From the beginning, our goal was to establish an advisory firm that stands apart from the rest – one that is grounded in our Core Values and dedicated to creating a positive experience not just for our clients, but for our people too. We firmly believe in the strength of collaboration, enthusiasm, generosity, and perseverance as the driving forces behind our success. With advisory solutions spanning accounting and risk, technology-enabled transformation, and transactions, we partner with our clients to solve today’s challenges and deliver present and future value.
Our commitment to our people has earned us numerous awards including Inc5000's Fastest Growing Companies and Glassdoor's Best Places to Work. Explore what our employees have to say about our unique culture by clicking here.
CrossCountry is looking to hire a Privacy & Third-Party Risk Program Senior Manager to create and mature the Firm’s privacy program to maintain current and future regulatory requirements ensuring our privacy compliance posture.
The Privacy & Third-Party Risk Program Senior Manager will work closely with stakeholders (e.g., DPO, CISO, VP of CTS, Cybersecurity and Technology Lead, Senior Legal Counsel, and Executive Leadership Team) and must have the skill set necessary to manage the privacy program through every stage of its lifecycle, as well as proactively identify ways to mature over time. This individual will also be responsible for identifying privacy requirements for the Firm, managing risks arising from the collection and use of personal data, maintaining policies and procedures, and facilitating a privacy-focused culture within CrossCountry.
Responsibilities:
Data Privacy:
Create and manage CrossCountry’s privacy management program.
Partner with the Firm’s Cybersecurity and Technology team to define a data management framework, policies, and procedures that supports CrossCountry’s privacy vision.
Monitor and track existing, updated, and new requirements of both global and domestic privacy and data protection regulations (e.g., GDPR, CPRA) and their applicability to CrossCountry.
Create, update, and maintain CrossCountry’s internal privacy policies and external privacy notices/statements.
Lead and coordinate Privacy Risk Assessments, Privacy Impact Assessments (PIA), and Data Protection Impact Assessments (DPIA) as required.
Collaborate with the Firm’s Data Protection Officer (DPO), Senior Legal Counsel, Cybersecurity and other relevant stakeholders to communicate and escalate privacy questions and issues as needed (e.g., breach notifications).
Own, manage, and improve privacy and data protection processes and record keeping such as Records of Processing Activities (ROPA).
Develop workflows and procedures for key privacy processes (e.g., retention and destruction, minimization).
Respond to and manage time-sensitive Data Subject Requests (DSRs) and other privacy inquiries.
Plan and execute privacy audits to evaluate the effectiveness and maturity of the privacy program and facilitate remediation actions.
Develop a data privacy reporting dashboard with recommended key metrics (e.g., KPIs).
Serve as liaison and primary point of contact within CrossCountry and externally on privacy and data protection matters.
Deliver privacy and data protection training and awareness for the entire Firm.
Third-Party Risk:
Establish and maintain CrossCountry’s third-party risk management program framework that aligns with relevant laws, regulations, and standards.
Partner with key departments such as legal, corporate technology solutions, and information security.
Identify and categorize third-party risks based on business activities and data handling.
Conduct thorough due diligence on vendors, including risk-based assessments.
Map risks to business activities and classify vendors accordingly.
Develop and enforce policies for acquiring and engaging third-party services.
Ensure privacy and security are integrated into the vendor approval process.
Perform continuous monitoring of third-party relationships and risk exposures.
Conduct regular assessments and audits to ensure compliance and performance.
Assist in privacy contractual review and ongoing monitoring for clients and/or third-party agreements.
Other:
Respond to and manage time-sensitive requests from the practice (e.g., Data Privacy Reviews, Questionnaires, MSAs, DPAs, etc).
Qualifications:
8+ years of experience managing or consulting on privacy, data protection, or third-party risk management programs or serving on a privacy operational role
At least one privacy certification such as CIPP/US, CIPP/EU, CIPM, CIPT, or CDPSE required
Extensive and working knowledge of global privacy and regulatory frameworks, including GDPR and CPRA
Proficiency of the components of a comprehensive privacy program, including governance, privacy principles, awareness and training, third party risk management, consent management, etc.
Experience with privacy risk assessment, audits, and privacy-related tools and applications
Ability to lead and work as part of a team
Polished verbal and written communication skills
Excellent organization, time, and project management skills
Professionalism and discretion in interacting with executives and clients
Strong attention to detail
A great sense of humor and passionate about privacy
Education:
A bachelor’s degree (or higher)
#LI-Hybrid #LI-BW1
Benefits Summary
The CrossCountry total rewards package includes comprehensive healthcare options, including medical, dental, and vision coverage; flexible spending accounts; and a 401(k) with company matching. Additionally, employees can take advantage of generous parental and maternity leave policies, technology stipends, and wellness reimbursement programs, all designed to support both professional growth and personal well-being. For detailed information about benefits at CrossCountry, please visit our dedicated benefits site: https://www.crosscountry-consulting.com/careers/benefits/.
Equal Employment Opportunity (EEO)
CrossCountry provides equal employment opportunities (EEO) to all employees and applicants for employment and believes that respect and fair treatment are critical to creating a productive and inclusive workplace.
As an equal opportunity employer, CrossCountry is fully committed to comply with all federal, state, and local laws and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability, pregnancy, genetics, sexual orientation, veteran status, gender identity or expression or any other protected characteristic. The company also complies with pay transparency and labor laws applicable to all terms and conditions of employment.
Questi cookie sono necessari per il funzionamento del sito e non possono essere disattivati nei nostri sistemi. È possibile impostare il proprio browser in modo da bloccare questi cookie, ma alcune parti del sito potrebbero non funzionare.
Sicurezza
Esperienza dell'utente
Cookie orientati al gruppo target
Questi cookie sono impostati attraverso il nostro sito web dai nostri partner pubblicitari. Possono essere utilizzati da queste aziende per profilare i vostri interessi e mostrarvi pubblicità pertinenti altrove.
Google Analytics
Google Ads
Utilizziamo i cookie
🍪
Il nostro sito web utilizza i cookie e tecnologie simili per personalizzare i contenuti, ottimizzare l'esperienza dell'utente e per indvidualizzare e valutare la pubblicità. Facendo clic su Ok o attivando un'opzione nelle impostazioni dei cookie, l'utente accetta questo.
Le migliori offerte di lavoro da remoto via e-mail
Unisciti alle oltre 5'000+ persone che ricevono notifiche settimanali sulle offerte di lavoro da remoto!