Data Protection and Privacy Supervising Associate - Technology Reviews

Data Protection and Privacy Supervising Associate – Technology Reviews

Ethics, Compliance, and Risk Management (ECRM) supports our people in managing the risks that arise during our daily working lives. We work closely with all parts of the organization to identify, manage, and monitor risk, providing coordinated advice and assistance on independence, conflicts, compliance, regulatory, policy, security issues, as well as dealing with claims and any queries regarding ethics.

With fast‑paced technological advancements, new innovations within emerging technologies, and an ever‑challenging regulatory environment, it is business‑critical for our organization to identify not only the risks but the opportunities these present. As a Data Protection & Privacy Supervising Associate, you will support processes within the Ethics, Compliance, and Risk Management (ECRM) to help EY meet legal and regulatory requirements around technology development and deployment.

As part of the EY Americas Data Protection function, you will help to drive compliance with legal and regulatory requirements as part of technology development and deployment at EY via interfacing with technology teams and performing data protection due diligence activities around systems/technology (i.e., Data Protection/Privacy Impact Assessments (PIAs)), vendors, and business processes.

• Conduct data protection due diligence reviews of systems and technologies including Artificial Intelligence (AI) solutions to enable EY compliance with legal/regulatory, EY firm, and EY client data protection and privacy requirements.
• Conduct business process assessments and develop and maintain EY confidential and personal information inventory, in partnership with EY internal functions and service lines, to understand the types of information that require protection and to fulfil data protection regulatory requirements (e.g., Records of Processing Activities (ROPA)).
• Manage vendor due diligence reviews to assess data protection and privacy risks and ensure appropriate contractual, security, and data handling controls are in place.
• Collaborate with various functions across the organization, such as EY’s Information Security, Technology Risk Management, Service Line Quality, Talent, and members of the business to maintain visibility over technology deployment pipelines and to design and implement Data Protection by Design controls in order to protect confidential/personal information.
• Lead and support cross‑functional data protection projects to strengthen operational processes and enable scalable compliance across the Americas.
• Create reports on various data protection compliance activities to be delivered to key program stakeholders, including senior leaders within the organization.

• Document, conduct, and assist others with investigations of data incidents (i.e., instances of loss, theft, or inappropriate disclosure of confidential/personal information); collaborate with clients, internal functions, and EY service lines to understand root cause, assess impact, and develop remediation plans.
• Continuously maintain and expand knowledge of the field of expertise and communicate new developments and resulting impact to program stakeholders and team members.

• Strong verbal and written communication skills.
• Solid understanding of relevant firm business and area‑wide data protection issues and concerns.
• Strong problem‑solving skills.
• Flexibility and the ability to take the initiative.
• Ability to right‑size risk.
• Strong project management skills; ability to successfully handle multiple tasks.
• Good working knowledge of information systems and common software packages.
• Bachelor’s degree or equivalent work experience;
  Graduate degree or Juris Doctorate preferred.
• 5+ years of related experience.

• Ability to reference existing firm data protection and privacy policies as well as knowledge and experience to review complex situations and assist in proposing solutions.
• Strong knowledge of relevant global, national, and local data protection laws, regulations,…