Privacy Compliance Specialist (Data Privacy, Risk Management), PRA Health Sciences, Raleigh, NC

PRA Health Sciences is looking for a  Privacy Compliance Specialist to join our Raleigh-based team and help us continue to build our privacy program.

This position will report to and work daily with our Data Privacy Team as part of PRA’s Risk Management Office. We envision a successful candidate as a personable, creative self-starter who excels in collaborating not only with our team, but across PRA’s business functions to build privacy by design into our business practices and the company culture.  You’ll need to be comfortable pulling up your sleeves alongside business partners around the world to develop a deep understanding of their privacy risks and to identify practical, efficient solutions for identifying and managing them.  Given the nature of privacy work, this will mean regular interaction and collaboration with our IT and Cybersecurity teams, so while you need not be an IT specialist, comfort with IT and Cybersecurity concepts and processes will be especially helpful in supporting other PRA functions in collaboration with those teams. 

Our aim is to continually evolve our privacy program by finding strategies, processes and mechanisms that scale across geographies and our various businesses in a manageable, repeatable way that deliver sound risk management and outputs that demonstrate compliance and accountability.  Our best work enables PRA to nimbly adapt to the fast-coming changes in privacy laws around the world.  This requires comfort with stepping into complex problems that lack easy “by the book” solutions and finding paths forward.  When those paths are found and built they create big, meaningful and rewarding impacts for PRA and for the individuals our businesses ultimately serve.

Responsibilities

  • Strategic administration and deployment of privacy-focused GRC tools, including the OneTrust platform.  
  • Assessing business processes, including conducting privacy impact assessments (PIAs) and data protection impact assessments (DPIAs) suitable for different situations.  
  • Collaborating with our QA and internal audit teams to conduct and respond to privacy-relevant elements of internal and external audits.   
  • Driving continued evolution and improvement of privacy-related controls, metrics and reporting. 
  • Identifying and driving remediations and process improvements, whether through issues identified by audits or through day-to-day collaboration with business partners, including building “privacy by design” concepts into processes that are led and managed by other business units.   
  • Assisting with the development and administration of practical, impactful data privacy awareness training and related materials 
  • Partnering with our Vendor Management Team to ensure that PRA’s privacy-relevant vendors are properly screened and monitored. 
  • Adapting existing mechanisms to changes in business strategy and changes in applicable privacy laws in collaboration with the legal members of the PRA Data Privacy Team. 
  • Assisting in PRA’s response to data subject rights requests in a timely manner, including coordinating workflows with stakeholders engaged in response.    
  • Supporting effective response to data security and privacy incidents and the documentation of relevant activity. 
  • Working globally with business partners anywhere in the world to apply common privacy risk controls in a consistent manner relevant to each geography’s different needs.   
  • Continually improving PRA’s global data mapping to ensure timely response to the needs of individuals and of our customers.  
  • Strategic administration and deployment of privacy-focused GRC tools, including the OneTrust platform.  
  • Assessing business processes, including conducting privacy impact assessments (PIAs) and data protection impact assessments (DPIAs) suitable for different situations.  
  • Collaborating with our QA and internal audit teams to conduct and respond to privacy-relevant elements of internal and external audits.   
  • Driving continued evolution and improvement of privacy-related controls, metrics and reporting. 
  • Identifying and driving remediations and process improvements, whether through issues identified by audits or through day-to-day collaboration with business partners, including building “privacy by design” concepts into processes that are led and managed by other business units.   
  • Assisting with the development and administration of practical, impactful data privacy awareness training and related materials 
  • Partnering with our Vendor Management Team to ensure that PRA’s privacy-relevant vendors are properly screened and monitored. 
  • Adapting existing mechanisms to changes in business strategy and changes in applicable privacy laws in collaboration with the legal members of the PRA Data Privacy Team. 
  • Assisting in PRA’s response to data subject rights requests in a timely manner, including coordinating workflows with stakeholders engaged in response.    
  • Supporting effective response to data security and privacy incidents and the documentation of relevant activity. 
  • Working globally with business partners anywhere in the world to apply common privacy risk controls in a consistent manner relevant to each geography’s different needs.   
  • Continually improving PRA’s global data mapping to ensure timely response to the needs of individuals and of our customers.  

Minimum Qualifications

  • Collaborative, positive, and engagement-oriented mindset. 
  • Demonstrated leadership in configuration, implementation and management of at least one GRC tool, preferably OneTrust. 
  • Ability to communicate privacy concepts, risks and sound practices in a manner understandable to non-privacy professionals at any level of the company. 
  • Comfort with project managing efforts that require the collaboration of multiple stakeholders and ensuring that all voices are heard and that cross-functional solutions to privacy problems are embraced and executed. 
  • Excellent organizational skills and process-oriented thinking . . . we are always looking for a better way to build the privacy compliance mousetrap, and creativity in finding what “just works” is welcome. 
  • Ability to solve complex problems both independently and collaboratively, as best fits the circumstances. 
  • Ability to construct well-founded, clear, and concise analyses and recommendations 
  • Demonstrated project or program management experience working with information technology, risk, or compliance in a global organization 
  • Aptitude for establishing and maintaining cross-functional and cross-cultural relationships, and achieving positive change through influence rather than directives. 
  • Strong work ethic and high ethical standards. 
  • Some proficiency with one or more major privacy regulations, particularly the GDPR, HIPAA, and/or the CCPA, and a demonstrated ability to manage adaptation to fast change in regulatory environments. 
  • Sound understanding of governance, risk and compliance concepts, controls, processes and reporting.  

Preferred:

  • Experience in the CRO or clinical trial industry. 
  • One or more recognized certifications in privacy, security, risk management, and/or program management. 
  • Deep experience with the OneTrust privacy program management platform. 
  • Experience with one or more privacy frameworks, such as ISO 27701, the NIST Privacy Framework, or similar, and/or privacy-relevant security frameworks. 

PRA is an EEO/AA employer and is committed to providing opportunities to minorities, women, veterans and individuals with disabilities.

Application Submission Information:

All applicants can submit their resume to Michelle Phan, PhanMichelle@prahs.com.