Edtech.com's Summary

Drexel University is hiring an Executive Director of Privacy Program Services. The role involves leading the university's privacy and data protection program, ensuring compliance with various privacy laws, and providing guidance across university departments to safeguard personal and proprietary information.

Highlights

Lead development and implementation of privacy policies aligned with laws such as FERPA, HIPAA, GDPR, and state regulations.
Serve as Deputy Privacy Officer and oversee privacy compliance across academic and administrative units.
Manage research privacy protections for human subjects and review related contracts.
Promote a culture of Privacy by Design and conduct data protection audits and impact assessments.
Provide training, education, and advisement on privacy issues to the university community.
Supervise a team of privacy managers and analysts and collaborate on student co-op programs.
Maintain records of data processing activities and direct investigations of privacy incidents or complaints.
Minimum master's degree or equivalent experience and 8-10 years of relevant leadership in privacy and data protection.
Preferred qualifications include strong leadership, communication skills, and compliance program management experience.
Compensation ranges from $108,330 to $162,490 annually, reflecting qualifications and experience.

Executive Director of Privacy Program Services Full Description

Job Summary

The Executive Director of Privacy Program Services (EDPPS) position will serve as Deputy Privacy Officer and will be responsible for the privacy and data protection program at Drexel University. In this role, the EDPPS is responsible to promote the privacy, protection and confidentiality of restricted, proprietary, or personal information for member of the Drexel University community including but not limited to students, faculty, staff, research subjects, patients and others and ensure that Drexel complies with all data privacy and data protection laws that apply to the University’s internal and external-facing operations.

Essential Functions

Drafts, revises and implements policies and procedures to ensure compliance with applicable privacy and data protection law, regulations, rules and standards, and the University’s contractual commitments. This includes monitoring and advising the Drexel community on all issues related to the protection and confidentiality of personal data under applicable data protection laws, including, but not limited to the Family Educational Rights and Protection Act (FERPA), the Health Insurance Portability and Accountability Act (HIPA) privacy and breach notification rules, the General Data Protection Regulation (GDPR), and various state and local laws and regulations.
Provides guidance to colleges, schools and business units on all aspects of privacy and data protection. This includes liaising with colleges, schools and business units across the University in relation to the development of policies, procedures and practices.
Manages research privacy program to ensure appropriate protection of the personal information of research participants including human subjects and oversees appropriate review of contracts and other agreements.
Fosters a privacy and data protection culture within the University and helps to implement essential Fair Information Privacy Principles (FIPPs) in accordance with the University’s Privacy Plan.
Develops, implements, and monitors privacy policies and controls that foster a culture of Privacy by Design and Privacy by Default.
Assists in the development and implementation of Privacy Program monitoring and audits to ensure competent, documented data inventories, flows and compliance to address potential issues proactively. Provides advice on Data Protection Impact Assessments (DPIAs) and monitor their performance.
Educates, advises and coaches the University community on applicable privacy compliance requirements on a timely and regular basis by providing training and awareness modules and communications. Creates privacy and data protection training and awareness plans coordinated with other University units and Enterprise Learning. Monitor sand track training campaigns to completion.
Maintains comprehensive records of all data processing activities, including data flow diagrams and privacy impact assessments.
As the trusted advisor for the University community on privacy and data protection inquiries and complaints, participates in, directs investigation of and advises on containment, mitigation, reporting and resolution of security incidents and investigations, or privacy complaints and reports, as necessary.
Directs and oversees team of privacy managers and analysts and ensures regular participation in student co-op programs with Kline Law and other University colleges and schools.
Designs and directs content of the Privacy website
Provides leadership and support to various University committees, e.g., Audit Committee of the Board of Trustees, Privacy and Security Compliance Committee, Enterprise Risk Management Committee, Cybersecurity and Privacy Incident Response Team, etc.
Manages day-to-day operation of the Privacy and Data Protection Program, providing overall direction and advice for privacy and data protection compliance, including review of agreements with third parties and others for use, disclosure and processing of sensitive University information.
Collaborates with colleges, schools and administrative units to direct the preparation and maintenance of appropriate privacy and confidentiality consent and authorization forms, information notices and materials consistent with the University's practices and requirements for protection of personal information.
Maintains current knowledge of applicable international, federal and state privacy and data protection laws, regulations, rules and accreditation standards, and monitors advancements in information privacy technologies.
Additional manager assigned duties and/or projects, as required.

Required Qualifications

Minimum of master's degree or the equivalent combination of education and work experience.
- Please review the Equivalency Chart for additional information.
Minimum of 8-10 years of relevant professional experience in Privacy and/or Data Protection leadership and management role, including direct management of people.
- Experience interpreting and communicating Privacy and Data Protection requirements and laws in an effective and creative manner.
- Extensive experience with implementing and managing Privacy and Data Protection Program elements in highly regulated environment with diverse regulatory requirements, computer systems, staff, vendors and customers.

Preferred Qualifications

Strong confident, leader and motivator with a proven track record of being a resilient self-starter, who exercises sound judgment, effective collaborative strategies, and impeccable integrity.
Excellent oral and written communication skills with ability to adapt communication to audience.
Compliance Program management experience a plus.

