americas region.4. Define Data Privacy risk assessment program to assess risk across important sites, functions, and offices in the region, while ensuring global consistency, together with the Global Head of Data Privacy. Perform initial and periodic data protection risk assessments related to ongoing privacy compliance monitoring activities with the Global Head of Data Privacy.5. Support the business in calculating the current risk of a given processing activity, evaluate appropriate risk acceptance and develop controls to mitigate such risk.6. Initiate, promotes activities to foster Data Privacy awareness within CSL in the Americas.7. Collaborate with the business and responsibilities ( with the Global Head of Data Privacy) to participate in global activities to improve cross-geographical and awareness and to share best practices.8. Ensure that processing activities using personal information in the Americas region are secure and comply with CSL policies. This includes overseeing and ensuring that Data Protection by Design Default (DPbDD) fundamentals and checks are built into all aspects of operations in the region wherever and whenever personal data is collected, used, disclosed, retained, transferred, and/or disposed. This includes Supplier Assessments, Project Requests and Approval, System Design, System Access Control and Data Protection Impact Assessments.9. Identify opportunities for improvement in the Data Privacy area including technology (in collaboration with IT) and implements following agreed plans. Establish and set routines/schedule to manage and investigate regulatory/ enforcement and business changes and consider 'best practices' in the industry.o Scan regulatory, enforcement, environment, trade, and business news, and competitor activity and actual/latest industry trends and related information/materials to any impacts to Data Privacy or opportunities for improvements at CSL.o Swiftly escalate to Global Head of DP to allow swift reaction to change in business conditions or events that may affect CSL's Data Privacy or present risk to the business.o Perform impact analysis to policies, standards, and procedures.o Monitor and recommend solutions by anticipating regulatory direction and action of Data Privacy authorities and implements changes and processes based on trends and corrective actions for the region while ensuring global consistency with the Global Head of Data Privacy.10. Develop and establish appropriate privacy contractual language, consent forms, and information notices and materials reflecting current CSL's legal practices and requirements of the Americas region. Ensure that the contract requirements and privacy obligations are considered and provide partners with guidance (including counsel) on Data Privacy contract requirements and obligations.11. Ensure that approved Data Subject Requests (DSRs) in the regions are completed and promptly and that any document and evidence of DSR evaluation, execution, and response are stored and can be retrieved in the regions. Recommend any technological advances or process improvement for the DSR process to the Global Head of DP.12. Ensure the business executes data protection impact assessments (DPIAs) and that they are processed following regulatory requirements and considerations (global laws). Ensure that the DPIAs are recorded and stored in designated repository.13. Direct and ensure implementation of approved process for receiving, documenting, investigating, and acting on all Data Privacy breaches and complaints concerning CSL's privacy policies in collaboration with Ethics Compliance (EC) and Cyber Security. Establish detailed action plans in compliance to the local and global laws to improve data breaches and incidents promptly, capturing agreed actions following EREC and Data Privacy frameworks, policies and ensure execution of agreed actions by relevant partners to close issues.14. Measure/reports on important Data Privacy and risk appetite statement measures following the global strategy and frameworks/policies, to report to the DPC. Includes regular assessment of the risk appetite statements and risk measures considering any proposed changes, additions, or deletions, with a focus on leading measures.15. Be an expert on Data Privacy matters and is visible as such internally through promoting activities to foster Data Privacy awareness within the region.16. Provide guidance and training to all employees, contractors, and other appropriate third parties in the region and globally on regional Data Privacy principles.17. Support the Global Head of Data Privacy in other projects and responsibilities, as assigned, that may be global in nature or region specific.Your Skills and Experience• Bachelor's degree in law or advanced degree in relevant field• Certification in Data Privacy preferred for example, International Association of Privacy Professional certification.• 10+ in a life sciences, technology, or manufacturing organization with 3 or more years of operational application of Data Privacy laws.• Expertise in Data Privacy laws across the Americas (United States, Canada, South/Latin America).• Knowledge of interpreting and applying global Data Privacy laws and regulations, with expertise in those specific to the Americas region.• Collaborate within the Americas region with the global Data Privacy Office.• Experience working with regulators and regulatory agencies (preferred).• Practical experience implementing data protection projects regionally (preferred).Our BenefitsCSL employees that work at least 30 hours per week are eligible for benefits effective day 1. We are committed to the wellbeing of our employees and their loved ones. CSL offers resources and benefits, from health care to financial protection, so you can focus on doing work that matters. Our benefits are designed to support the needs of our employees at every stage of their life. Whether you are considering starting a family, need help paying for emergency back up care or summer camp, looking for mental health resources, planning for your financial future, or supporting your favorite charity with a matching contribution, CSL has many benefits to help achieve your goals.Please take the time to review our benefits site to see what’s available to you as a CSL employee.About CSL BehringCSL Behring is a global leader in developing and delivering high-quality medicines that treat people with rare and serious diseases. Our treatments offer promise for people in more than 100 countries living with conditions in the immunology, hematology, cardiovascular and metabolic, respiratory, and transplant therapeutic areas. Learn more about CSL Behring.We want CSL to reflect the world around usAs a global organization with employees in 35+ countries, CSL embraces diversity and inclusion. Learn more about Diversity Inclusion at CSL.Do work that matters at CSL Behring!