Privacy Program Manager, Kustomer

In this role, you will serve as Kustomer's subject matter expert on governance, data security, and privacy: Continuously identify & assess risks to Kustomer's critical processes and assets through various technical and non-technical channels (i.e., security vulnerabilities, audits/assessments, and operational incidents). Mature and automate repeatable processes to inventory, prioritize, manage, remediate, and monitor privacy-related risks within the Kustomer environment. Manage a highly matrixed and fast-moving environment, including developing and socializing operating models to optimize risk and compliance engagement within Kustomer. Serve as an interpreter and liaison between Kustomer's Security and Privacy team and other teams both internal and external to Kustomer, helping Kustomer efficiently and comprehensively navigate the complexities of risk and compliance.
Privacy Program Manager, Kustomer Responsibilities

• Manage the data, technology, and automation platforms that drive key risk and performance reporting and insights
• Move the needle on tooling and processes around security and privacy for Kustomer, emphasizing automation and scalability
• Demonstrate a strong understanding of risk management by navigating challenging conversations with leadership teams and driving risk-based decision making and accountability for those decisions
• Develop quantitative risk and threat models to drive risk reporting and business prioritization
• Stay abreast of latest industry trends and events that impact the security or regulatory environment of Kustomer
• Manage relevant policies and procedures for Kustomer Security and Privacy
• Support business relationships with the internal and external security auditors and regulators
• Work with clients to resolve questions or concerns around the state of security and privacy for the Kustomer Platform
• Support the identification, validation and remediation of information technology controls required by Irish Data Protection Act, Federal Trade Commission, regulations governing personally identifiable information (PII), and other applicable regulatory compliance frameworks

Minimum Qualifications

• Demonstrated leadership skills with experience working effectively across various levels
• Experience assessing security risk for large scale organizations. Specific experience in cloud services organizations
• Communication skills
• Bachelors in business/technology
• Experienced in processes for assessing and designing internal controls for large scale organizations
• Project management (program sense) skills
• Solid knowledge and experience of security controls across all security domains such as access management, encryption methods, vulnerability management, network security, etc.
• Experience of data security frameworks and regulatory standards, including SSAE16-SOC2, ISO27001/2, and HIPAA
• Experience developing and submitting audit and compliance reports to governing bodies, legal entities, and/or external authorities
• 7+ years working experience in Information and Physical Security, Internal Audit, Data Privacy, or other Governance, Risk & Compliance Fields
• Experience with developing security and compliance reporting for a variety of audiences, including executive management
• Experience moving technical or business driven projects from inception to delivery, and experience articulating the impact using metrics, growth examples, return, etc.

Preferred Qualifications

• Experience in the areas of risks and controls across various IT platforms, web, middleware, cloud services (IaaS, PaaS, SaaS), database, operating systems, infrastructure and social media
• Experience creating and utilizing KPIs and KRIs, including dashboarding with data visualization tools
• Experience with interpreting and implementing data privacy and protection regulatory requirements at scale
• Self-starter, experience working independently and as part of a team
• Deep knowledge of industry standard regulations and risk management frameworks and standards (e.g., ISO, NIST, HIPAA, GDPR)
• Experience with managing GRC products and implementations, including developing relevant business, technical, and data requirements
• Big 4 security consulting experience or related professional services/consulting background strongly preferred
• Experience in complex, matrixed environments and an experience navigating a constantly changing business
• Strong analytical, research, and problem solving skills with a keen attention to detail

About Meta
Meta builds technologies that help people connect, find communities, and grow businesses. When Facebook launched in 2004, it changed the way people connect. Apps like Messenger, Instagram and WhatsApp further empowered billions around the world. Now, Meta is moving beyond 2D screens toward immersive experiences like augmented and virtual reality to help build the next evolution in social technology. People who choose to build their careers by building with us at Meta help shape a future that will take us beyond what digital connection makes possible today-beyond the constraints of screens, the limits of distance, and even the rules of physics.
Meta is committed to providing reasonable support (called accommodations) in our recruiting processes for candidates with disabilities, long term conditions, mental health conditions or sincerely held religious beliefs, or who are neurodivergent or require pregnancy-related support. If you need support, please reach out to [email protected] .
(Colorado only*) Estimated salary of $162,000/year + bonus + equity + benefits
*Note: Disclosure as required by sb19-085(8-5-20)