Compliance Specialist (Europe or North America) - remote

Platform.sh
Posted 3 years ago
Location: Remote. Must work EU and Americas friendly hours.

CIPP/E, CIPP/C, or CIPP/A is required.


Mission 

To reinforce our commitment to customers’ privacy Platform.sh is looking for a Compliance Specialist with excellent English skills eager to live in the world of GDPR, PIPEDA, CCPA, and APA as well as participating in PCI, SOC 2, and related assessments. The role is focused on executing our Governance, Risk, and Compliance (GRC), and Privacy, programs. 


You will be a part of the Compliance team under the supervision of our Security, Compliance and, Data Protection Officer. The long term objective of this team is to grow into a PrivacyOps team and we would like your help to do that.



Responsibilities
  • Primary responsibility: Do everything necessary to maintain compliance with existing standards and regulations. This includes:
  • Implementation and monitoring of certifications and legal regulations
  • Monitoring of new compliance regulations/changes and taking action to avoid possible legal risks or situations where our customer data is inadequately protected
  • Reporting of governance activities 
  • Management of internal and external relations and reporting (communication, information, training)
  • Tracking and updating our data in OneTrust
  • Coordinating with the Security Team to efficiently process new tool requests.
  • Vendor compliance management including securing GDPR Data Processing Agreements, and analyzing their internal security certifications
  • Performing annual vendor and corporate asset registry review
  • Performing Business Continuity Analyses like Business Impact Analysis, Risk Analysis, and Privacy Impact Analysis
  • Preparing monthly security &compliance newsletters
  • Compiling data for, and participating in, monthly risk management and threat review meetings
  • Creation and modification of documentation, policies, and training materials.
  • Driving closure of compliance tasks for employees
  • Answering compliance-related questions and questionnaires
  • Reviewing compliance news and assessing the impact to Platform.sh
  • Assist our Data Protection Officer in carrying out data protection activities
  • Secondary responsibilities include:
  • Automation of compliance tasks to reduce the internal compliance burden
  • Automation compliance with legal requirements (PrivacyOps)
  • Improvement/enhancement of our processes and tooling to provide more meaningful and actionable results
  • Assessing and submitting privacy and compliance-related product improvement requests
  • Help Platform.sh gain additional industry certifications

 
Requirements:
  • Minimum 3 years experience in the field
  • Highly proficient in spoken and written English
  • Strong analytical, multi-tasking, and documentation skills
  • Proficient with GDPR
  • Working knowledge of CCPA
  • CIPP/E, CIPP/C, or CIPP/A is required.
  • Experience analyzing contracts, terms of service, privacy policies, and data processing agreements

Preferred Requirements:
  • Previous work experience in an international organization
  • Proficiency in spoken and written French
  • Experience
  • Vendor Management
  • Creating Security Awareness and Privacy Awareness presentations
  • Jira
  • Git
  • OneTrust
  • Team Leadership
  • Slack
  • Markdown
  • Creating and reviewing policies and procedures
  • Knowledge of
  • PIPEDA
  • BDSG
  • APA
  • SOC 2
  • PCI
  • HIPAA
  • ISO 27000 + ISO 27701
  • Cloud Technologies including AWS, Azure, GCP, OVH, and Orange
  • Ability to kick ass in Chess or beat Zork without using a map
  • Can bravely take on new challenges like a Gryffindor, analyze problems like Ravenclaw, protect our personnel and client data like a Slytherin, and talk with clients like a Hufflepuff.