Employer Inc. (NYSE: TMO) is the world leader in serving science, with revenues of more than $20 billion and approximately 65,000 employees globally. Our mission is to enable our customers to make the world healthier, cleaner and safer. We help our customers accelerate life sciences research, solve complex analytical challenges, improve patient diagnostics, deliver medicines to market and increase laboratory productivity. Through our premier brands - Thermo Scientific, Applied Biosystems, Invitrogen, Fisher Scientific and Unity Lab Services - we offer an unmatched combination of innovative technologies, purchasing convenience and comprehensive services.
This role is part of the Corporate Information Security (CIS) Policy, Compliance, and Privacy team that is tasked with developing, assessing and monitoring data privacy across the company. The position will be responsible for assisting with the overall program strategy, identifying and developing methods for assessing data privacy controls across a variety of regulatory requirements and control frameworks, assisting business and technical areas with understanding and implementing of data privacy controls to help remediate gaps and risks identified, and monitoring and reporting program compliance related to data privacy efforts to the leadership team.
- Conduct regular assessments to identify sensitive data at risk and provide guidance on how to implement technologies and processes to aid in data protection.
- Investigate and implement technologies that will protect sensitive data while in transit and at rest within and outside of the corporate boundaries (i.e. IaaS, PaaS, and SaaS).
- Conduct privacy impact assessments to ensure data privacy requirements are integrated into all new and existing programs.
- Partner effectively with the security awareness program to communicate new data privacy program processes and procedures.
- Partner with internal teams to ensure policies meet the needs and goals of CIS.
- Work closely with legal to ensure the proper security controls are in place to protect sensitive data of our company, employees, and customers within the law and regulations around the world.
- Work with teams to ensure the concept of security by design and privacy by design is embedded within solutions at the onset of their development.
- Collaborate with other departments outside of IT (e.g., Risk Management, Internal Audit, HR, Legal, etc.) to direct policy and regulatory issues to appropriate channels for investigation and resolution.
- Consult with corporate counsel as needed to resolve legal issues related to regulations and standards.
- Provide training and awareness on company policies across the organization.
- Perform other duties as assigned.
Non-Negotiable Hiring Criteria:
- 5+ years experience in information technology, compliance, legal, data protection/privacy, and/or information security.
- Knowledge of data protection, risk analysis and information security
- Knowledge of data privacy and security requirements under EU Data Protection Directive, PCI, GLB, HIPAA, FDA and other relevant legislation when appropriate for business. (Canada Personal Information Act, etc.)
- Bachelor s Degree in Law, Information Security, Cybersecurity, Information Assurance, Risk Management, or equivalent work experience.
- Ability to develop metrics and provide analysis to measure effectiveness of programs
- Excellent writing skills, with experience as a writer, technical editor, or communications specialist a plus
- Strong interpersonal, organizational, and excellent documentation skills are a must
- Excellent customer service skills required
Employer is an EEO/Affirmative Action Employer and does not discriminate on the basis of race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, disability or any other legally protected status.
- Strong attention to detail, organizational skills, time management
- Excellent verbal and written communication skills
- The ability to interact professionally with a diverse group: executives, managers, and subject matter experts
- The ability to take direction and independently work through projects as required
Associated topics: attorney, attorney corporate, compliance department, compliance office, court, courtroom, internal, lawyer, legal, llp