Leads Gerber Life Insurance Company's efforts to assess, document, communicate and implement regulatory and internal requirements related to privacy, information security governance and records retention. Works closely with stakeholders to lead and/or contribute to relevant projects to enhance practices and processes related to privacy, information security governance and records retention. Identifies opportunities to continuously improve relevant programs and to implement best practices. Develops and implements legal, compliance and corporate governance policies and procedures to support the Gerber Life Privacy Program. Works with internal and external business partners in the development of and day-to-day oversight of Privacy matters. Works with minimal supervision, timely escalating to Compliance Director, as appropriate.
Privacy, Data and Information Security Management:
- Develops and implements privacy policies, procedures and practices and related provides guidance to business partners.
- Oversees and coordinates privacy and information security compliance program activities, including privacy risk assessments, vendor due diligence and data management and protection.
- Responsible for testing, monitoring, and managing privacy program initiatives along with members of Information Management and Security team.
- Operates as the subject matter expert on privacy, information security compliance, and data/records management.
- Provide assistance with privacy, information security, and data/records management risk assessments and any related process improvements.
- Assists with development of privacy, information security, and data/records management training.
- Ensures employees and contractors receive appropriate guidance on privacy responsibilities.
- Assists with compliance change management efforts, ensuring that privacy requirements are identified and addressed in a timely manner.
- Implements protocols that comply with state and federal laws, regulations and industry best practices.
- Evaluates contracts (including Business Associate Agreements), technologies, programs, and online activities for potential privacy and information security impactCompliance Management:
- Participate on the Company Compliance Action Team to help implement compliance requirements.
- Recommend and implement enhancements and process improvements based on an assessment of available regulatory and compliance systems and processes.
- Research and track regulatory developments to update compliance policies and procedures
- Records, investigates and escalates alleged non-compliance with laws, regulations, and Company policies for appropriate
- Represents Gerber Life on Enterprise projects and initiatives, as needed.
- Performs other duties as assigned by management
- Minimum 5 years compliance or regulatory experience, insurance experience preferred
- Privacy experience, Privacy certification preferred
- Knowledge of federal and state laws, regulations, and guidance related to security and privacy, including but not limited, to HIPAA, FCRA, GLBA, CCPA, NAIC Models, and NIST, including the ability to apply such knowledge.
- Demonstrates an understanding of privacy programs as it relates to data inventory, data mapping, user consent, user opt-outs, and data requests.
- Excellent with Microsoft Office, especially Word, Excel, and PowerPoint.
- Demonstrates an understanding of language in contracts, agreements, and memorandums addressing privacy and information security.
- Demonstrates effective verbal and written communication skills with the ability to convey information to internal and external customers in a clear, accurate, focused and concise manner.
- Demonstrates ability to document procedures and activities in a manner that is understandable to others and prepared using a prescribed format.
- Verbal and written communications are to conform to proper rules of punctuation, grammar, diction, and style.
- Demonstrates high-level of attention to detail and excellent organizational skills.
- Proven examples of experience leading projects and the ability to manage multiple priorities simultaneously.
- Proven research, problem-solving and analytical skills, including experience using various websites, reference manuals, or tools.
- Demonstrates experience identifying, defining, and resolving problems by collecting and interpreting data to establish facts, draw valid conclusions and provide effective resolutions and guidance.
- Demonstrates experience working as part of a team developing cooperation and collaborative work efforts toward solutions that benefit all parties involved.
- People skills including the ability to influence, gain commitment and effectively handle conflict
- Ability to take decisive action
- Bachelor's degree, Advanced degree (preferred)
Computer Skills and Knowledge of Hardware & Software Required:
- Works in an office setting and remains in a stationary position for long periods of time while working at a desk, on a computer or with other standard office equipment, or while in meetings
- Requires visual acuity to read a variety of correspondence, reports and forms and to prepare and analyze data in an accurate, neat, and thorough way.
- Continuously makes repetitive motions of the wrists, hands and/or fingers
- Requires complex reading and writing skills
- Hearing and listening ability
- Requires standing and walking within the department and throughout the building complex
- Legal research engines (e.g., Westlaw)
Certifications & Licenses:
- Ability to learn and use electronic programs
- Excellent with Microsoft Office, especially Word, Excel, and PowerPoint
- IAPP Privacy Certification (To be obtained within first year of employment)