About the role
Job Posting: Data Protection and Risk Officer
Position Title: Data Protection and Risk Officer
Reporting to: EVP Organizational Performance, Culture & Strategy
Department: Operations
Job Summary
We are seeking a highly skilled and experienced Data Protection and Risk Officer to join our
team. Reporting to the EVP of Organizational Performance, Culture, and Strategy, you will
be a key member of the Operations department, which includes GRC, HR, and Program
Management teams. Your primary responsibility will be to lead our data protection and
risk management program, ensuring compliance with global regulations and best practices.
You will work closely with various teams, including Sales, HR, Engineering and
IT/DevOps/SecOps/CloudOps to advise on compliance matters, implement and monitor IT
compliance activities, and foster a culture of security and privacy throughout the
organization.
Responsibilities
- Build a strategic and comprehensive information security program that defines,
develops, maintains and implements policies and processes that enable consistent,
effective information security practices which minimize risk and ensure the
integrity, confidentiality and availability of information that is owned, controlled
and processed within Explorance
- Ensure information security policies, standards, and procedures are up-to-date
- Initiate, facilitate, and promote activities to foster information security awareness
within the organization
- Create a culture of cyber security both with the IT organization and driving
behavioral changes for the business
- Evaluate security trends, evolving threats, risks and vulnerabilities and applies tools
to mitigate risk as necessary
- Manage security incidents and events involving IT systems
- Ensure that the disaster recovery, business continuity, risk management and access
controls needs are addressed
- Ensure compliance with the administrative, technical and physical safeguards
- Manage 3rd party security audits and penetration testing initiatives
Serve in a leadership and functional role for security compliance
- Work closely with the internal teams to ensure alignment between security and
privacy compliance programs including policies, practices and investigations, and
acts as the point of contact for the information systems and compliance
departments
- Initiate and perform periodic information security risk assessment/analysis,
mitigation and remediation. Responsible for development and implementation of
security risk management plan
- Support the implementation of controls and perform period audits to ensure that
activity is appropriate. Such activity would include, but is not limited to, logons and
logoffs, file and system access
- Ensure the organization has and maintains appropriate system use and disclosure /
confidentiality and Privacy statements
- Oversee, develop and/or deliver initial and ongoing security training to the
workforce
- Initiates, facilitates and promotes activities to foster information security awareness
within the organization and related entities
- Participate in the development, implementation, and ongoing compliance
monitoring of all business agreements, to ensure security concerns, requirements,
and responsibilities are addressed
- Establish and administer a process for investigating and acting on security incidents
which may result in a privacy breach.
- Partners with Human Resources and Business Process to ensure consistent sanctions for security violations
- Maintains current knowledge of applicable local, federal and international laws, as
well as certification requirements and accreditation standards.
- Serve as information security officer to all departments for all data security related
questions and issues
- Participate in 3rd party vendor risk and compliance assessment activities such as
SOC reports reviews or other control assurance reports
Professional Experience/Qualifications
- Bachelor’s degree in a field related to Information Technology, Business or Risk
Management or a related IT security certification such as CISSP, CISM, CISA, CCSP
- Security industry related knowledge and credentials, such as SOC2, NIST 800-53,
ISO 27001, OWASP
- Knowledge and experience in local and federal information security laws, such as
PIPEDA, FERPA, GDPR, FedRAMP
- Understanding of risk assessment methodologies (e.g. RCSA), internal controls and
controls testing (e.g. SOC2), and industry technology risk management frameworks, as well as familiarity with SDLC and Project Management methodologies
Additional Requirements
- A high level of integrity and trust
- Demonstrated organization, facilitation, written and oral communication, and
presentation skills
- Interpersonal, influencing and negotiation skills with the ability to work effectively with all levels of the organization
- Demonstrated skills in collaboration, teamwork, and problem-solving to achieve
goals.
- Excellent writing skills
- Knowledge and direct experience with Resiliency-Disaster Recovery and Business
Continuity compliance
About Explorance
Founded in 2003, Explorance supports more than 20 million students and employees in their professional journey of purpose, growth, and impact. As the leading provider of People Insight Solutions, Explorance focuses on where people's experiences converge with talent effectiveness. By connecting the moments that matter, we bring together a unified picture of needs, expectations, skills, knowledge, and competency. By providing proven measurement expertise and decision-grade AI-enabled recommendations, we help accelerate the insight-to-action cycle, enabling organizational agility and individual success. Headquartered in Montreal with business units in Chicago, Chennai, Melbourne, Amman, and London, Explorance works with 25% of the Fortune 100 companies and the world's top Higher Education institutions. Explorance has been consistently recognized for its culture of high trust by the Great Place to Work® Institute and as a Deloitte Technology Fast 500™ organization. To learn more, please visit Explorance.com
About the role
Job Posting: Data Protection and Risk Officer
Position Title: Data Protection and Risk Officer
Reporting to: EVP Organizational Performance, Culture & Strategy
Department: Operations
Job Summary
We are seeking a highly skilled and experienced Data Protection and Risk Officer to join our
team. Reporting to the EVP of Organizational Performance, Culture, and Strategy, you will
be a key member of the Operations department, which includes GRC, HR, and Program
Management teams. Your primary responsibility will be to lead our data protection and
risk management program, ensuring compliance with global regulations and best practices.
