Cradlepoint has an immediate opening for Director of Privacy & Trust that will be responsible for building, classifying, and governing data, policies, third parties, and people. This role is critical to the success of the business and requires strong collaboration, deep understanding of security and privacy frameworks, and strong risk acumen. Our ideal candidate for this role will be someone who pays close attention to detail with the ability to socialize risks and outcomes in a clear and consistent manner. Experience with GDPR, PCI, CCPA, and data classification at scale are paramount to building a highly efficient Privacy and Trust team.
You will own all the privacy focused policy and classification functions within the security organization. Working with key stakeholders across the business will enable you to drive a privacy council to assess, prioritize, and address risks related to technology, business functions or units, and data usage. Governing policies, interpreting data, and ensuring the business can execute at speed are core functions of this role.
- You will own all the privacy focused policy and classification functions within the security organization
- Direct the risk assessment and security engineering completeness of any exceptions to standard baselines or Cradlepoint policy
- Perform first line approval of privacy requests from Business Group Programs and personnel
- Proactively identify privacy deficiencies or opportunities for improvement to better enable business security at the global level. Lead the development of pragmatic solutions across Global Information Security.
- Provide communication or escalation path for privacy issues identified by Global Information Security or the business themselves.
- Provide regular, timely reporting on the privacy status across the supported business units.
- Support acquisition due diligence for privacy risks and support control design for integration.
- Work with Legal to ensure proper interpretation of both security and privacy frameworks
- Audit and govern controls and procedures to ensure compliance with modern security and privacy standards
- Participate in reporting requirements, monthly/quarterly status meetings and offsites as appropriate.
- Partnering and collaborating with all business units to roll out, refactor, and govern policy
- Assist the business in managing and preventing privacy incidents and providing incident coordination as required.
- Provide subject matter expertise on various privacy issues to Information Security leadership.
- Working with first and third parties' systems, subsidiaries, and vendors to ensure compliance
- Building a top-notch team that includes trust, data, and privacy members
- Represent the Global CISO at meetings and act on behalf of as requested.
- Authority to direct resources to respond to privacy incidents or critical deficiencies to ensure secure operations of Cradlepoint information systems.
- Final authority for all decisions related to low-risk variances to privacy standard baselines. Authority to recommend decisions on all moderate and high-risk variations to the CISO.
- Accountable to CISO for the efficient and effective execution of position responsibilities.
- Accountable to CISO to meet all performance objectives.
- Accountable to peer employees to ensure all job resource requirements are met and appropriate performance feedback is delivered in a timely manner
- Accountable to staff to provide leadership and guidance in function and ensure appropriate performance feedback is delivered in a timely manner
- Bachelor's Degree in Information Systems, Cybersecurity, or a related field and minimum 10 years of relevant experience. Additional years of relevant experience will be considered in lieu of a degree.
- Senior level experience in the design and implementation of privacy programs
- 2+ years working as a Privacy or Trust leader
- 2+ years experience leveraging risk modeling, tooling, and reporting
- 2+ years experience running a security committee or council to articulate risk across the business
- 2+ years experience educating users, operators, and administrators on security best practices
- Familiarity with building custom risk and remediation workflows, or GRC industry tooling such as CyberGRX, Onetrust, Security Scorecard, and Bitsight
- Excellent communication skills and ability to effectively engage from Senior Executives through individual technical staff
- Self-motivated and willing to take on challenges while adapting to an every changing operational environment.
- Good understanding of security best practices including NIST CSF, NIST 800-53, ISO27001 and PCI DSS. Previous experience working with one of these frameworks.
- Our ideal candidate for this role will be someone who pays close attention to detail with the ability to socialize risks and outcomes in a clear and consistent manner
- Experience with GDPR, PCI, CCPA, and data classification at scale are paramount to building a highly efficient Privacy and Trust team
- Experience with diverse businesses with multiple acquisitions
- Experience leveraging policy and procedure to add clarity to complex risks
- Experience or exposure to modern software development practices
- Experience with common security methodologies, terminology, and culture
- Experience building a security focused culture and mindset
- Certification pertaining to information security and data privacy protection (CDPSE, CISSP, CISA, CRISC, CISM, etc)
Cradlepoint is an Equal Opportunity Employer and does not discriminate on the basis of race, color, religion, sex, marital status, national origin, age, sexual orientation, handicap, disability, or any other protected class status pursuant to applicable law.
This job has expired.