Privacy and Customer Trust Program Manager

About the Role

Abnormal Security is looking for a Privacy and Customer Trust Program Manager to join the Security & Privacy team. The Security & Privacy team owns the information and cybersecurity program for the company, including Security Operations, GRC, Privacy, and Customer Trust.

This role will own the design and execution of the Privacy program, drive the adoption of privacy best practices across Abnormal Security, and establish compliance with global laws and regulations related to privacy. In partnership with the Director GRC this role will also drive the design and execution of the Customer Trust program operations, including knowledge management, developing content, and supporting the sales cycle.

The ideal candidate will have the desire and ability to roll up their sleeves as a player-coach, centered mindset around privacy-by-design with a keen attention-to-detail, excellent communication skills, strong collaboration and business sense, and an adept awareness of our customers’ requirements of Abnormal as a leading cybersecurity SaaS provider.

Who you are

• Strong oral and written communication skills along with presentation skills; the ability to quickly build rapport with internal and external stakeholders including auditors.
• Team player, collaborative work style.
• High attention to detail, process, and organization.
• Outstanding analytical and communication (written and verbal) skills and exercises good business judgment.
• Demonstrated experience presenting detailed, technical concepts to both technical and non-technical audiences.
• Results-oriented, values collaboration, self-motivated, and willing to adapt to change in a fast-moving environment.
• Strong project management skills to ensure accountability and results.
• Ability to manage multiple priorities and meet deadlines in a fast-paced environment.
• Operate within an agile environment, and provide leadership to adapt to dynamics in technology, industry, cyber threats, and our own business.
• Ability to take unpopular positions when necessary, influence others to support these decisions, and maintain trust and credibility.
• Ability to handle sensitive information with discretion and tact.
• Ability to make good judgements regarding data privacy risks and to prioritize resources and activity around managing those risks.
• Ability to work with technical engineering and product teams in applying privacy-by-design principles.

What you will do

Privacy and Customer Trust Program Management

• Keep abreast of regulatory and industry developments applicable to privacy and advise the GRC Director and other management on the potential impact on the organization.
• Define the privacy strategy and ensure the selection of controls is consistent with the strategy.
• Implement, manage, optimize, and mature the Privacy program to help to drive industry-leading privacy practices, required change across the organization, and compliance with applicable regulations.
• Implement, manage, optimize, and mature the Customer Trust program to support the security, privacy, and compliance activities related to the sales cycle.
• Lead the ongoing development, implementation, and maintenance of policies, procedures, standards, guidelines, and controls that protect personal information and support the Privacy program and Customer Trust program operations.
• Collaboratively define, manage, and drive cross functional programs and technologies that enable teams across Abnormal Security to deliver our products and operate our business with privacy by design.
• Scope, manage, and drive to completion the end-to-end delivery of privacy and customer trust projects with cross-functional stakeholders with excellent project management skills.
• Monitor and report on the effectiveness and maturity of Privacy and Customer Trust programs to the Director GRC, CISO, and other management.

Privacy Risk Management and Compliance

• Design and implement an integrated risk management approach that applies operating controls to manage privacy risk and aligns with the Enterprise Risk Management program.
• Conduct regular privacy risk and impact assessments and work with relevant departments to identify, evaluate, mitigate, and monitor privacy risks across the organization.
• Provide leadership on where to target our privacy risk mitigation efforts, liaise with key stakeholders to ensure appropriate risk mitigation measures have been taken in response to identified privacy risk, and track remediation to resolution.
• Align with the Compliance program and control owners to enhance and assess privacy controls, including assisting with the coordination of external audits.
• Partner with the Compliance program to ensure personnel and third-party compliance with information privacy requirements, and compliance with customer contractual obligations related to privacy.

Privacy and Customer Trust Education and Awareness

• Evangelize a culture of privacy throughout Abnormal through education, trust, and empathy; perform outreach across the company to promote awareness.
• Oversee the privacy training, awareness, and mentorship of personnel, including developing customized programs and materials for specific teams.
• Create and maintain internal self-service resources for privacy and customer trust.
• Partner with stakeholder teams to develop external-facing and consumer-friendly content and communications related to security, privacy, and compliance.

Privacy and Customer Trust Operations

• Develop supporting processes to intake and respond to internal and external privacy and customer trust requests/questions.
• Triage, analyze, and conduct investigations on incidents reported to the privacy office to ensure appropriate response and escalation; support data incident response and data breach notification procedures.
• Maintain required privacy records and documentation such as records of data processing.
• Own and manage the Trust Portal configuration, content, and operations; own and manage other systems that support privacy and customer trust.

Must Haves

• 5+ years of experience in privacy or related technical disciplines such as information security, compliance, or technical risk management.
• Bachelor’s degree, equivalent work experience, or equivalent military experience with at least 5 years of Risk Assurance/Compliance, Privacy, and/or Information Security experience.
• Privacy protection related experience with solid background knowledge of enterprise security industry and technology.
• Experience developing internal policies and procedures, training programs and communications.
• Strong understanding of risk management and ability to effectively communicate privacy risk to executives.
• Demonstrated track record of successfully developing and maturing security, privacy, or compliance programs with an emphasis on delivering results through efficient process design, optimization, and project management.
• Experience in operations related to privacy, customer trust, or compliance.
• Understanding of software development processes and cloud computing services, and the privacy challenges of each.
• Experience with coordinating and/or managing SOC 2 and/or ISO audits.
• Familiarity with privacy, customer trust, and GRC tools.
• Understanding of statutes, regulations and guidance related to data privacy and consumer communications and marketing, including GDPR, CCPA, HIPAA, TCPA and CAN-SPAM, and working knowledge of data privacy regulatory trends.
• Participated in GDPR, CCPA, ISO27001, ISO27701, or SOC 2 Privacy Trust Services Criteria initiatives and related work is preferred.
• Proficiency in PIA/DPIA methodologies, presided over or participated in privacy by design work is preferred.

Nice to Have

• Experience at a technology or SaaS / Cloud and/or with a regulated public company and/or at a Big 4 firm.
• Prefer a degree in information assurance, computer science, information security, or business.
• Professional certifications (CIPP, CIPM, CISA, PMP or others related to privacy, security, or project management) are a plus.

#LI-JB1