You will work closely with various teams, including Sales, HR, Engineering and
IT/DevOps/SecOps/CloudOps to advise on compliance matters, implement and monitor IT
compliance activities, and foster a culture of security and privacy throughout the
organization.
Responsibilities
- Build a strategic and comprehensive information security program that defines,
develops, maintains and implements policies and processes that enable consistent,
effective information security practices which minimize risk and ensure the
integrity, confidentiality and availability of information that is owned, controlled
and processed within Explorance
- Ensure information security policies, standards, and procedures are up-to-date
- Initiate, facilitate, and promote activities to foster information security awareness
within the organization
- Create a culture of cyber security both with the IT organization and driving
behavioral changes for the business
- Evaluate security trends, evolving threats, risks and vulnerabilities and applies tools
to mitigate risk as necessary
- Manage security incidents and events involving IT systems
- Ensure that the disaster recovery, business continuity, risk management and access
controls needs are addressed
- Ensure compliance with the administrative, technical and physical safeguards
- Manage 3rd party security audits and penetration testing initiatives
Serve in a leadership and functional role for security compliance
- Work closely with the internal teams to ensure alignment between security and
privacy compliance programs including policies, practices and investigations, and
acts as the point of contact for the information systems and compliance
departments
- Initiate and perform periodic information security risk assessment/analysis,
mitigation and remediation. Responsible for development and implementation of
security risk management plan
- Support the implementation of controls and perform period audits to ensure that
activity is appropriate. Such activity would include, but is not limited to, logons and
logoffs, file and system access
- Ensure the organization has and maintains appropriate system use and disclosure /
confidentiality and Privacy statements
- Oversee, develop and/or deliver initial and ongoing security training to the
workforce
- Initiates, facilitates and promotes activities to foster information security awareness
within the organization and related entities
- Participate in the development, implementation, and ongoing compliance
monitoring of all business agreements, to ensure security concerns, requirements,
and responsibilities are addressed
- Establish and administer a process for investigating and acting on security incidents
which may result in a privacy breach.
- Partners with Human Resources and Business Process to ensure consistent sanctions for security violations
- Maintains current knowledge of applicable local, federal and international laws, as
well as certification requirements and accreditation standards.
- Serve as information security officer to all departments for all data security related
questions and issues
- Participate in 3rd party vendor risk and compliance assessment activities such as
SOC reports reviews or other control assurance reports
Professional Experience/Qualifications
- Bachelor’s degree in a field related to Information Technology, Business or Risk
Management or a related IT security certification such as CISSP, CISM, CISA, CCSP
- Security industry related knowledge and credentials, such as SOC2, NIST 800-53,
ISO 27001, OWASP
- Knowledge and experience in local and federal information security laws, such as
PIPEDA, FERPA, GDPR, FedRAMP
- Understanding of risk assessment methodologies (e.g. RCSA), internal controls and
controls testing (e.g. SOC2), and industry technology risk management frameworks, as well as familiarity with SDLC and Project Management methodologies
Additional Requirements
- A high level of integrity and trust
- Demonstrated organization, facilitation, written and oral communication, and
presentation skills
- Interpersonal, influencing and negotiation skills with the ability to work effectively with all levels of the organization
- Demonstrated skills in collaboration, teamwork, and problem-solving to achieve
goals.
- Excellent writing skills
- Knowledge and direct experience with Resiliency-Disaster Recovery and Business
Continuity compliance
About Explorance
Founded in 2003, Explorance supports more than 20 million students and employees in their professional journey of purpose, growth, and impact. As the leading provider of People Insight Solutions, Explorance focuses on where people's experiences converge with talent effectiveness. By connecting the moments that matter, we bring together a unified picture of needs, expectations, skills, knowledge, and competency. By providing proven measurement expertise and decision-grade AI-enabled recommendations, we help accelerate the insight-to-action cycle, enabling organizational agility and individual success. Headquartered in Montreal with business units in Chicago, Chennai, Melbourne, Amman, and London, Explorance works with 25% of the Fortune 100 companies and the world's top Higher Education institutions. Explorance has been consistently recognized for its culture of high trust by the Great Place to Work® Institute and as a Deloitte Technology Fast 500™ organization. To learn more, please visit Explorance.com