Manager Data Privacy and Compliance

Posted Date: Aug-16-2017

Job ID: 8614

Job Type: Full Time

Job Function: Legal

City: Bellevue

State: Washington

What's cool about this job

Do you have experience building and leading Data Privacy and Compliance teams? Do you also enjoy working in a fast passed retail environment driven by the most advanced security and business delivery technologies?  If you said yes to each of the questions above, then we have an opportunity for you.
The Manager of Data Privacy and Compliance is responsible for managing both the staff and processes for: development and implementation of governance programs across the enterprise, building and testing processes that ensure REI meets both internal and external compliance requirements, manage the team and collaboration with leaders all areas to evaluate risk, develop strategies and promote a culture of continuous compliance.

  • Leads and manages compliance initiatives.
  • Leads, manages and develops risk, compliance and privacy team.
  • Provides compliance and regulatory oversight and direction to REI.
  • Continues the development and maturity of the following programs:
    • Vendor Management
    • Data Privacy
    • Awareness training
    • Regulatory Compliance (PCI, HIPAA, State and Federal… etc.)
    • Security Metrics
  • Manages information security audits.
  • Relationship manager between Information Security and business owners of the compliance programs.
  • Relationship manager between regulatory compliance audits and the IT organization.
  • Ability to influence peers in a matrixed IT environment to prioritize security and compliance initiatives.
  • Revises and develops information security and data privacy policies, standards and procedures to maintain contractual, regulatory and statutory compliance.
  • Accountable for monitoring compliance against policies and standards by conducting assessments, such as Privacy Impact Assessments (PIA), risk assessments, etc., and providing appropriate metrics.

Bring your passion and expertise

  • 10+ years of relevant IT experience.
  • 5 years’ combined experience focusing on IT Controls, PCI and awareness training.
  • Must have the appropriate certifications in project management, data privacy and information security, such as PMP, IAPP, CISSP and CISA.
  • 5 years’ experience managing compliance remediations across an enterprise.
  • 5 years’ experience developing and maintaining expertise in Federal and State laws, rules and regulations related to security and privacy including but not limited to HIPAA, Can-Spam, FTC actions and Payment Card Industry Data Security Standards (PCI-DSS)
  • 5 years’ experience developing and maintaining an information security and data privacy awareness training program
  • 5 years’ experience developing and maintaining vendor compliance programs (Preferred)
  • 5 years’ experience developing and maintaining a data privacy program
  • Demonstrated knowledge of recognized IT process and quality frameworks such as COBIT, ITIL, CMM, and ISO.
  • Demonstrated knowledge translating regulation and compliance requirements into technical solutions.
  • Demonstrated ability to translate regulation and compliance requirements into business values.`

Why you'll love it here

REI’s Enterprise Information Security Program is one of the most highly sought teams to join at REI.  We are a highly collaborative group that leverages advanced technologies to do their jobs.  And, we have the support and confidence of REI’s leadership team to take on and mitigate cyber security threats.  If you have a passion for outdoors, and want to be part of a dynamic and innovating cyber security program, this job is for you.

At REI we offer an enviable work environment that has been recognized on the "100 Best Companies to Work For" list since the award's inception – 20 years in a row! Sure, we work hard, but it’s balanced with time off to play—a strategy that works for us as we continue to grow and thrive. Want to enjoy a workplace where you can be yourself, be heard and be respected while having a job that challenges you? This is the place.

With more than 140 retail locations (and growing), REI offers unique competitive benefits to its more than 12,000 employees, including healthcare, gear and apparel discounts, free equipment rentals and challenge grants to help employees reach personal outdoor goals, generous retirement plan contributions, public transit subsidy, adoptions assistance, paid sabbaticals, and more.

REI is an Equal Opportunity Employer

ARTICLE 23-A, Section 753

§753. Factors to be considered concerning a previous criminal conviction; presumption.

1. In making a determination pursuant to section seven hundred fifty-two of this chapter, the public agency or private employer shall consider the following factors:

(a) The public policy of this state, as expressed in this act, to encourage the licensure and employment of persons previously convicted of one or more criminal offenses.

(b) The specific duties and responsibilities necessarily related to the license or employment sought or held by the person.

(c) The bearing, if any, the criminal offense or offenses for which the person was previously convicted will have on his fitness or ability to perform one or more such duties or responsibilities.

(d) The time which has elapsed since the occurrence of the criminal offense or offenses.

(e) The age of the person at the time of occurrence of the criminal offense or offenses.

(f) The seriousness of the offense or offenses.

(g) Any information produced by the person, or produced on his behalf, in regard to his rehabilitation and good conduct.

(h) The legitimate interest of the public agency or private employer in protecting property, and the safety and welfare of specific individuals or the general public.

2. In making a determination pursuant to section seven hundred fifty-two of this chapter, the public agency or private employer shall also give consideration to a certificate of relief from disabilities or a certificate of good conduct issued to the applicant, which certificate shall create a presumption of rehabilitation in regard to the offense or offenses specified therein.