11 days old

Data Protection Officer

Arbonne
Irvine, CA 92618
  • Job Code
    119299596

Why You're Here



Arbonne is looking for an experienced Data Protection Officer (DPO) to satisfy its obligations under the European Union (EU) General Data Protection Regulation (GDPR) and California Consumer Privacy Account (CCPA).

The DPO will have formal responsibility for data protection compliance and privacy within the company and will monitor compliance and data practices internally to ensure the business and its functions comply with applicable requirements. The DPO will be responsible for staff training, data protection impact assessments, and internal audits. The DPO will also serve as the primary contact for regulatory agencies and those individuals whose data is processed by the organization.

What You'll Be Doing

This role will work closely with the Legal, Compliance, Governance and Information Security functions to develop and monitor policies and standards applicable to the business and in compliance with the GDPR and CCPA.

Job duties will include:

  • Monitor compliance with the GDPR, CCPA, and other applicable data protection laws as well as policies established by controllers or processors for the protection of personal data
  • Establish a privacy governance framework to manage data use in compliance with the GDPR, CCPA and other applicable regulations, including developing templates for data collection, assisting with data mapping, and vendor management reviews.
  • Ensure Arbonne's IT systems and procedures comply with all relevant data privacy and protection laws, regulations and policies, including in relation to the retention and destruction of data.
  • Work with key internal stakeholders in the review of projects and related data to ensure compliance with local data privacy laws, and where necessary, complete and advise on privacy impact assessments.
  • Serve as the primary point of contact and liaison for external supervisory and data protection authorities and regulatory agencies on all data protection related matters under the GDPR.
  • Serve as the primary point of contact for the internal business regarding data privacy rules, best practices, and requirements, and manage internal data protection activities.
  • Elevate awareness within the organization about compliance requirements and train internal staff involved in data processing activities and operations.
  • Review vendor contracts (including Model Clauses) and consents needed to implement projects in partnership with the procurement function and ensure filing requirements with local regulators are achieved.
  • Manage and conduct ongoing reviews of Arbonne's privacy governance framework including any relevant policies applicable to data privacy, or relevant Binding Corporate Rules (BCR).
  • Monitor changes to local privacy laws and make recommendations when appropriate.
  • Establish standards and review policies and procedures globally that meet the requirements of the GDPR, CCPA and any local requirements in relevant jurisdictions.
  • Develop and deliver privacy training to various business functions.
  • Advise on data protection impact assessments and develop strategies and initiatives to ensure engagement with key internal and external stakeholders.
  • Coordinate and perform internal data privacy audits to ensure compliance.
  • Collaborate with the Information Security team to provide guidance and raise employee awareness regarding data privacy and security issues and provide relevant training.
  • Collaborate with the Information Security team to maintain records of all data assets and exports, and maintaining a data privacy and security incident management plan to ensure timely remediation of incidents including impact assessments, security breach response, complaints, claims or notifications, respond to regulatory agencies, and respond to subject access requests (SARs).
<br /> <h3><strong>Why You're Here</strong></h3> <br /><br /> <p style="margin: 0px;"><span style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">Arbonne is looking for an experienced Data Protection Officer (DPO) to satisfy its obligations under the European Union (EU) General Data Protection Regulation (GDPR) and California Consumer Privacy Account (CCPA). </span></p> <p style="margin: 0px;"> </p> <p style="margin: 0px;"><span style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">The DPO will have formal responsibility for data protection compliance and privacy within the company and will monitor compliance and data practices internally to ensure the business and its functions comply with applicable requirements. The DPO will be responsible for staff training, data protection impact assessments, and internal audits. The DPO will also serve as the primary contact for regulatory agencies and those individuals whose data is processed by the organization.</span></p> <h3><strong>What You'll Be Doing</strong></h3> <span style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">This role will work closely with the Legal, Compliance, Governance and Information Security functions to develop and monitor policies and standards applicable to the business and in compliance with the GDPR and CCPA. </span> <p style="margin: 0px;"> </p> <p style="margin: 0px;"><span style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">Job duties will include:</span></p> <ul> <li><span style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">Monitor compliance with the GDPR, CCPA, and other applicable data protection laws as well as policies established by controllers or processors for the protection of personal data</span></li> <li><span style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">Establish a privacy governance framework to manage data use in compliance with the GDPR, CCPA and other applicable regulations, including developing templates for data collection, assisting with data mapping, and vendor management reviews. </span></li> <li><span style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">Ensure Arbonne's IT systems and procedures comply with all relevant data privacy and protection laws, regulations and policies, including in relation to the retention and destruction of data. </span></li> <li><span style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">Work with key internal stakeholders in the review of projects and related data to ensure compliance with local data privacy laws, and where necessary, complete and advise on privacy impact assessments.</span></li> <li><span style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">Serve as the primary point of contact and liaison for external supervisory and data protection authorities and regulatory agencies on all data protection related matters under the GDPR.