Data Protection Officer (DPO)

The Data Protection Officer (DPO) is a specialized role responsible for guiding and monitoring the company's data protection strategy in compliance with global privacy laws, focusing on both U.S. and European Union regulations. Given the nature of our IT services and software development work, the DPO will have technical expertise in cybersecurity, encryption, and secure data storage, in addition to a comprehensive understanding of privacy laws such as the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and other relevant federal and state privacy laws in the U.S.

Responsibilities:
Regulatory Compliance and Strategy:

• Formulate, implement, and oversee the data protection strategy tailored to the specific needs of an IT services/software development environment.
• Ensure compliance of external and internally developed software products, services, and third-party tools with U.S. and EU data protection laws.
• Act as a liaison between the organization, clients, and regulatory authorities.
• Provide recommendations on technological solutions that are in line with compliance, data protection, and privacy standards.

Software Development Oversight:

• Engage with development teams to incorporate "Privacy by Design and Default" principles in the software development lifecycle.
• Evaluate data processing elements of new projects, products, and services to ensure they meet compliance requirements.
• Collaborate with development teams to ensure secure coding practices are implemented to protect personal data.

Data Audits and Assessments:

• Conduct data mapping exercises, privacy impact assessments, and security risk assessments within IT infrastructure and software products.
• Oversee routine audits of internal systems, databases, and data processing activities for compliance with privacy laws.
• Implement and maintain technology-enabled compliance controls, such as Data Loss Prevention (DLP) tools and encryption solutions in collaboration with our delivery and security teams. 

Training and Awareness:

• Develop and deliver specialized training for technical staff to ensure awareness and understanding of data protection requirements.
• Promote a culture of compliance among development teams, emphasizing the importance of data protection in coding and system design.

Incident Response:

• Assist our security team with identifying, reporting, and mitigating personal data breaches.
• Serve as the point of contact for internal and external stakeholders in the event of a data breach or other security incident.
• Respond to 3rd party privacy requests, including complaints and escalations. 

Vendor and Customer Data Protection Management:

• Conduct due diligence and regular audits of third-party service providers, particularly cloud service providers and software vendors, to ensure their compliance with privacy and data protection laws.
• Review and negotiate data protection clauses in contracts and service level agreements (SLAs) with vendors and partners.
• Review and negotiate data protection agreements with our customers, ensuring we meet their privacy and security standards.
• Review and document changes in vendor and customer privacy requirements.

Reporting:

• Generate regular reports and dashboards detailing the status of data protection efforts, including compliance metrics specific to software development and IT services.

Qualifications:

• Bachelor’s degree in Law, Computer Science, Information Security, or a related field. Advanced degrees or certifications in data privacy (CIPP, CIPM, CIPT) are preferred.
• Minimum of 5-7 years of experience in data protection, privacy law, and cybersecurity, preferably in an IT services or software development environment.
• Deep understanding of U.S. and EU privacy laws, including GDPR and CCPA.
• Proficiency in the understanding of technical and software development processes, including agile methodologies.
• Excellent communication and project management skills.

• Work with a highly motivated and dedicated team
• Competitive salary
• Flexible schedule
• Medical insurance and benefits program
• Corporate social events
• Professional development opportunities
• Well-equipped office