At Graphic Packaging International, we produce the paper cup that held your coffee this morning, the basket that transported those bottles of craft beer you enjoyed last weekend, and the microwave tray that heated your gourmet meal last night. We’re one of the largest manufacturers of paperboard and paper-based packaging for some of the world’s most recognized brands of food, beverage, foodservice, household, personal care and pet products. Headquartered in Atlanta, Georgia, we are collaborative, diverse, innovative individuals who create inspired packaging while giving back to our communities.
With over 25,000 employees working in more than 130 locations worldwide, we strive to be environmentally responsible in our industry and in the communities where we operate. We are committed to workplace diversity and offer compensation and benefits programs that are among the industry’s best to reward the talented people who make our company successful.
If this sounds like something you would like to be a part of, we’d love to hear from you.
A World of Difference. Made Possible.
Scope:
This position covers all EMEA countries in which Graphic operates. Working as part of the team, the role of the Data Privacy Specialist is to support Graphic's global privacy program, manage the day-to-day privacy responsibilities for EMEA, and assist with meeting privacy requirements for business partners and service providers. Knowing how to persuade and enable the business, while maintaining integrity, the Analyst supports business stakeholders to control risk from potential procedural or technology changes that affect privacy.
The Data Privacy Specialist supports privacy risk assessments, focused on specific business processes or applications. He or she will support the prioritization of privacy risk treatment for the organization and determine how to maintain and improve adherence to regulatory requirements and corporate policies.
Key Responsibilities and Job Functions:
* Monitor and oversee the regional privacy and confidentiality consent procedures, authorization forms, and information notices.
* Work with multidisciplinary teams, including audit and risk, compliance, HR, legal, business process owners, IT, security, and other internal stakeholders.
* Oversee and manage the DSAR process for the region.
* Support the mitigation of enterprise's specific privacy-related requirements and potential vulnerabilities.
* Communicate with other members of the Privacy Team concerning privacy issues.
* Receive and manage internal reports from business stakeholders to maintain control over all project and innovative initiatives, including change management, to ensure timely attention to privacy bottlenecks.
* Support the privacy impact assessment process, in close collaboration with business stakeholders.
* Monitor and triage group mailbox.
Compliance Monitoring
* Collaborate with and assist business units and technology areas to develop corrective action plans for identified privacy compliance issues.
* Support and update the registry of all personal data stores and processing activities.
* Work closely with the technology service teams to anticipate potential privacy problems embedding the use of emerging technologies.
* Work to integrate controls within specific HR and CRM business and IT processes.
* Assist with privacy awareness campaigns, training, and orientation for all employees — in particular, application developers, HR, and marketing.
* Work with third-party stakeholders (including business partners, suppliers, service providers, and IT product vendors) to ensure that they clearly understand and comply with privacy requirements.
Background:
* Bachelor's degree or higher in business administration, law, finance, accounting, computer science, information security, or a related discipline is required.
* The ideal candidate may have a combination of a legal or business degree with technical or computer expertise.
* Experience with GDPR compliance in the EMEA region.
* The candidate has obtained one or more of the following certifications for the relevant region(s) Certified Information Privacy Professional (CIPP), Certified Information Privacy Management (CIPM),and/or Certified Information Privacy Technologist (CIPT), Certified Data Privacy Solutions Manager (CDPSE), Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or Certified Information Systems Auditor (CISA).
* 3 to 5 years of experience at a multinational corporation in privacy, data protection, security, risk management, auditing, and/or compliance, preferably in the manufacturing industry, with at least the past 1 to 3 years focused on privacy.
* Familiarity and experience with cloud computing, online services, web and enterprise applications, and data analytics.
* Familiarity with technological assistance tooling, such as data discovery, data mapping, authorization, and access management, and pseudonymization technologies.
* Ability to understand business process flows and to provide recommendations for operationalizing compliance requirements.
Required Skills:
* Strong analytical and problem-resolution skills.
* Strong written and verbal communication skills, as well as the ability to work well with a diverse client base.
* Knowledge of the privacy aspects of the product development life cycle, data handling, and asset classification, and knowledge of the role of a privacy professional in ensuring that customer data is properly managed.
* Interest in privacy developments, constitutional privacy guarantees, international privacy guidelines, and principles, privacy by design, protection by default, data subject's rights, privacy accountability, and minimal disclosure.
* Ability to articulate the importance of privacy.
* Ability to maintain proper documentation, relevant records, and archives in an orderly, transparent fashion.
* Fluent in English. Fluency in other European languages is a plus.
Preferred Skills:
* Has the accessibility and ability to interface with, and gain the respect of, stakeholders at all levels and roles in the company.
* Has good judgment, and a sense of urgency and has demonstrated commitment to high standards of ethics, regulatory compliance, customer service, and business integrity.
* Sound business judgment, with the ability to think strategically and give practical advice by balancing business needs with legal risks.
* Knowledge of software development life cycles (SDLCs).
Offer:
* Competitive salary and benefits package.
* Opportunities for career growth and development.
* Friendly and supportive work environment.