</span></li> <li><span style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">Serve as the primary point of contact for the internal business regarding data privacy rules, best practices, and requirements, and manage internal data protection activities. </span></li> <li><span style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">Elevate awareness within the organization about compliance requirements and train internal staff involved in data processing activities and operations. </span></li> <li><span style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">Review vendor contracts (including Model Clauses) and consents needed to implement projects in partnership with the procurement function and ensure filing requirements with local regulators are achieved.</span></li> <li><span style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">Manage and conduct ongoing reviews of Arbonne's privacy governance framework including any relevant policies applicable to data privacy, or relevant Binding Corporate Rules (BCR). </span></li> <li><span style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">Monitor changes to local privacy laws and make recommendations when appropriate.</span></li> <li><span style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">Establish standards and review policies and procedures globally that meet the requirements of the GDPR, CCPA and any local requirements in relevant jurisdictions. </span></li> <li><span style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">Develop and deliver privacy training to various business functions.</span></li> <li><span style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">Advise on data protection impact assessments and develop strategies and initiatives to ensure engagement with key internal and external stakeholders. </span></li> <li><span style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">Coordinate and perform internal data privacy audits to ensure compliance. </span></li> <li><span style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">Collaborate with the Information Security team to provide guidance and raise employee awareness regarding data privacy and security issues and provide relevant training.</span></li> <li><span style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">Collaborate with the Information Security team to maintain records of all data assets and exports, and maintaining a data privacy and security incident management plan to ensure timely remediation of incidents including impact assessments, security breach response, complaints, claims or notifications, respond to regulatory agencies, and respond to subject access requests (SARs).</span></li> </ul> <img src="https://analytics.click2apply.net/v/g25KQnt5ry7ZfxaAIj8WO"> <br/><br/><h3><strong>What You Need</strong></h3> <br /> <ul> <li><span style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">5 years' experience within a compliance, legal, audit and/or risk function, with recent experience in privacy compliance. </span></li> <li><span style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">At least 2 years' experience with GDPR and working knowledge of CCPA. </span></li> <li><span style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">Experience in developing policy and compliance training.</span></li> <li><span style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">Experience working in a regulated industry preferred, particularly multi-level marketing.</span></li> <li><span style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">Education Bachelor's Degree required. Law degree from an accredited law school strongly preferred. </span></li> <li><span style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">At least one Data Protection and/or Privacy certification such as, CIPP, CIPT, ISEB, etc., (preferred).</span></li> </ul> <p style="margin: 0px;"> </p> <p style="margin: 0px;"><span style="font-family: arial, helvetica, sans-serif; font-size: 12pt;"><strong>Skills and Abilities</strong></span></p> <ul> <li><span style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">Strong knowledge of EU data privacy and data protection regulation, and a solid understanding of other major privacy frameworks and evolving legislation.</span></li> <li><span style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">Knowledge of information technology and data management systems required. Mature, professional and sound interpersonal skills. Ability to communicate and interact effectively with people at all organizational levels.</span></li> <li><span style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">Ability to work independently in a fast paced and quickly moving environment undergoing change. </span></li> <li><span style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">Strong change and project management skills, including the ability to manage time well, prioritize effectively, and manage multiple deadlines effectively. </span></li> <li><span style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">Ability to handle confidential and sensitive information with appropriate discretion and sound judgment. High ethics are required, plus the ability to effectuate change and identify noncompliance even if unpopular. </span></li> <li><span style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">Excellent writing and presentation skills.</span></li> </ul> <p style="margin: 0px;"> </p> <p style="margin: 0px;"><span style="font-family: arial, helvetica, sans-serif; font-size: 12pt;"><strong>Additional Requirements </strong></span></p> <ul> <li><span style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">Some international travel is required, including coordination with parent company located in Europe. </span></li> <li><span style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">The statements contained in this position description are not necessarily all-inclusive; additional duties may be assigned, and requirements may vary from time to time.</span></li> </ul> <p style="margin: 0px;"><span style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">Arbonne International is committed to employing a diverse workforce. Qualified applicants will receive consideration without regard to race, color, religion, sexual orientation, national origin/ancestry, age, sexual orientation, gender identity, gender expression, military/veteran status, marital status, disability status or any other basis prohibited by law. At Arbonne International it's about each person bringing passion and skills to a dynamic and inclusive workplace!<br /></span></p><p>PI119299596</p>

Categories

Posted: 2020-03-24 Expires: 2020-04-24

Before you go...

Our free job seeker tools include alerts for new jobs, saving your favorites, optimized job matching, and more! Just enter your email below.

Share this job:

Data Protection Officer

Arbonne
Irvine, CA 92618

Join us to start saving your Favorite Jobs!

Sign In Create Account
Powered ByCareerCast