As the job of privacy moves beyond law, policy, and compliance and into operations and the actualization of information technology, organizations have begun training, hiring, and generally seeking out "privacy engineers" to fill the gap left between policy and implementation. The job title has been around since at least 2001, but there remain few with that title active in the workforce and this year marks the IAPP's launch of a new Privacy Engineering Section to recognize and support the sizable growth of the IT and privacy engineering fields within our member community.
In light of this, the IAPP — with help from the Privacy Engineering Advisory Board — has cobbled together a sample job description by combining and modifying those available online so as to help organizations fill this important role, whether from outside or within.
What did we miss? What needs changing? Send Emily Leach an email with your suggestions, and we’ll revise the description as time and innovation revise the job.
Tasks and Responsibilities:
- Develop and implement solutions to ensure privacy policies are correctly implemented. The implementations should advance compliance with legal forms of data use as well as support business use of data.
- Work to align advanced technologies and Privacy by Design principles from the first stages of development and ensure that the data use meets established regulatory compliance needs.
- Collaborate with data product development teams creating new uses of data that employ privacy features.
- Interacting with internal privacy program managers, product development teams, legal, compliance, governance and data protection teams.
- Analyze, design and program software enhancements for new data streams with a goal of developing technical solutions and systems to help mitigate privacy vulnerabilities and prevent potential future privacy risks.
- Responsible for assisting with the management of the data privacy, data protection, data usability, performance and the integrity of the privacy solution.
- Using current programming language and technologies, creates a solid design, writes code, completes programming, and performs testing and debugging of applications as well as completes documentation and procedures for installation and maintenance.
- Interact with users to define system requirements and/or necessary modifications to new or existing software.
- Interface with other developers and architects in implementing big data solutions that enable the business to be data driven while protecting the data assets.
- Interface with usability team to ensure user-facing privacy controls are usable
- Use data anonymization, pseudonimization and encryption to develop systems that preserve and improve privacy protections.
- Guide the development of new privacy products and features.
- Identify areas of improvement in local practices relative to managing data privacy.
- Performs regular privacy assessments of operational processes, identifying, and mitigating risks across the company through effective tools, training and guidance
- Communicates program progress, escalations, and issue analysis to key stakeholders
- Acts as key interface to data science and analytics communities both within and outside of the organization
Knowledge and Skills:
- Excellent analytical and problem solving skills.
- Excellent communication skills (verbal and written), ability to influence without authority.
- Ability to balance risks in ambiguous and complex situations.
- Demonstrated teamwork and collaboration skills, in particular in leading or contributing to global and multi-functional teams.
- Highly motivated to contribute and grow within a complex area of emerging importance.
- Experience or understanding of software applications design tools and languages
- Understanding of design for software applications running on multiple platforms.
- Understanding of testing, coding and debugging procedures.
- Demonstrated working knowledge of software engineering fundamentals.
- Competent in the interpretation of numeric data, an understanding of statistical principles.
- Data literacy: finding and managing data, cleansing data, manipulating data.
- Ability to perform operations on large datasets
- BS or MS degree in computer science, computer engineering, information systems, privacy engineering or related field of study.
- CIPT certification
- Strong software development skills.
- Excellent communication and presentation skills and the ability to effectively communicate designs, proposals, and results; and negotiate options at management levels
- 5 years' experience in privacy / data protection or a graduate degree or concentration in privacy engineering