The University of Southern California (USC) Office of Culture, Ethics and Compliance (OCEC) is seeking an experienced Director, Privacy Compliance to provide the strategic leadership, oversight and vision to build, enhance and sustain a comprehensive, university-wide privacy program, ensuring campus-wide compliance with all applicable privacy laws and regulations. Reporting directly to the Associate Vice President, Institutional Compliance, the Director, Privacy Compliance will develop, coordinate, and oversee data privacy and compliance programs, frameworks, and governance structures for the University, partner with key stakeholders to implement privacy compliance efforts and programs, and design and integrate communications strategies for privacy compliance information and training regarding university privacy policies, data-handling policies and procedures, and legal obligations.
Job Accountabilities:
- Provide the strategic leadership, oversight, and vision to build, enhance and sustain a comprehensive university-wide data privacy program. Develop and implement a continuous, comprehensive review process to assess existing university data privacy policies and procedures and to ensure efficacy, to identify and remediate performance gaps, and to ensure alignment with applicable relevant laws and regulations. Develop and implement short- and long-term planning for the university-wide data privacy program, outlining recommended enhancements and prioritizing steps to continuously improve the university-wide data privacy program, governance structure, and frameworks. Develop and coordinate ongoing privacy compliance-monitoring activities and risk assessments to optimize the security posture of the university.
- Partner with key stakeholders to implement privacy compliance efforts and programs. Collaborate with information security to ensure operational alignment between security and privacy compliance programs. Partner with stakeholders to identify, document, and mitigate privacy risks arising from key business activities (e.g., clinical, research, records retention, billing and contracting). Lead and participate in privacy related university committees to support privacy-related initiatives, address and evaluate emerging risks, and serve as an expert resource. Review and advise on legal agreements regarding the collection, protection, transfer, and use of regulated and/or sensitive data, offering guidance on methods to minimize privacy compliance risk. In partnership with audit services, review prior privacy related audit results and recommendations and confirm any implemented remedial measures to close out the prior findings are still in place, effective, and sustainable.
- Manage privacy incidents and breach notifications required by federal and state law, serving as liaison with federal and state oversight agencies. Perform timely investigations in partnership with appropriate university investigative offices ensuring resolution for all privacy-related matters received. Assess metrics and leverage analytics to improve and enhance processes.
- Design and integrate communications strategies for privacy compliance information and training regarding university privacy policies, data-handling policies and procedures, and legal obligations. Support a mechanism for timely responses to privacy related inquiries. Develop strategic role-specific privacy training course content for target audience(s) and ensure that privacy-related training for USC faculty and staff are inventoried, documented, and supported by a consistent and effective program.
- Maintain current and operational knowledge of applicable federal and state privacy laws in a research university environment. Promote an environment that fosters inclusive relationships and creates unbiased opportunities for contributions through ideas, words, and actions that uphold principles of the USC's unifying values and Integrity and Accountability Code.
The university reserves the right to add or change duties at any time.
Preferred Qualifications:
- Master's degree or J.D.
- Ten years of progressively responsible experience addressing privacy issues, or complex issues within a similar field.
- Experience in higher education and/or healthcare industries.
- Professional privacy specialist certification (e.g., CIPP, CIPM, CIPT, and/or FIP).
In addition, the successful candidate must also demonstrate, through ideas, words and actions, a strong commitment to USC's Unifying Core Values: integrity, excellence, diversity, equity and inclusion, well-being, open communication and accountability.
The annual base salary range for this position is $186,708.56 - $205,000.00. When extending an offer of employment, the University of Southern California considers factors such as (but not limited to) the scope and responsibilities of the position, the candidate's work experience, education/training, key skills, internal peer equity, federal, state, and local laws, contractual stipulations, grant funding, as well as external market and organizational considerations.
The University of Southern California is an Equal Opportunity Employer
Minimum Requirements:
Minimum Education: Bachelor's degree
Minimum Experience: 7 years
Minimum Field of Expertise: Knowledge and operational experience with global privacy and data-protection compliance programs. Extensive experience and skill conducting investigations, writing policies and guidance documents supporting various business activities, and interacting with internal and external auditors. Knowledge of relevant federal, state and local regulations and laws, as well as ethical practices and policies (HIPAA, FERPA, PCI, etc.). Demonstrated communication skills and cultural awareness, and a record of leadership and collaborative efforts with diverse groups and stakeholders.