Careers at ThermoFisher Scientific

Apply Now >>    
Job ID :
Location :
US - Maryland - Frederick|United Kingdom - Remote / Field
Job Description

Director, IT Data Protection & Privacy

When you’re part of the team at Thermo Fisher Scientific, you’ll do important work, like helping customers in finding cures for cancer, protecting the environment or making sure our food is safe. Your work will have real-world impact, and you’ll be supported in achieving your career goals.

The Director, IT Data Protection & Privacy has global responsibility for IT data protection & privacy through strategy, planning and execution. He/she drives cross-organizational initiatives to define the IT Data Protection & Privacy program and provides oversight to data protection & privacy with the organization’s information security policies, procedures and regulatory requirements. The position is tasked with maturing Thermo Fisher’s Data protection & privacy program globally, and specifically driving towards compliance with various national and international data protection & privacy regulations including the European General Data Protection Requirement (GDPR). He/she acts as staff to senior management by monitoring and reporting results of IT data privacy efforts across the company.

Key Responsibilities:

  • Develop, initiate, maintain, and revise policies, standards, procedures, work instructions, and guidelines for the general operation of the Data Protection & Privacy Program and its related activities
  • Define and implement a data classification model for the company
  • Define and implement sanitization, disposal, purge procedures for company’s software applications
  • Direct and maintain company’s high risk employee departure program
  • Conduct regular assessments to identify data at risk and provide strategic thought leadership on how to implement technologies and processes to aid in data protection & privacy
  • Investigate and implement technologies that will protect data in transit and at rest within and outside of the corporate boundaries (i.e. IaaS, PaaS, and SaaS)
  • Embed program into A&A (Assessment & Authorization processes) to ensure data protection and privacy requirements are assessed as new programs, systems, and applications come online, change, and are decommissioned
  • Institute and maintain an effective data protection & privacy communication program for the organization, including understanding of new and existing issues and related policies and procedures
  • Collaborate with other departments (e.g., Risk Management, Internal Audit, HR, Legal, etc.) to direct data protection & Privacy issues to appropriate existing channels for investigation and resolution
  • Consult with internal attorney’s as needed to resolve potential legal data privacy issues
  • Proactively advise the business on how to maintain data privacy as they relate to regulatory requirements (e.g. EU GDPR, EU-US Privacy Shield) and alternative rules such as Binding Corporate Rules (BCR) and Model Contractual Clauses
  • Assist large scale implementation and remediation efforts with consultation on how to implement security controls that will aid in the protection and privacy of data
  • Provide training and awareness on company policies across the organization
  • Perform other duties as assigned

Minimum Requirements/Qualifications:
  • Bachelor’s Degree in Information Security, Cybersecurity, Information Assurance, or Risk Management; equivalent work experience acceptable
  • Relevant certificates such as CISSP, CISA, CISM and Privacy certifications such as ISO 27002 and 27018 are recommended
  • 8+ years of information technology, compliance, legal, and data privacy and/or Information Security work experience
  • Strong interpersonal, organizational, and excellent documentation skills are a must
  • Ability to explain and champion technical concepts to a broad audience focusing on business acumen
  • Excellent customer service skills required
  • Strong analytical and product management skills required, including a thorough understanding of how to interpret customer business needs and translate them into application and operational requirements
  • Comprehensive knowledge of and proven ability in the following:
    • Strong knowledge of data protection, risk analysis and information security
    • Knowledge of data privacy and security requirements under EU Data Protection Directive, PCI, GLB, HIPAA, FDA and internal legislation when appropriate for business (Canada Personal Information Act, etc.)

Non-Negotiable Hiring Criteria:
  • Strong attention to detail, organizational skills, time management
  • Excellent verbal and written communication skills
  • The ability to interact professionally with a diverse group: executives, managers, and subject matter experts

At Thermo Fisher Scientific, each one of our 50,000 extraordinary minds has a unique story to tell. Join us and contribute to our singular mission—enabling our customers to make the world healthier, cleaner and safer. Apply today http://jobs.thermofisher.com

Thermo Fisher Scientific is an EEO/Affirmative Action Employer and does not discriminate on the basis of race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, disability or any other legally protected status.

Thermo Fisher Scientific is an EEO/Affirmative Action Employer and does not discriminate on the basis of race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, disability or any other legally protected status.
Apply Now >>    
Join our Talent Community

If you're ready to make a difference in the world, you can do it here.

Refer a friend

Already work here? Help us write our next chapter

Refer Now


5 Reasons to Work at Thermo Fisher Scientific
Search Jobs by Map