EY Data Protection Privacy Senior Associate - Business Process Reviews 

United States, Georgia, Atlanta 

262952813

We are operating in an increasingly connected world that is changing how to manage risk. With fast-paced technology advancements, new innovations within emerging technologies, and an ever-challenging regulatory environment, it is business critical for our organization to identify not only the risks but the opportunities these present to us. As a Data Protection & Privacy Senior Associate, you will support processes within the Ethics, Compliance, and Risk Management (ECRM). Our brand depends on it. It’s all part of our long-term commitment to building a better working world and in return, you can expect plenty of opportunities to take on new responsibilities and develop your career.

Your key responsibilities

As part of the EY Americas Data Protection (Confidentiality, Data Privacy) function, you will maintain visibility over and perform data protection due diligence activities around business processes and processing activities (i.e., Activity Privacy Impact Assessments (APIAs)). You will help to interpret data protection and privacy laws and policies, determine required actions to standard and non-standard situations, and make recommendations based on firm guidance, professional standards, subject matter expertise, and acquired experience.

Skills and attributes for success

• Supports the Compliance function of the Data Protection program as needed, including but not limited to:

• • Conducting data protection due diligence reviews of business processes and data processing activities in order to enable EY compliance with legal/regulatory, EY firm, and EY client data protection and privacy requirements,
  • Developing procedures operationalizing data protection compliance measures, and monitoring and assessing adherence to implemented controls,

• Collaborating with various functions within the organization, such as Talent, Finance, Service Line Quality, and business teams to maintain visibility over evolving and new processing activities and bake in Data Protection compliance measures as appropriate, and
• Creating reports on various data protection compliance activities to be delivered to key program stakeholders, including senior leaders within the organization;
• Assists the Data Risk Management function of the Data Protection program as needed, including but not limited to:

• • Documenting, conducting, and assisting others with investigations of data incidents (i.e., instances of loss, theft, or inappropriate disclosure of confidential/personal information); collaborating with clients, internal functions, and EY service lines to understand root cause, assess impact, and develop remediation plans, and
  • Developing and maintaining EY confidential and personal information inventory, in partnership with EY internal functions and service lines, to understand types of information that require protection and to fulfil data protection regulatory requirements (e.g., Records of Processing Activities (ROPA)).

• Continuously maintains and expands knowledge of field of expertise and communicates new developments and resulting impact to program stakeholders and team members; and
• Participates in various ad-hoc Data Protection and Privacy projects, as needs develop.

To qualify for the role, you must have

• Strong verbal and written communication skills
• Solid understanding of relevant firm business and area wide data protection issues and concerns
• Strong problem-solving skills
• Flexibility and the ability to take the initiative
• Ability to right-size risk
• Strong research skills
• Strong project management skills; ability to successfully handle multiple tasks
• Good working knowledge of information systems and common software packages
• Bachelor’s degree or equivalent work experience; Graduate degree or Juris Doctorate preferred
• 1-4 plus years related experience

Ideally, you’ll have

• Ability to reference existing firm data protection and privacy policies as well as knowledge and experience to review complex situations and assist in proposing solutions
• Strong knowledge of relevant global, national, and local data protection laws, regulations, and standards, as well as familiarity with other risk management initiatives outside of their specific area
• Sound understanding of high-level technology trends and issues surrounding data protection
• Privacy certification from ISACA or the International Association of Privacy Professionals (e.g., CIPP, CIPM, CDPSE, AIGP)

What we look for

We’re interested in people that will be able to right-size risk and recommend creative solutions to complex problems, as well as make significant contributions to complex Risk Management projects.

We offer a competitive compensation package where you’ll be rewarded based on your performance and recognized for the value you bring to our business. In addition, our Total Rewards package includes medical and dental coverage, both pension and 401(k) plans, a minimum of 18 days of paid time off with additional time based on your level and years of service plus 12 observed holidays, and a range of programs and benefits designed to support your physical, financial and social well-being.