• Data Protection Manager

    Location US-TX-Austin
    Posted Date 2 months ago(9/13/2018 9:22 AM)
  • Overview

    **This position is based in Austin, TX**


    Who you are: 

    As the Data Protection Manager, you will be responsible for coordinating across all departments on data privacy and security matters, making sure customer data is secure, data privacy and security policies are implemented and solving problems as the rapidly changing business grows in an increasingly regulated environment.  Day to day activities include being the point person on data privacy and security questions, responding to customer and business needs, and acting as liaison when necessary. 


    The Data Protection Manager is primarily responsible for (i) all ongoing activities related to the availability, integrity, confidentiality and security of Company and customer data in compliance with governing privacy and security international, federal, state and local law and regulations and with the Company’s security policies and procedures and (ii) supporting and monitoring privacy and related compliance across the Company.  This role will report to our Chief Operating Officer.


    Who we are: For over 10 years, Spiceworks has been helping the world’s businesses find, adopt, and manage the latest technologies. We’ve also been helping IT brands build, market, and sell better products and services. Millions of IT buyers and hundreds of brands later, we’ve built the platform they use to get their jobs done and make them better at what they do, every day.


    With our helpful tools, technical content, a global community of experts, and entertaining ways to blow off steam, we’ve got IT covered. And because we understand IT buyers and the businesses they represent, established brands like Microsoft, Dell, and CDW, to name a few, and the latest industry innovators including KnowBe4 and Scale Computing use our insights and technology platform to run smarter, more personalized campaigns.


    In short, we’re making IT easy – and dare we say FUN – for everyone. Best part: we’re just getting started!


    Your day-to-day: (This position does the following in accordance with all applicable Federal, State and local laws / regulations and the Company’s policies, procedures and guidelines):

    • Develops further, finalizes and distributes, in association with the Information Systems Department (IS), Systems Architecture (SA), General Counsel (Legal), and Company management, information security, cybersecurity and privacy policies and procedures for the Company.
    • Implements the Company's information security, cybersecurity and privacy policies and procedures with special attention paid to following good/best security practices.
    • Educates and conducts informal and formal training of employees on important data privacy issues and compliance efforts
    • Maintains current knowledge of applicable federal, state and international information security, cybersecurity and privacy laws and standards and, in cooperation with IS, AS and Legal, monitors advancements in information privacy and cybersecurity technologies to ensure organizational adaptation and compliance.
    • Monitors changes in accreditation standards that affect information security, cybersecurity and privacy.
    • Interfaces with data subjects regarding data requests
    • Coordinates with IS to review the electronic security and privacy systems in place including anti-virus management, firewall and internet access protections, log review, data encryption, and data loss prevention services.
    • Collaborates with and assists the business and technology areas to develop corrective action plans for potential identified information security, cybersecurity and privacy compliance issues.
    • Coordinates with IS to provide security input and advice with respect to the development, maintenance and testing of the business continuity and disaster recovery plans.
    • Manages and enforces compliance with Company information security, cybersecurity and privacy policies and procedures.
    • Provides and manages direct information security training to directors, officers, management and employees.
    • Initiates, facilitates, and promotes activities to foster information security, cybersecurity and privacy awareness.
    • Assists in any data breach responses and notifications procedures.
    • Provides guidance to Legal in the negotiation and implementation of contractual provisions to address required privacy and cybersecurity provisions from customers, third party contractors, suppliers and agencies. Reviews and implements privacy and cybersecurity policies, privacy and cybersecurity agreements, data protection and data security agreements with customers and vendors. Ensures that agreed provisions in customer contracts are implemented and complied with across the Company.
    • Monitors compliance with the Company's information security, cybersecurity and privacy policies and procedures and customer contracts among officers, management, employees, vendors/contractors, dealers, alliances and other third parties and coordinates with IS, Compliance, Legal and Company management, to ensure corrective actions are identified and taken.
    • Performs information security, cybersecurity and privacy risk analyses/prevention and assessment. Develops an on-going security risk assessment program and methodology in conjunction with the Company’s business units targeting information security, cybersecurity, data protection and privacy.
    • Assist in the development and review of online creative content to comply with applicable regulatory requirements (including without limitation information security, cybersecurity, data protection and privacy and CAN-SPAM requirements), as well as with the Company’s internal policies.
    • Reports to Legal and Company management on the status of data control assessments and findings as appropriate.
    • Responds to customer inquiries and audit findings/recommendations. Suggests appropriate remediation/recommendation controls as deemed necessary.
    • Monitors advancements in information security, cybersecurity and privacy technologies.
    • Serves as the Company’s Subject Matter Expert (SME) in recommending and implementing best/good practices to respond to and remediate identified security incidents and/or vulnerabilities.


    What does it take to do this job?

    • Six year post-secondary education in computers or equivalent work experience.
    • A minimum of one of the following industry certifications is required: CISA, CISSP, CISM, CIPP and/or DPO.
    • Deep knowledge of data protection and privacy laws and practices, including GDPR, as well as customary contractual requirement.
    • Familiarity with the IAB Framework and Google privacy policies.
    • Minimum of four years’ experience specifically in an information security-related role.
    • Prior experience working in online advertising preferred.
    • Strong understanding of information security principles, architecture and methodologies including risk assessment.
    • Proven experience developing security, data privacy and information risk assessment programs.
    • Knowledge of ISO 27001/27002 security and privacy compliance frameworks.
    • Solid understanding of information security audit methodologies.
    • Strong ethical integrity with the ability to handle confidential information, remain impartial and report all incidences of noncompliance.
    • Flexible, autonomous team player able to work independently with little guidance or as a team contributor in a fast-paced, deadline-driven environment.
    • Excellent written and verbal communication skills.
    • Strong attention to detail.

    Intelligent, articulate and persuasive leader who can interact effectively with managers, employees, attorneys, vendors, dealers and customers.


    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed

    Connect With Us!

    Not ready to apply? Connect with us for general consideration.