Senior. Privacy Officer
The Ohio State University is seeking to hire a Senior Privacy Officer to work in partnership with the Chief Privacy Officer (CPO) and the privacy team to build on the existing body of privacy work to establish, implement, mature and administer a comprehensive privacy program for the university.
The Senior Privacy Officer is a leader who operates with a high-degree of autonomy across the university and medical center to provide thought leadership, articulate privacy requirements, drive privacy projects, and lead teams on a broad-range of existing and emerging privacy topics.
The Senior Privacy Officer will report to the CPO with a further accountability to the Chief Information Security Officer (CISO) and the Chief Compliance Officer (CCO).
The Senior Privacy Officer will be responsible for following:
Develop and implement the Ohio State Privacy Program across the university to address compliance requirements to a myriad of privacy regulations and best practices (HIPAA/HITECH, FERPA, GLBA, marketing rules, etc.) in conjunction with the privacy team. Use critical thinking, experience, and thought leadership to balance university data analytic strategies and individual privacy. Lead teams across the university to execute privacy impact assessments and drive privacy-by-design practices. Execute projects across the university to implement privacy best practices, new technologies, and potential university risks. Represent the privacy office and serve as a privacy expert on committees and working groups to articulate privacy requirements in large, university-wide initiatives. Continually ensure privacy policies and procedures across the university are in compliance with applicable laws and regulations. Analyze the privacy risk with supplier engagements and consult with staff to draft and edit contracts and agreements to ensure privacy compliance. Monitor privacy legislative and regulatory changes and emerging privacy best practices. Collaborate with government relations, legislators and regulators to change or comment on applicable regulations. Research, create and present privacy training, education, and awareness materials for students, faculty, staff, and visitors. Represent the university in the broader higher education and privacy communities through presentations, working groups, or other activities.
Candidates will be evaluated based on their ability to perform the responsibilities listed above while demonstrating the skills and competencies necessary to be highly effective in the role. These skills and competencies include:
An understanding of university mission, values, and goals and consistent application of this knowledge. Strong experience leading through influence and achieving results in the face of ambiguity while continuing to work towards a goal. An ability to communicate complex and technical issues to diverse audiences, orally and in writing, in an easily-understood, authoritative, and actionable manner. Demonstrated ability to track and interpret federal and state laws related to privacy, including as relevant to managing personally identifiable information of all areas on campus (GLBA, FERPA, CIPA, HIPAA, HITECH, ORC, etc.). Ability to use expertise, experience and creative thinking to tackle and solve complex compliance matters. Expert interpersonal skills, customer service orientation, active listening skills and highly effective team leadership skills. Experience managing a broad workload and multiple simultaneous projects. Ability to form solid assumptions and make decisions and recommendations based on a diverse pool of information. Ability to evolve and stay current in knowledge of technology and industry information security and privacy areas. Knowledge of the ethics and compliance profession, theories and systems of internal control frameworks, and professional compliance and investigations standards. Ability to develop course materials and deliver content effectively to diverse populations. Self-starter, motivated, disciplined and diplomatic professional with high energy and a strong work ethic. Ability to maintain a high degree of discretion, integrity, and sensitivity to confidentiality and privacy. Develop executive level communications including presentations and proposals in support of furthering adherence to privacy program.