Data Privacy and Protection Officer

Data Privacy and Protection Officer 

You are a highly process driven and dynamic business leader and collaborator who is passionate about bringing your privacy and compliance experience to effectively and efficiently implement and execute Kaseya’s comprehensive global privacy, data protection and compliance program to comply with global data privacy regimes such as, CCPA, GDPR, HIPAA and others. You will drive the privacy compliance strategy for the Company in multiple capacities, including with respect to obligations and best practices with global customers, with respect to product initiatives, acquisition strategy, systems implementation and integrations and as we step further into the usage of AI within our products and as an employee tool. You are a highly responsive and accountable collaborator with your legal colleagues and the security team in reviewing incidents and ongoing processes, engineering and security improvements.   The successful candidate will be a licensed privacy professional passionate about ensuring privacy compliance and providing an exceptional customer experience across departments and stakeholders.

The Privacy Officer will also be responsible for developing, operationalizing, and enhancing the organization’s efforts to create and deliver effective privacy compliance, training, education and internal communications supporting the Company’s efforts to identify and address matters of concern as it relates to privacy. This position will oversee privacy related investigations and compliance and all responses to any potential privacy incidents and should be invested in the broader cybersecurity landscape for a technology company.

We’ll Trust You To

• Serve as the primary point of contact for privacy and data protection as the Data Protection Officer
• Draft, review, negotiate, and manage data privacy and protection terms for a variety of transactional agreements, including master services agreements, professional services and consulting agreements, statements of work, technology agreements, and supply agreements.
• Respond in real-time with next steps relating to investigation, compliance and disclosure during security incidents and other events, including data breach analysis and response, investigations, third party risk management, and insider risk
• Manage investigations alongside the security team during security incidents and other events.
• Serve as the main point of contact within the organization for employees, regulators, and relevant public authorities on issues related to data protection
• Provide legal support for information security risk management team, including data breach analysis and response, investigations, third party risk management, and insider risk
• Implement best practices for privacy policies and compliance processes and procedures, ensuring Kaseya meets its legal, regulatory, and reputational responsibilities, including for GDPR
• Develop and implement policies and procedures for privacy compliance processes in support of our privacy strategy and oversee the continued development and monitoring of the privacy compliance program
• Implement appropriate data privacy compliance controls and tools, including working with compliance technology support and other internal functions to make improvements and address any gaps identified
• Work cross-functionally with legal, security, marketing, information technology, information security, and other teams to ensure the business and technical tools and processes comply with privacy requirements
• Lead, on specific regulatory compliance projects /initiatives for privacy, for example, the mapping of applicable regulatory obligations to risks, controls, controls testing and policy documents
• Provide strong subject matter expertise to, and responds to Data Subject Requests, implementing a robust process is in place to address requests, assuring the quality and timeliness of responses, monitoring and tracking of requests
• Lead the Data Privacy Impact Assessments (DPIA) by enhancing the process for DPIAs and enhancing the workflow for the intake, monitoring and tracking of assessments, as well as developing key metrics

• Monitor risk across the business by partnering with the business and support functions to conduct analyses of the key personal data processing, collection or storage processes of their areas, including documentation of data flows, processes and procedures

• Translate legal and compliance requirements into privacy program deliverables and processes

• Serve as a subject matter expert on global data privacy and protection legal questions, contract reviews, and negotiations
• Develop and deliver privacy training to various business functions and raise employee awareness of data privacy and security issues.

Minimum Qualifications

• JD degree and licensed to practice law in Florida
• 7+ years of relevant legal experience as a practicing attorney, including at a law firm and some experience in-house, counseling on global data privacy and protection laws (including CCPA, other state and federal privacy laws and GDPR).
• IAPP CIPP/US, CIPP/E or CIPM certification
• Strong background in U.S. and EU data privacy requirements
• Experience working with and/or within software and other technology companies, or organizations serving customers globally

Skills

• Privacy Expertise: Possess in-depth knowledge of GDPR, state privacy laws, and other major global privacy legislative frameworks and industry standards, demonstrating proficiency in navigating complex privacy regulations and cross-jurisdictional data protection and privacy issues.
• Privacy and Technology Acumen: A solid understanding of the interplay between privacy and technology issues, showcasing an ability to address privacy concerns within a technological context.
• Operational Excellence: A proven track record of responding quickly in the face of security or other incidents to provide guidance and operationalizing privacy guidance to implement and maintain an efficient and effective privacy program that enables business priorities while mitigating risk.
• Communication Expertise: Ability to effectively convey complex privacy concepts and translate them into practical policies and training to technical and non-technical audiences, facilitating understanding and compliance across the organization. Comfortable delivering data protection and privacy advice to a variety of stakeholders.