Mosaic Group is a mobile app developer with an award-winning portfolio of brands and products—including iTranslate, RoboKiller, and Daily Burn. We build and acquire best-in-class mobile applications, providing creators with a platform to reach global audiences along with the inspiration, support, and resources to innovate new products. Owned and operated by IAC (NASDAQ: IAC), Mosaic Group is a global company headquartered in New York City with offices across the US as well as Austria, Belarus, China, and Ireland. Learn more at www.mosaic.co.
This is an excellent opportunity for a Data Privacy Analyst/ Data Privacy Compliance Manager to join our rapidly growing team, and to support our company in the ongoing enhancement and day-to-day management of our privacy compliance program. The Data Privacy Analyst / Data Privacy Compliance Manager reports to Privacy Counsel and is expected to work across multiple business functional teams, liaising with Legal, Compliance and Information Security.
The role ensures successful and consistent delivery of privacy compliance program activities, policies, and procedures, facilitates privacy-compliant business decision making, and serves to advise and give guidance to the business on how to align with various privacy and data protection requirements. Particular focus areas will include supporting Privacy Counsel, Legal Compliance, and Information Security colleagues with third party risk management (including due diligence of prospective service providers, vendors, etc.), responding to client requests for information regarding our own privacy and security processes, and supporting the legal team in the performance of data privacy impact assessments to help our growing and evolving business identify and mitigate privacy and security risks as they emerge.
To be successful in this role, you will have proven ability and at least 3 years’ experience in promoting awareness, understanding, and practical application of privacy and data protection principles and best practices across organizations, enabling them to align their operations with the requirements of global privacy laws and regulations, such as the EU General Data Protection Regulation (GDPR), and California Consumer Privacy Act (CCPA).
You will have an in-depth knowledge of these regulations, industry standards, and compliance-related frameworks. Familiarity with the technology industry, mobile applications and the nature of their data processing activities would be a significant plus, as would experience with implementing or managing privacy compliance programs or key domains within them. Experience with contract and data processing addendum reviews, Information Security controls testing or IT audit, and communication of policies and procedures would all also be helpful to the successful candidate.
Duties and Responsibilities
- Support Privacy Counsel in continual identification, documentation, and evaluation of the company’s data processing activities and data flows.
- Maintaining and updating Privacy Policies and Cookie Policies for the organisation’s various products and applications.
- Assist with the documentation of the organisation’s Records of Processing (GDPR Article 30), identifying areas of risk or non-compliance and supporting in mitigation and/or remediation.
- Conduct formally documented Data Protection Impact Assessments (DPIAs) in collaboration with Privacy Counsel and business stakeholders, to help manage risks introduced by evolving business activities processing sensitive personal information.
- Assist with the onboarding assessment of new vendors from a privacy and security perspective.
- Identify new and existing vendors requiring privacy agreements and track the completion and implementation status of data processing agreements and transfer agreements with those vendors.
- Support Privacy Counsel, Legal, Compliance, and Information Security in performing due diligence and contracting with new third parties. This will involve assessing privacy and information security controls and standards, reviewing and recommending privacy and data protection contractual requirements, and coordinating across the business to communicate and remediate risks associated with new third party relationships.
- Support in management of Data Subject Request program, helping Privacy Counsel in responding to privacy requests made by data subjects wishing to exercise their rights (for example under GDPR and CCPA/CPRA).
- Act as point of contact with internal teams to promote awareness and understanding of privacy regulatory requirements, as well as company policies and procedures.
- Support Privacy Counsel in identifying business processes or aspects of the privacy compliance program that will require the drafting, updating, and communicating of new or enhanced privacy and data protection policies. This will serve to strengthen the privacy compliance program, and extend its reach within our business.
- Offer support to Privacy Counsel and Information Security teams in responding to incidents or suspected privacy breaches.
- Support in the ongoing delivery of training on GDPR, CCPA, CPRA, VCDPA and other emerging privacy laws for employees.
- Support Privacy Counsel in further developing our Privacy and Security Rules compliance program.
- Other duties as assigned by Legal or Information Security.
- Minimum 3 years of experience in data privacy program management and legal compliance.
- Experience in third party risk management.
- Excellent communication (verbal and written), facilitation, and interpersonal skills, including the ability to face off across all levels of an organizations.
- Experience in performing data protection impact assessments, or similar privacy risk analysis.
- Solid knowledge of/experience with global privacy regulations and how they apply to data processing operations in the medical device or healthcare sector.
- Familiarity with computer security systems/critical security controls and related industry standards for privacy and security.
- Demonstrated ability to build relationships, establish trust, and form effective alliances across teams and functions to ensure optimal end-to-end delivery.
- Ethical, with the ability to remain tactful, impartial and escalate all instances of noncompliance through established reporting channels.
- Demonstrated commitment to high quality and attention to detail
Additional Skills/Certifications (preferred)
- Privacy certifications such as CIPP/US, CIPP/E, CIPM, CIPT, or FIP.
- Paralegal or other experience working within a Legal department (e.g. contract review).
- Experience with OneTrust Tool or prior data privacy-related consulting experience.
- Security or IT Audit certifications such as CISSP, CIPM, CISA, or CRISC.
*We embrace diversity and strive to create an inclusive and equitable environment for all.