Privacy Manager, Information Security

Job Description

Privacy Manager, Information Security

Reporting to the Director of Information Security, Privacy Program, this position is responsible for managing the Information Security's privacy program globally, collaborating with cross-functional stakeholders across the organization whilst promoting an information security/privacy awareness culture.

The role requires close co-ordination and collaboration with the Information Security team and Legal Compliance Privacy teams providing support, as required, to initiatives involving the use of personal data.

Core Responsibilities

Privacy Management
• Privacy Management Framework Implementation – manage privacy management framework activities globally that include personal information asset inventory management, data protection impact assessment, data subject rights process, training and awareness, and incident response.
• Personal Information Governance – develop and implement personal data governance globally to ensure that personal data lifecycle is identified, data flows are visualized, and data mapping inventory details are maintained. Collaborate closely with business, legal, and IT stakeholders to ensure that privacy controls are in place to mitigate privacy risks.
• Privacy Management Platform Implementation – manage the implementation and operation of OneTrust, including data mapping, automated assessment, data subject rights, and universal consent management.
• Compliance Management – manage the privacy regulation compliance implementation project globally with cross-departmental stakeholders. Function as a Subject Matter Expert (SME) in privacy technology to advise stakeholders to mitigate privacy risks.
• Incident Management – act as a liaison for privacy officer, incident response team, legal compliance, and relevant business in the case of privacy incidents and assist in the handling of the incident in accordance with internal policies and applicable laws.

Business Consultancy
• Privacy Impact Assessment – collaborate with business relationship management and technology engineering teams and support legal privacy attorneys in privacy risk and impact assessment to ensure that risks associated with complex technology solutions are properly evaluated.
• Business Consultancy - Work with IT and business stakeholders to understand business requirements and provide detailed guidance and recommendations to ensure appropriate technical and organizational measures are implemented to ensure privacy by design principles are met.

Job Requirements and Qualifications
• Bachelor's Degree in Information Security, Information Technology or a similar major
• Minimum 4 years' experience in privacy regulatory compliance (e.g., CCPA, CPRA, GDPR, LGPD)
• Minimum 4 years' experience in Privacy Management Platform solution(s) (e.g., OneTrust)
• 4-6 years strong project management and reporting experience

Knowledge Of:
• Information risk concepts and principles as a means of relating business needs to security controls; an understanding of the business impact of security tools, technologies, and policies.
• Experience in implementing OneTrust's Privacy Management Platform solution
• Knowledge of Information Security principles, including ISO 27001 framework and Information Security Management System (ISMS)
• Knowledge of Agile & Waterfall project management methodologies

Skill In:
• Excellent verbal, written and interpersonal communication skills with the ability to communicate effectively with IT, project and development teams, management, and business stakeholders.
• Developing and delivering employee training programs. Skilled in articulating information security policies, procedures, and guidelines to all levels of management and staff.
• Practiced proficiency in performing risk, business impact, control, and vulnerability assessments.
• Strong organizational, project management and multi-tasking skills with a successful track record of managing expectations, delivering results, and meeting milestones and deadlines.

Ability To:
• Work flexible hours to meet with teammates and stakeholders in other regions.
• Build effective working relationships, working inclusively with stakeholders to understand their business requirements.
• Simplify complex problems with the ability to prioritize tasks based on business impact.
• Work effectively in a multicultural, multinational environment consisting of cross-functional, high-performance teams.
• Perform under high pressure, in a dynamic environment to strict deadlines, with the ability to address multiple priorities concurrently.
• Take on new responsibilities and influence others as needed to deliver consistent results.

Preferred Qualifications
• CISMP/CISSP/CISM certification
• Knowledge of Information Security principles, including ISO 27001 framework and Information Security Management System (ISMS)
• Knowledge of Agile & Waterfall project management methodologies
• University Degree
• 4-6 years data protection experience

* Sony Pictures - CA - Culver City Area & Studios

Jobcode: Reference SBJ-dyy08m-3-16-212-99-42 in your application.