When you’re part of the team at Thermo Fisher Scientific, you’ll do important work, like helping customers in finding cures for cancer, protecting the environment or making sure our food is safe. Your work will have real-world impact, and you’ll be supported in achieving your career goals.
This role has global responsibility for the company’s risk management program regarding IT Data Protection and Privacy in terms of strategy, planning and execution. He/she drives cross organizational initiatives to define the IT Data Protection and Privacy program and helps shape the organization’s information security policies, procedures to meet regulatory requirements. The position is tasked with maturing Thermo Fisher’s Data Protection and Privacy program and reducing risk when it comes to protecting sensitive corporate, employee and customer data globally, while specifically driving towards compliance with various national and international Data Protection and Privacy regulations (i.e. European General Data Protection Requirement (GDPR)). He/she acts as senior staff and will be expected to monitor and report results of IT data privacy efforts across the company.
- Develop, initiate, maintain, and revise policies, standards, procedures, work instructions, and guidelines for the Data Protection and Privacy Program and its related activities.
- Drive implementation of policies, procedures, and technologies across the organization related to data protection and privacy.
- Work closely with legal to understand to ensure the proper security controls are in place to protect sensitive data of our company, employees, and customers within the law and regulations around the world.
- Work with teams to ensure the concept of “privacy by design” is embedded within solutions at the onset of their development.
- Conduct regular assessments to identify sensitive data at risk and provide strategic thought leadership on how to implement technologies and processes to aid in data protection.
- Investigate and implement technologies that will protect sensitive data while in transit and at rest within and outside of the corporate boundaries (i.e. IaaS, PaaS, and SaaS)
- Embed privacy impact assessment process into risk assessment processes to ensure data privacy requirements are integrated into all new and existing programs.
- Drive an effective Data Protection and Privacy communication program for the organization as part of the overall security awareness program.
- Collaborate with other departments outside of IT (e.g., Risk Management, Internal Audit, HR, Legal, etc.) to direct Data Protection and Privacy issues to appropriate channels for investigation and resolution.
- Consult with corporate counsel as needed to resolve legal issues related to data protection and privacy.
- Provide training and awareness on company policies across the organization.
- Perform other duties as assigned.
- 8+ years’ experience in information technology, compliance, legal, data protection/privacy, and/or information security.
- Bachelor’s Degree in Law, Information Security, Cybersecurity, Information Assurance, Risk Management, or equivalent work experience.
- Strong interpersonal, organizational, and excellent documentation skills are a must
- Ability to explain and champion technical concepts to a broad audience focusing on business acumen.
- Excellent customer service skills required
- Strong analytical and product management skills required, including a thorough understanding of how to interpret customer business needs and translate them into application and operational requirements
- Comprehensive knowledge of and proven ability in the following:
- Strong knowledge of data protection, risk analysis and information security
- Knowledge of data privacy and security requirements under EU Data Protection Directive, PCI, GLB, HIPAA, FDA and internal legislation when appropriate for business. (Canada Personal Information Act, etc.)
- Relevant certificates such as CISSP, CISA, CISM and Privacy certifications such as ISO 27002 and 27018 are recommended
Non-Negotiable Hiring Criteria:
- Strong attention to detail, organizational skills, time management
- Excellent verbal and written communication skills
- The ability to interact professionally with a diverse group: executives, managers, and subject matter experts
At Thermo Fisher Scientific, each one of our 50,000 extraordinary minds has a unique story to tell. Join us and contribute to our singular mission—enabling our customers to make the world healthier, cleaner and safer. Apply today http://jobs.thermofisher.com
Thermo Fisher Scientific is an EEO/Affirmative Action Employer and does not discriminate on the basis of race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, disability or any other legally protected status.