Privacy Risk Controls Lead
Our team members are at the heart of everything we do. At Cencora, we are united in our responsibility to create healthier futures, and every person here is essential to us being able to deliver on that purpose. If you want to make a difference at the center of health, come join our innovative company and help us improve the lives of people and animals everywhere. Apply today!
What you will be doing
Reporting to the Privacy Program Manager (the “Program Manager”), the Privacy Risk Controls Analyst assists the Program Manager in leading the development, implementation and monitoring of the privacy program to align with corporate strategy and to meet state/federal/international regulatory requirements. This position formulates recommendations for mitigation of enterprise privacy risks and promotes a culture of Privacy By Design.
PRIMARY DUTIES AND RESPONSIBILITIES:
· Lead complex regulatory privacy risk assessments and control audits based on the requirements of the Global Privacy Operations team to ensure compliance with the corporate privacy policies, standards and/or federal/state/international privacy requirements. Coordinate efforts with Global Privacy Operations and Information Security Office as appropriate.
· Provide recommendations to the Privacy Program Manager and others, including senior leadership, based on the privacy risk review to mitigate identified privacy risks. Ensure implementation of changes and recommendations as appropriate.
· Lead the development, implementation and maintenance of the privacy risk register, internal policies, standards and procedures to ensure enterprise compliance with federal/state/international privacy requirements at the direction of the Program Manager.
· Lead the maintenance of external facing (i.e., patient/customer) Privacy Notices and Policies.
· Conduct reviews, analysis and research on current, proposed, and newly adopted privacy laws and regulations to advise management on the impact to the business. Monitor, identify, interpret and map privacy regulatory requirement changes and their impact across the enterprise.
· Lead projects to develop new or modified business processes to ensure compliance with newly adopted privacy laws and regulations.
· Review and consult on complex enterprise initiatives to determine compliant data use, permissible data sharing, and minimum necessary access requirements to ensure compliance with state/federal/international privacy requirements, including HIPAA, GDPR, CCPA, etc.
· Collaborate with the Information Security team on remediation tracking and monitoring, and Cencora Legal to coordinate necessary privacy contracting.
· Conduct due diligence, review and ongoing monitoring of high-risk vendors that will send or receive personal information to identify and mitigate privacy risks. Partner with the vendor and the Business Unit to mitigate known privacy risks.
· Lead the development/identification of and (may) facilitate enterprise wide privacy training as well as specialized training for strategic Business Units or functions.
· Assist the Privacy Operations Analyst in handling of escalated privacy incidents, including determining necessary patient/customer and third-party notification, identifying root cause, and working with the business to implement new controls. Support incident management and response procedures.
· Lead and/or assist the Program Manager, Privacy Operations Analyst, Business Unit Privacy Liaisons and other team members in the research and resolution of privacy consultation requests.
· Be a reliable subject matter resource on privacy regulations (HIPAA, GDPR, CCPA, etc.) as well as emerging data privacy topics at large.
- Partnership with product management and additional stakeholders, Familiarity of SCRUM process
· Perform related duties as assigned.
EXPERIENCE AND EDUCATIONAL REQUIREMENTS:
BA or BS in Business or related field. (i.e. Information Technology/Privacy)
3 years of experience in privacy compliance within a federally regulated industry with international business operations.
Certified Information Privacy Professional (CIPP-US) certification and/or legal experience in privacy.
Experience/familiarity with OneTrust, Navex.
MINIMUM SKILLS, KNOWLEDGE AND ABILITY REQUIREMENTS:
· Strong knowledge of and experience in interpreting federal/state/international and industry privacy laws, regulations, legal opinions, and providing guidance related to the identifying, interpreting and applying regulatory related issues and activities to business practices.
· Demonstrated strategic planning and leadership skills; ability to motivate and influence company associates at all levels across the organization to comply with regulatory standards.
· Excellent analytical, problem solving and negotiating skills. Ability to effectively present information and respond to questions from groups of managers, employees and Business Unit Privacy Liaisons.
· Ability to work effectively and efficiently in pressure situations and demonstrate a high level of flexibility in a rapidly changing environment while handling complex assignments simultaneously.
· Ability to work independently with strong, strategic planning and organizational skills; self-motivated and directed, adaptable, team focused and detail oriented.
· Strong knowledge of project management techniques, best practice reengineering knowledge and experience for compliance processes.
· Demonstrated success in meeting Business Unit requirements in a fast paced, multi-faceted, highly regulated and diverse environment.
· Demonstrated experience in writing, communication and presentation skills.
· Personal computer skills to include competency with Microsoft Office Word, Excel, Power Point, Outlook, and Smart Sheet.
· Ability to extract and massage data from varying compliance systems/databases for reporting purposes
· Comfortable working in a matrix organization with tolerance for ambiguity.
· Ability to help promote a culture of diversity and inclusion within Global Privacy Operations and the larger organization by valuing different ideas and opinions.
· Ability to work remotely and have access to high-speed internet.
The work environment characteristics described here are representative of those an associate encounters while performing the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions:
The noise level in the work environment is generally quiet.
PHYSICAL AND MENTAL REQUIREMENTS:
The physical demands described here are representative of those that must be met by an associate to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions:
Sedentary physical activity requiring reaching, sifting, lifting, finger dexterity, grasping, feeling, repetitive motions, talking and hearing. Visual requirement is for close vision, distance vision, peripheral vision and ability to adjust focus. 25% or more time is spent looking directly at a computer. Associate is frequently required to stand, walk (or otherwise be mobile). Ability to deal with stressful situations as they arise.
What your background should look like
What Cencora offers
We provide compensation, benefits, and resources that enable a highly inclusive culture and support our team members’ ability to live with purpose every day. In addition to traditional offerings like medical, dental, and vision care, we also provide a comprehensive suite of benefits that focus on the physical, emotional, financial, and social aspects of wellness. This encompasses support for working families, which may include backup dependent care, adoption assistance, infertility coverage, family building support, behavioral health solutions, paid parental leave, and paid caregiver leave.
To encourage your personal growth, we also offer a variety of training programs, professional development resources, and opportunities to participate in mentorship programs, employee resource groups, volunteer activities, and much more.
For details, visit https://www.virtualfairhub.com/amerisourcebergen
*This Salary Range reflects a National Average for this job. The actual range may vary based on your locale. Ranges in Colorado/California/Washington State-specific locations may be up to 10% lower than the minimum salary range, and 12% higher than the maximum salary range.
Affiliated Companies:Affiliated Companies: AmerisourceBergen Services Corporation
Equal Employment Opportunity
Cencora is committed to providing equal employment opportunity without regard to race, color, religion, sex, sexual orientation, gender identity, genetic information, national origin, age, disability, veteran status or membership in any other class protected by federal, state or local law.
The company’s continued success depends on the full and effective utilization of qualified individuals. Therefore, harassment is prohibited and all matters related to recruiting, training, compensation, benefits, promotions and transfers comply with equal opportunity principles and are non-discriminatory.