Physical Demands

Typically sitting at a desk/table
Lifting demands ≤ 25lbs

Location

Remote

Additional Information
This position is classified as Exempt, grade O. Compensation for this grade ranges from $108,330.00 to $162,490.00 per year. Please note that the offered rate for this position typically aligns with the minimum to midrange of this grade, but it can vary based on the successful candidate’s qualifications and experience, department budget, and an internal equity review.

Applicants are encouraged to explore the Professional Staff salary structure and Compensation Guidelines & Policies for more details on Drexel’s compensation framework. For information about benefits, please review Drexel’s Benefits Brochure.

Special Instructions to the Applicant
Please make sure you upload your CV/resume and cover letter when submitting your application.

Additional Required Documents
Proof of Privacy and/or Data Protection certification - Certified Information Privacy Professional (CIPP/US or CIPP/E), Certified Information Privacy Manager (CIPM), Certified Information Privacy Technologist (CIPT)

A review of applicants will begin once a suitable candidate pool is identified.

#LI-Remote

Original Job Description

Job Summary

Essential Functions

Drafts, revises and implements policies and procedures to ensure compliance with applicable privacy and data protection law, regulations, rules and standards, and the University’s contractual commitments. This includes monitoring and advising the Drexel community on all issues related to the protection and confidentiality of personal data under applicable data protection laws, including, but not limited to the Family Educational Rights and Protection Act (FERPA), the Health Insurance Portability and Accountability Act (HIPA) privacy and breach notification rules, the General Data Protection Regulation (GDPR), and various state and local laws and regulations.
Provides guidance to colleges, schools and business units on all aspects of privacy and data protection. This includes liaising with colleges, schools and business units across the University in relation to the development of policies, procedures and practices.
Manages research privacy program to ensure appropriate protection of the personal information of research participants including human subjects and oversees appropriate review of contracts and other agreements.
Fosters a privacy and data protection culture within the University and helps to implement essential Fair Information Privacy Principles (FIPPs) in accordance with the University’s Privacy Plan.
Develops, implements, and monitors privacy policies and controls that foster a culture of Privacy by Design and Privacy by Default.
Assists in the development and implementation of Privacy Program monitoring and audits to ensure competent, documented data inventories, flows and compliance to address potential issues proactively. Provides advice on Data Protection Impact Assessments (DPIAs) and monitor their performance.
Educates, advises and coaches the University community on applicable privacy compliance requirements on a timely and regular basis by providing training and awareness modules and communications. Creates privacy and data protection training and awareness plans coordinated with other University units and Enterprise Learning. Monitor sand track training campaigns to completion.
Maintains comprehensive records of all data processing activities, including data flow diagrams and privacy impact assessments.
As the trusted advisor for the University community on privacy and data protection inquiries and complaints, participates in, directs investigation of and advises on containment, mitigation, reporting and resolution of security incidents and investigations, or privacy complaints and reports, as necessary.
Directs and oversees team of privacy managers and analysts and ensures regular participation in student co-op programs with Kline Law and other University colleges and schools.
Designs and directs content of the Privacy website
Provides leadership and support to various University committees, e.g., Audit Committee of the Board of Trustees, Privacy and Security Compliance Committee, Enterprise Risk Management Committee, Cybersecurity and Privacy Incident Response Team, etc.
Manages day-to-day operation of the Privacy and Data Protection Program, providing overall direction and advice for privacy and data protection compliance, including review of agreements with third parties and others for use, disclosure and processing of sensitive University information.
Collaborates with colleges, schools and administrative units to direct the preparation and maintenance of appropriate privacy and confidentiality consent and authorization forms, information notices and materials consistent with the University's practices and requirements for protection of personal information.
Maintains current knowledge of applicable international, federal and state privacy and data protection laws, regulations, rules and accreditation standards, and monitors advancements in information privacy technologies.
Additional manager assigned duties and/or projects, as required.

Required Qualifications

Minimum of master's degree or the equivalent combination of education and work experience.
- Please review the Equivalency Chart for additional information.
Minimum of 8-10 years of relevant professional experience in Privacy and/or Data Protection leadership and management role, including direct management of people.
- Experience interpreting and communicating Privacy and Data Protection requirements and laws in an effective and creative manner.
- Extensive experience with implementing and managing Privacy and Data Protection Program elements in highly regulated environment with diverse regulatory requirements, computer systems, staff, vendors and customers.

Preferred Qualifications

Strong confident, leader and motivator with a proven track record of being a resilient self-starter, who exercises sound judgment, effective collaborative strategies, and impeccable integrity.
Excellent oral and written communication skills with ability to adapt communication to audience.
Compliance Program management experience a plus.

Physical Demands

Typically sitting at a desk/table
Lifting demands ≤ 25lbs

Location

Remote

Special Instructions to the Applicant
Please make sure you upload your CV/resume and cover letter when submitting your application.

A review of applicants will begin once a suitable candidate pool is identified.

#LI-Remote

Let me find your next job.

Thanks - you're signed up.

Executive Director of Privacy Program Services

Edtech.com's Summary

Executive Director of Privacy Program Services Full Description

Director of Digital Content & In-Venue Productions

Student Case Coordinator

Interventional Technologist/UKHC

TSCA Environmental Compliance Specialist - Schofield Barracks, HI

Administrative Associate III - M&IE - Fixed Term