Systems Analyst, Global Privacy

at  Kohler

SALARY UP TO £49K (SUBJECT TO SKILLS & EXPERIENCE) PLUS A FANTASTIC BENEFITS PACKAGE INCLUDING COMPANY BONUS AND ACCESS TO OUR FLEXIBLE BENEFITS PLATFORM.

Location: Gloucester : Hybrid working – with a minimum of 3 days per week working from our office in Quedgeley, Gloucester

OPPORTUNITY

It’s an exciting time to join Kohler Co., with over 30 diverse brands in 50+ countries, we are continuing to experience significant growth and re-investment into our privately owned, $7 billion business.
Does ensuring that people’s personal data is protected according to privacy regulations sound like an interesting challenge? The Kohler Cybersecurity team is looking for a Global Privacy Analyst to design secure, and private, solutions that meet our compliance requirements. Our global privacy team seeks to work closely with our business partners to identify privacy risks, implement mitigating controls, and enable business solutions.
Our Privacy Center of Excellence (COE) team is extremely tight knit which is comprised of cybersecurity and legal resources, as well as many privacy champions within Kohler. We work together to define privacy requirements, educate the business on risks and necessary mitigations. We address regulatory requirements such as privacy impact assessments (PIAs), data protection impact assessments (DPIAs) and respond to consumer requests. We’re looking for a new teammate who is curious, motivated, and reliable; someone who will help us continue to foster the positive team culture we have cultivated.
This position will identify and analyze privacy risks across the ecosystem. You will develop strategies and plans to define and enforce privacy requirements.
Not all risks are created equal. You will use a tactical approach to increase visibility of privacy concerns to reduce those risks across the ecosystem. This includes facilitating conversations with business partners to understand data privacy risk and how we can find an acceptable solution.
We leverage the NIST Privacy Framework and have built strong foundational controls; we want to scale those controls and make the process more efficient. We can’t do it alone; you will work cross-functionally with the business, IT, and enterprise functions to identify opportunities for risk reduction and process improvements. Serving as a trusted advisor to partners in IT and the business. Strong communications skills are key, with the ability to communicate complex issues in clear non-technical language. You will be able to influence key business partners, including executive leadership and drive consensus in complex stakeholder environments with multiple conflicting priorities. Join the Kohler cybersecurity team and become an influential voice on our privacy journey!

TECHNICAL COMPETENCY REQUIREMENTS

Our team works across many privacy regulations around the world and a background specifically in Europe, China, California, India, Brazil locations is key. We also work with numerous security technologies and domains, including: Data Protection; Encryption; Access Control; Audit Logs & Maintenance; Incident Response; Cloud Security; OT & IoT technologies; and Connected products security (consumer, manufacturing).

We don’t expect you to be an expert in all of them, but we do want you to be excited to work within them! Be prepared to discuss your exposure to and proficiency with several of them, including examples of proven practical experience. Additional areas to show your expertise include:

• Understand general data privacy regulatory concepts and interpret them into business operations, business process, and technical and functional requirements.
• Experience with regulatory and compliance standards, including but not limited to: Sarbanes-Oxley, payment card industry standards, HIPAA/HITECH, global data privacy requirements, as well as state and federal regulations preferred.
• In-depth knowledge of risk assessment methods and technologies.
• Proficiency in performing risk, business impact, control and vulnerability assessments.
• Audit, compliance or governance experience is preferred.

SKILLS/REQUIREMENTS

• Bachelor’s degree or equivalent work experience.
• Minimum of three years IT, security, privacy, or related work experience.
• Experience in privacy and data protection laws.
• Professional privacy certification such as CIPP or working toward certification..

FUNCTIONAL RESPONSIBILITIES

You will have the opportunity to work with many teams across the business. Key goals are to identify, propose, and implement risk reductions and process improvements for our global privacy program. Some more specific examples include but not limited to:

• Organize key initiatives and activities related to the development and implementation of privacy standards, training, monitoring, controls, risk mitigation planning and other privacy program elements.
• Conduct privacy impact assessments of programs, systems, products, and services.
• Maintain privacy-related notices, policies, standards, guidelines, and processes.
• Capture, assess and respond to privacy-related inquiries by external and internal data subjects.
• Track, manage and fulfill Subject Access Requests, other data subject requests in automated system.
• Support the development and management of internal privacy and data protection controls.
• Maintain playbooks related to ongoing compliance with privacy and data protection laws, and related requirements.
• Analyze trends and systematic issues and prepare reports/dashboards for management.
• Manage privacy requirements for external Kohler websites.

We don’t expect you to be an expert in all of them, but we do want you to be excited to work within them! Be prepared to discuss your exposure to and proficiency with several of them, including examples of proven practical experience. Additional areas to show your expertise include:

• Understand general data privacy regulatory concepts and interpret them into business operations, business process, and technical and functional requirements.
• Experience with regulatory and compliance standards, including but not limited to: Sarbanes-Oxley, payment card industry standards, HIPAA/HITECH, global data privacy requirements, as well as state and federal regulations preferred.
• In-depth knowledge of risk assessment methods and technologies.
• Proficiency in performing risk, business impact, control and vulnerability assessments.
• Audit, compliance or governance experience is preferred