Technical Privacy Compliance Program Manager

CooperVision, a division of CooperCompanies (NASDAQ:COO), is one of the world’s leading manufacturers of soft contact lenses. The Company produces a full array of daily disposable, two-week and monthly contact lenses, all featuring advanced materials and optics. CooperVision has a strong heritage of solving the toughest vision challenges such as astigmatism, presbyopia and childhood myopia; and offers the most complete collection of spherical, toric and multifocal products available. Through a combination of innovative products and focused practitioner support, the company brings a refreshing perspective to the marketplace, creating real advantages for customers and wearers. For more information, visit www.coopervision.com.

Job Summary:

The Technical Privacy Compliance Program Manager will lead the implementation of BigID as well as IT Governance processes over applications involved in the processing of personal information, in order to drive the technical aspects of compliance with privacy regulations and the SOC2 Program. The Manager will also lead the work of the Technical Privacy Compliance Senior Administrator in the implementation of IT controls, the management of internal and external audits, and the administration of applications and tools used by the Privacy and SOC2 Programs to detect and classify personal information.

• Represent IT Compliance on the project to implement BigID managing the vendors, consultants and contractors, and take on platform administrative duties upon implementation
• Lead technical aspects of rollout of BigID to additional locations after initial implementation
• Lead the development and refinement of Cooper’s IT Privacy and SOC 2 control framework with the goal of developing a unified IT control framework that will also encompass SOX controls
• Lead the identification of in-scope applications for the IT Privacy and SOC 2 Programs
• Oversee the maintenance of records of processing activities for in-scope applications
• Lead the identification and implementation of technology-driven Privacy compliance solutions
• Lead the implementation and readiness testing of IT Privacy and SOC 2 controls for in-scope applications to evaluate their effectiveness in collaboration with stakeholder teams
• Collaborate on an on-going basis with the Data Protection and Legal Offices as well as other stakeholders to align IT Privacy and SOC2 controls with evolving regulations, business needs and customer requirements
• Lead the documentation of IT controls and their related process flows and procedures for the Privacy and SOC2 Programs
• Participate in internal and external audits of IT controls’ design and operating effectiveness related to the Privacy and SOC2 Programs, working with stakeholders to provide evidence of control processes and execution
• Examine audit results for potential control improvements as well as impacts on the IT Privacy and SOC2 Programs, and other IT Compliance programs
• Assess the risk and work in collaboration with stakeholders to complete remediation of audit findings related to IT controls of the Privacy and SOC2 Programs
• Develop KPIs to show activities and achievements of the IT Privacy and SOC2 Programs and establish reporting cadence to management
• Manage staff from recruitment to completion of annual HR processes (e.g., objectives, performance appraisals, etc.)

Travel Requirements: 

International travel up to 10%, off-hour meetings

Knowledge, Skills and Abilities:

• Exposure to or knowledge of privacy regulations and their impact on IT processes
• Excellent understanding of IT applications, infrastructure and processes, including the ability to read and understand highly technical material and to suggest technological solutions
• Excellent communication skills to be able to communicate technical concepts in layman terms to diverse audiences
• Excellent analytical, problem-solving and organizational skills with attention to detail
• Ability to work independently with minimal supervision
• Ability to effectively prioritize and execute tasks and direct the work of others in a fast-paced environment
• Adapts readily to changes in workload, staffing and scheduling
• Detailed-oriented, independent and thorough in examination and analysis
• Highly self-motivated and self-directed
• Extensive experience working in a team-oriented environment in a collaborative manner

Work Environment:

• Normal office environment 
• Sedentary to light physical effort necessary to perform the job
• Extensive contact with employees in the US and global locations, and with external vendors and auditors

Experience:

• Proven experience implementing and managing the BigID platform. Experience implementing data catalogues, data discovery, data redaction and other data mapping and data subject request functionality on other privacy tools (e.g., OneTrust) will also be taken into consideration.
• 3 to 5 years of experience working on technical environments and IT operational controls
• 3 to 5 years of experience with technical controls implementation
• Experience in a supervisory or managerial role with proven ability to lead, motivate and develop team members
• Experience working with and strong understanding of IT control frameworks (e.g., SOC1/2, SOX, HIPAA, ISO 27001, PCI DSS)

Education:

• Bachelor’s degree in business, accounting, finance, computer science, information systems or a related discipline required, or equivalent combination of education and experience
• CISA, CIA, CPA, CISSP, IAPP’s CIPT or equivalent certification preferred

We are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender, gender identity or expression, or veteran status. We are proud to be an equal opportunity workplace.

For U.S. locations that require disclosure of compensation, the starting base pay for this role is between $108,189.00 and $154,555.00 per year and may include cost of living adjustments. The actual base pay includes many factors and is subject to change and modification in the future. This position may also be eligible for other types of compensation and benefits.

#LI-RK1