We use cookies. Find out more about it here. By continuing to browse this site you are agreeing to our use of cookies.
I agree and accept cookies
Main menu
Post a Job
Request a Demo
Yes
No
Both
Advanced search
#alert
Back to search results / More jobs like this
Back to search results
New
The Hershey Company jobs

Sr. Manager, Privacy & Data Compliance

The Hershey Company
United States, Pennsylvania, Hershey
Feb 01, 2025

Sr. Manager, Privacy & Data Compliance
Posted Date:

Jan 31, 2025
Requisition Number:

124284

Location: Hershey, PA

Job location: Remote-flexible with strong preference to northeast U.S. candidates.

Reports to: Sr. Director AGC Salty Snacks, Privacy, Security & Risk

Summary of Role:

This role is a key provider of advice and guidance on the company's privacy and data programs, serving as the primary resource on questions regarding compliance with applicable U.S. law (e.g., California Consumer protection Act (CCPA)), foreign law (e.g., General Data Protection Regulation (GDPR)) and other laws and similar requirements on a global basis. Role is responsible for developing, implementing and maintaining the company's data privacy program, ensuring compliance with all relevant privacy laws by conducting appropriate risk assessments, overseeing data subject access requests, investigating privacy incidents, and providing guidance to key stakeholders across the company to protect sensitive information and update privacy standards.

Role Responsibilities:

Data Governance & Data Subject Access requests:



  • Handle privacy and data protection-related inquiries from groups across company and provide actionable advice and counsel to facilitate privacy and data protection compliance.
  • Manage the process for handling data subject access requests, including verification of identity, providing access to personal data, and addressing concerns.


Privacy Policy Development & Implementation:



  • Assist in the creation, review, updating and implementation of comprehensive privacy policies and procedures aligned with applicable privacy laws.
  • Assist in the creation, maintenance and implementation of processes, data inventories and records of processing, and associated documentation relating to processing of data.


Risk Assessment, Mitigation & Compliance:



  • Conduct regular privacy risk assessments to identify potential privacy vulnerabilities, prioritize risks, and develop mitigation strategies.
  • Investigate privacy incidents, including data breaches, and implement appropriate remediation actions in accordance with legal requirements.
  • Conduct periodic privacy compliance audits to assess adherence to established policies and procedures, identify areas for improvement, and report findings.
  • Stay informed about evolving privacy regulations and ensure the company's privacy program remains compliant with new laws and interpretations
  • Review and assess third-party vendor contracts to ensure compliance with data privacy requirements and appropriate data protection measures.


Privacy Engagement & Training:



  • Collaborate with different departments within company to educate employees on data privacy practices, provide guidance on data handling procedures and address privacy concerns.
  • Conduct / design, in conjunction with cross-functional teams, awareness and training efforts as needed or required to increase employee understanding of company privacy policies, data handling practices and procedures, and legal obligations.
  • Educate others about and help to implement various requirements driven by privacy and data protection laws, standards and best practices, such as CCPA, GDPR, and self-regulatory organizations such as DAA and NAI



Desired Knowledge, Skills & Abilities:



  • Experience with conducting privacy impact assessments and advising on applicable legal requirements.
  • Experience with creating, maintaining and implementing programs for data, data protection, and data governance.
  • Demonstrated experience with the legal, regulatory and technical issues related to the ad tech industry and emerging technologies or privacy issues including iOT, AI and biometrics.
  • Excellent communication and verbal skills to effectively convey complex privacy concepts to diverse audiences.
  • Ability to analyze data, identify trends and interpret privacy risks.
  • Experience developing, managing and implementing privacy/data management/data protection programs for a publicly traded company, and/or experience advising a publicly traded company in the development and management of these programs on a global basis.
  • Proven ability to manage complex projects and working cross-functionally with various departments.
  • Thorough understanding of data privacy laws and regulations, including CCPA, GDPR, etc.
  • Strong project management skills to oversee privacy initiatives and ensure timely completion of tasks.
  • Demonstrated transactional experience, including drafting and negotiating privacy and data protection terms and agreements, data processing, usage, and/or transfer agreements.
  • Familiarity with information security practices



Requirements:



  • Education -

    • Bachelor's degree in Business, Information Technology, Risk Management, or a related field. Advanced certifications in privacy or data governance are a plus.


  • Experience -

    • Minimum of 7-10 years of experience in privacy, data governance or related fields, with demonstrated experience in effective interactions with senior leaders and effectively leading a team, demonstrated success in privacy/data security governance, and consistent ability to build relationships and leverage partners and advisors





#LI-TL1

#LI-Remote




Applied = 0
MORE JOBS LIKE THIS

(web-6f6965f9bf-tv2z2)