Data Privacy Senior Associate

<!–

Description

–>

• Work with procurement, vendors, and the legal department to ensure third-party suppliers’ contracts, non-disclosure agreements, and data-sharing agreements meet privacy policy requirements.
• Work with third parties, including business partners, suppliers, service providers, and IT product vendors, to ensure they understand and follow IDB’s privacy requirements and maintain accurate documentation (e.g., third-party questionnaires).
• Perform and support data protection impact assessments in close collaboration with the DPO and business units, including continuous reviews and updates.
• Support business units with privacy considerations, including of developing risk mitigation and corrective action plans for identified privacy concerns.
• Implement monitoring procedures to verify how business units and third parties meet IDB’s privacy requirements and address privacy concerns.
• Review the status and effectiveness of privacy controls across service offerings, ensuring that privacy-related key risks are effectively monitored to prevent an unacceptable impact on business objectives and reputation.
• Work closely with the technology service teams to anticipate potential privacy problems embedded in using emerging technologies.

• You hold a Master’s degree (or equivalent advanced degree) in business administration, law, finance, accounting, computer science, or a related field.
• Ideally, you will have a combination of a technical or computer science degree with a legal or business degree.
• Holding one or more of the following certifications is required: Certified Information Privacy Professional (CIPP), Certified Information Privacy Management (CIPM), and/or Certified Information Privacy Technologist (CIPT); and one or more of: Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM). Certified Data Privacy Solutions Engineer (CDPSE) and Certified Information Systems Auditor (CISA).

• 3 to 5 years of demonstrated experience in privacy, data protection, security, risk management, auditing and/or compliance.
• Experience and familiarity with privacy management tools, OneTrust preferred, and with the development of automation workflows across data discovery, data mapping, privacy rights, privacy assessments, and cookie consent modules.
• Experience and/or familiarity with governance, risk, and compliance (GRC) tools and how they can support privacy-related activities.
• Experience and/or familiarity with cloud, data, and analytics technologies.

• Proficiency in Spanish and English, spoken and written, is required. Additional knowledge of Portuguese and French is preferable.

<!—

<!–

–>