Data Protection and Privacy Supervising Associate - Technology Reviews

Location

Anywhere in Country

Data Protection and Privacy Supervising Associate – Technology Reviews

Ethics, Compliance, and Risk Management (ECRM) supports our people in managing the risks that arise during our daily working lives. We work closely with all parts of the organization to identify, manage and monitor risk, providing coordinated advice and assistance on independence, conflicts, compliance, regulatory, policy, security issues, as well as dealing with claims and any queries regarding ethics.

With fast‑paced technological advancements, new innovations within emerging technologies, and an ever‑challenging regulatory environment, it is business critical for our organization to identify not only the risks but the opportunities these present to us. As a Data Protection & Privacy Supervising Associate, you will support processes within the Ethics, Compliance, and Risk Management (ECRM). Our brand depends on it.

• Help to drive compliance with legal and regulatory requirements as part of technology development and deployment at EY via interfacing with technology teams and performing data protection due diligence activities around systems/technology (i.e., Data Protection/Privacy Impact Assessments (PIAs)), vendors, and business processes.
• Conducting data protection due diligence reviews of systems and technologies including Artificial Intelligence (AI) solutions in order to enable EY compliance with legal/regulatory, EY firm, and EY client data protection and privacy requirements.
• Conducting business process assessments and developing and maintaining EY confidential and personal information inventory, in partnership with EY internal functions and service lines, to understand the types of information that require protection and to fulfil data protection regulatory requirements (e.g., Records of Processing Activities (ROPA)).
• Managing vendor due diligence reviews to assess data protection and privacy risks and ensure appropriate contractual, security, and data handling controls are in place.
• Collaborating with various functions across the organization, such as EY’s Information Security, Technology Risk Management, Service Line Quality, Talent, and members of the business to maintain visibility over technology deployment pipelines and to design and implement Data Protection by Design controls in order to protect confidential/personal information.
• Leading and supporting cross‑functional data protection projects to strengthen operational processes and enable scalable compliance across the Americas.
• Creating reports on various data protection compliance activities to be delivered to key program stakeholders, including senior leaders within the organization.
• Documenting, conducting, and assisting others with investigations of data incidents (i.e., instances of loss, theft, or inappropriate disclosure of confidential/personal information); collaborating with clients, internal functions, and EY service lines to understand root cause, assess impact, and develop remediation plans.
• Continuously maintains and expands knowledge of field of expertise and communicates new developments and resulting impact to program stakeholders and team members.

• Strong verbal and written communication skills.
• Solid understanding of relevant firm business and area wide data protection issues and concerns.
• Strong problem‑solving skills.
• Flexibility and the ability to take the initiative.
• Ability to right‑size risk.
• Strong research skills.
• Strong project management skills; ability to successfully handle multiple tasks.
• Good working knowledge of information systems and common software packages.
• Bachelor’s degree or equivalent work experience;
  Graduate degree or Juris Doctorate preferred.
• 5+ years of related experience.

• Ability to reference existing firm data protection and privacy policies as well as knowledge and experience to review complex situations and assist in proposing solutions.
• Strong knowledge of relevant global, national, and local data protection laws, regulations, and standards, as well as familiarity with other risk‑management initiatives outside of their…