As a Data Protection & Compliance Analyst you will lead, maintain and constantly strive to improve…

Data Protection practices at Gordon Food Service to ensure that sensitive data is properly protected.

Compliance practices at Gordon Food Service such that we have confidence in our compliance to standards such as: SOX, PCI, CCPA, PHI, etc.

Essential Functions:

Data Protection

Serve as Subject Matter Expert on all data protection strategies such as: Encryption, DLP, etc.

Collaborate with the technology services teams to define Data Classification standards

Develop and maintain an effective Data Loss Prevention (DLP) program

Implement, maintain or oversee Data Loss Prevention (DLP) tool sets

Implement, maintain or oversee technology that inventories sensitive data

Conduct Data Protection related Risk Assessments

Compliance

Identify trends in regulatory requirements and compliance enforcement, and account for the necessary changes in the compliance program

Recommend new and innovative strategies to address regulatory standards and requirements in new computing paradigms, such as: Internet of Things (IoT), cloud deployments, etc

Develop practical and effective recommendations for improving IT controls and processes

Provide accurate, consistent, and timely assessment of IT controls and privacy compliance requirements for all Gordon Food Service Information Technology

Coordinate controls requirements with Internal Audit and Product Owners of tools that contain PII and PHI

Conduct Compliance related Risk Assessments

Execute and lead completion of key controls to ensure GFS maintains necessary compliance

Monitor the status and effectiveness of compliance controls, ensuring that key risk indicators are effectively monitored to prevent an unacceptable impact on business objectives and reputation

Assist with annual review, daily, weekly and monthly operational controls and adherence to Sarbanes-Oxley, Privacy and Payment Card Industry Data Security Standards contractual obligations for Gordon Food Service

Assist with Security and Privacy Awareness Program activities

PCI

Lead the annual PCI RoC (Report on Compliance) audit

Ensure the SAQ (Self-Assessment Questionnaires) for the GFS subsidiaries are completed annually

Ensure required PCI-DSS compliance tasks are conducting at the required interval

Maintain relationship with our QSA (Qualified Security Assessor) 

Engage with project teams in scope of PCI in order to ensure PCI compliance standards are met

​Privacy

Help to develop, execute, improve and scale a comprehensive privacy program strategy and help to review, enhance, and manage the day to day operation of Gordon Food Service's privacy program

Work closely with the technology services teams to anticipate potential privacy problems embedded in the use of emerging technologies

Work with Legal, Risk, Communications, Audit, HR, IT, business process owners and other internal stakeholders to ensure enterprise wide coverage of the privacy requirements

Work with third-party stakeholders (including business partners, suppliers, service providers and IT product vendors) to ensure that they clearly understand and comply with Gordon Food Service privacy requirements

Work to ensure the organization maintains the appropriate privacy and confidentiality consent procedures, authorization forms, and information notices

Support creation of an inventory that documents how and why Gordon Food Service collects, shares and uses personal data

Evaluate the extent to which customer and employee information is collected and shared internally and externally

Maintain an inventory of all personal data stores and processing activities

Serve as the internal advisor to the IT and information security departments to interpret privacy-policy-related questions

Ensure that data security practices — in particular, logging, monitoring and auditing practices — do not conflict with privacy requirements

Policy Management

Ensure policies are maintained and refreshed on an annual basis

Communicate the policies out to the organization

Leading candidates will have:

Three years previous related experience required.  Preferred-work experience with privacy program development and administration responsibilities.

Bachelor's degree in Business, Law, Computer Science, Information Technology, or a related field preferred.

Preference for one or more of the following certifications:Certified Information Privacy Professional (CIPP), Certified Information Privacy Management (CIPM), and/or Certified Information Privacy Technologist (CIPT).

Preference for experience in auditing, consulting, legal, or program management environments, with at least 2 such years in privacy.

Understanding of IT impacts of external Industry and Governmental regulations (such as SOX, PCI, PII, HIPAA, etc.)

Ability to develop solutions to a variety of complex problems, and reference established precedents and policies.