DIRECTOR - DATA SECURITY & COMPLIANCE - WebMD : Job Details

Internet Brands and WebMD is currently seeking a Director of Data Security and Compliance to manage and implement our regulatory, data governance and privacy compliance programs. This managerial role will work collaboratively with legal, security and technology leadership and oversee a compliance team with a focus on digital privacy, advertising technology, and health IT. This is an exciting opportunity to manage a robust compliance function within a successful growing technology organization. This position will be located in either our Newark or El Segundo (Los Angeles) office.

WHAT YOU WILL DO:

• Policy Implementation and Management: Maintain, and implement compliance & privacy programs, ensure policies adherence and best practices, including related project management, development of training programs and reporting.
• Audit and Controls Management: Manage internal controls and auditing systems that monitor and report on regulated activities and processes. Respond and manage projects providing evidence for audits and RFP requests pertaining to the compliance program, compliance policies, or other compliance program information.
• Data Governance Oversight: Manage implementation of data governance framework, conducting risk assessments to address the organization's risk profile related to information and data privacy. Manage creation and maintenance of an inventory of all data assets collected, processed, stored, and transmitted by the organization
• Privacy: Drive and oversee implementation of data privacy programs in collaboration with technology, legal and business groups designed to protect sensitive data, promoting regulatory compliance, and mitigating risks.
• Compliance Management: Collaborate with legal and tech leadership to evaluate and implement changes to compliance programs and processes due to new or amended regulations.
• Training and Awareness: Establish communication and training initiatives that inform stakeholders about implementation of compliance requirements.
• Risk Mitigation Oversight: Provide regular reporting on the status of security and data privacy programs and risks to the information security and data governance steering committee comprised of legal, tech, HR and business senior leaders.
• Vendor and Customer Security Assessments: Manage vendor reviews from an information security and compliance perspective, conduct and oversee vendor and customer security questionnaires and assessments.

QUALIFICATIONS:

• BA/BS/MA/MS with at least 5+ years of experience in a compliance (GRC) leadership role
• Preferred certifications include, but are not limited to, CHPS, HCISPP, CHC, CISSP, CDPSE, RHIA or other relevant data protection, privacy, or compliance certifications
• Working knowledge of data privacy regulations & acts (including HIPAA, CMS, GDPR, CCPA) and security frameworks (such as HITRUST, SOC, ISO)
• Experience with security frameworks (ideally experience building a data governance and privacy program using NIST 800-53 Rev 5) and the NIST Privacy baseline control requirements
• Strong experience with data governance including data classification, labeling & handling; managing collection of user data, and data subject access requests (DSAR)
• Experience managing user consent in products along with performing data privacy impact assessments (DPIA)
• Experience using online workflow management tools
• Must be able to manage multiple projects and consistently meet deadlines, working collaboratively with colleagues in technology, information security, operations, legal, human resources, and other teams
• Strong problem-solving, written and verbal communication skills and ability to troubleshoot issues independently before raising a flag to the other teams
• Exceptional organizational skills and the ability handle multiple tasks/responsibilities simultaneously
• Excellent verbal communication and documentation skills
• Attention to detail
• Comfortable in a highly deadline-driven environment, and able to pivot quickly between tasks and adapt to rapidly shifting priorities

*This is a hybrid role that requires being in the Newark office 3x's a week