Data Security, Privacy, & Compliance Manager

Application instructions for this and all current OPB employment opportunities are available at OPB's careers page.

About OPB

OPB is a leader in public media, serving diverse communities of the Northwest with fact-based, in-depth news and information about politics, the environment, science, arts, history, and cultures; business, education and more. Powered by the generous support of members, OPB seeks out a variety of voices in our communities and lifts up authentic stories of the people, places, events and issues of the region, providing context and a deeper understanding. OPB’s independent journalism and programs are available at opb.org, on OPB Radio and OPB TV. Follow us on Instagram, YouTube and Facebook. 

The Opportunity

We’re recruiting a Data Security, Privacy and Compliance Manager! The right person for this role will have a solid understanding of data management concepts and tools, such as data governance, data quality, data security, data architecture, and data analytics. We’re looking for someone with knowledge of the relevant data privacy laws and regulations and how they affect different types of data and industries. Also, you should have excellent communication, leadership, and problem-solving skills, as you will need to collaborate with various teams and stakeholders and handle complex and sensitive data privacy matters. If this sounds like you, we hope you’ll apply!

Position Details

The Data Security, Privacy and Compliance Manager leads OPB’s efforts to maintain effective data security and privacy policies and practices. You will be responsible for evolving, developing and implementing data security and privacy strategies and programs, working closely with other data managers, our legal team, technology team, and business stakeholders to ensure that data collection, storage, processing, and sharing are aligned with policies and applicable laws and standards, such as the Oregon Consumer Privacy Act (OCPA). You will monitor and audit our data security and privacy performance and risks and provide guidance and training on data security and privacy best practices and issues.

You will stay updated with the changing data security and privacy landscape and regulations, balancing business needs and data security and privacy requirements, managing data security and privacy risks and response to incidents, and fostering a data security and privacy culture and awareness within the organization. Your efforts will enhance the trust and reputation of OPB, improving our member experience and loyalty, optimizing our data management processes and efficiency, and driving innovation and growth with data security and privacy as an organizational imperative.

Responsibilities

50% - Frameworks & Compliance

• Collaborate cross-functionally to create and manage a schedule of compliance and legal requirements to ensure our compliance with relevant laws, regulations and frameworks including:

  • Oregon Consumer Privacy Act (OCPA)
  • Payment Card Industry (PCI-DSS)
  • National Institute of Standards and Technology (NIST)

Governance

• Lead committees and activities related to data governance, security, and response.
• Lead the documentation of OPB’s data map and create a process for auditing and maintaining it annually at minimum.
• Coordinate and prioritize efforts in support of the governance committees and teams, and the implementation of policies. 
• Audit and drive compliance with data collection policies, access, usage, and storage.
• Stay updated on the latest data governance and security frameworks and laws, and recommend adaptations to data security, governance strategies and risk mitigation.
• Anticipate, communicate, and manage data privacy issues and risks.
• Monitor and report, including:
  • Establish performance metrics and key performance indicators (KPIs) to measure the effectiveness of OPB’s data security and privacy efforts.
  • Provide a quarterly report outlining progress, risks, and recommendations.
• Develop and cultivate cross-functional stakeholder relationships, collaborating across teams to align business needs and cross-functional goals.
• Be an effective communicator who can simplify complex issues and is adept at making decisions, building and maintaining productive relationships with a wide range of leaders and staff within OPB.

Policies & Procedures

• Document and socialize OPB’s Data Governance Strategy.
• Establish data governance policies, procedures, standards, and responsibilities.
• Coordinate regular data security and privacy policy reviews and updates.
• Coordinate the activities of Business Data Custodians to ensure compliance with data security and privacy policies.
• Coordinate incident exercises/rehearsal; testing that processes and systems work as expected and recommending remediation where needed.

50% - Awareness & Training

• Actively engage stakeholders across OPB to increase data security and privacy awareness and compliance with applicable policies, processes, and laws.
• Collaborate with cross-functional teams to integrate security into all aspects of projects, systems, and processes.
• Ensure implementation of security procedures and training programs for all employees to foster a culture of security awareness.
• Recruit and train incident response team members and leaders.

Assessments

• Collaborate with Information Security team members to conduct threat identification and vulnerability assessments.

• Evaluate and recommend improvements to in-house tools and capabilities.
• Determine required skills and roles for incident response and recommend in-house and third-party roles.

Response & Recovery

• Lead OPB’s data incident response team and coordinate escalating issues to Senior Leadership Group as needed.
• Serve as OPB’s data incident response coordinator (IRC) during active incidents.
• Follow up on previous post-incident reviews; and 
• Maintain logs and review retention policies for incident response.

Working Conditions

Typical office environment, including use of a computer during regular business hours. This position could be hybrid with at least 50% of the time onsite. There is daily contact with OPB staff, and service partners. Limited travel to trainings and conferences.

Reports to: Chief of Staff

Supervisory Duties: No direct reports. Recruits, leads, and directs the work of interdisciplinary teams that include technical and nontechnical staff, consultants, and vendors.

Minimum Qualifications

• Bachelor’s degree in data management, computer science, or a related field.  
• 7 years’ experience in Information Security or a related field.
• An understanding and level of expertise with compliance frameworks such as NIST, OCPA, PCI-DSS, and how they affect different types of data and industries.
• Solid understanding of data management concepts and tools, such as data governance, data quality, data security, data architecture, and data analytics. 
• Experience in risk management, vulnerability assessment, and security controls compliance.
• Excellent communication, leadership, and problem-solving skills and the ability to communicate effectively across a wide range of situations, stakeholders and sensitive data privacy matters.
• Oriented to innovation, problem solving, teamwork, systematic thinking, and the constant pursuit of improvement.
• Demonstrated experience effectively managing complex projects, setting and accomplishing goals while managing dynamic priorities.
• Demonstrated proficiency working with Microsoft office products and other business systems.
• Enthusiasm for the mission of OPB.

Preferred Qualifications

•     Certification in data privacy, such as the Certified Information Privacy Professional (CIPP), will be an advantage as will industry certifications such as CISSP or CISM.

Additional Information

•    This position reports to the Chief of Staff and is benefits eligible
•    The probable hiring range for this exempt position is between $87,000 - $97,000 depending on qualifications.
•    For the safety of our employees, the contractors/vendors we work with, and the public we serve, OPB has a mandatory COVID vaccination policy and all employees are required to show proof of vaccination.
•    This position has access to highly sensitive data and therefore must pass a background check.