Director, Compliance & Privacy
The Nice Director of Compliance & Privacy is responsible for overseeing Nice’s data protection, privacy and regulatory compliance strategy. The role will serve as the point of contact between the company and all regulatory supervisory authorities. The position reports directly to the Chief Information Security Officer (CISO).
The Compliance Privacy Director performs a key risk management role to ensure business lines and corporate initiatives comply with applicable regional, federal and state privacy laws and regulations. S/he will apply risk, process management, and analytical skills to drive actions in support of privacy risk objectives for the impacted business function.
- Identify trends in data and new regulatory statutes to identify emerging compliance requirements
- Advise on application of privacy requirements, development of controls and monitoring, remediation and corrective action of compliance deficiencies
- Ensure appropriate process and systems are in place to handle data subject requests under GDPR and other relevant privacy regulations.
- Educate the company and employees on relevant compliance requirements.
- Ensure operating procedures are in place to investigate, resolve and manage possible data privacy breaches.
- Ensure all employees and managers involved in data processing are trained appropriately and that accurate records of compliance training are maintained. Provide risk assessment consultation on how to deal with data privacy breaches.
- Conduct a program of audits to ensure compliance and address potential issues proactively
- Maintaining records of all data processing activities conducted by the company, including the purpose of all processing activities.
- Ensure data subjects are kept informed about how their data is being used, their rights to have their personal data erased, and what measures NICE has put in place to protect their personal information.
- Review Data Processing Agreements relating to supplier or customer contractual agreements to ensure clarity by either party regarding their responsibilities and liabilities.
- Serve as the point of contact between the company and regulatory supervisory authorities
Background & Experience
- Subject matter expertise of global privacy laws and regional regulations including but not limited to; HIPAA, PCI, GDPR, GLBA, TCPA, California Consumer Privacy Act
- Minimum of eight years of relevant experience in a compliance, legal or business advisory role.
- At least five years of privacy, compliance, risk management or audit experience preferred.
- Experience working in a heavily regulated and/or audited environment
- Strong interpersonal/verbal and written language communication skills, as well as the ability to work well with a diverse, global client base
- Attention to detail and follow-up
Education & Qualification
- Bachelor’s degree desired, advanced degree (JD, MBA) preferred.
- Certification preferred but not required; Certified Information Privacy Professional (CIPP), Certified Risk Professional or Certified Regulatory Compliance Manager