Facebook strives to honor people's data in everything we do, and ensure that data is used in a legal and authorized manner. Understanding that there is limitless potential for the use of personal data, Facebook is committed to the development of a robust Global Privacy Team that is ready to take on the challenge of safeguarding and preserving the privacy choices of every individual user. The Privacy Risk Program Manager will be a critical part of Facebook's Central Privacy Program and be responsible for Privacy Risk Management related efforts. Our organization is responsible for the design, implementation, monitoring, and maintenance of the company's Privacy Program. We develop frameworks to ensure people's privacy is at the center of our products and services, and that we're complying with our regulatory obligations - all while maintaining Facebook's core culture. We partner with teams from every org to better document our current practices, scale our safeguards, and identify gaps; and together, we are building an industry-leading privacy compliance program. The Privacy Risk Program Manager will join the Privacy Risk Management team of Risk and Privacy Professionals that work across Facebook's products teams, business groups, and Privacy Organization to assess and manage risk in order to protect user data. This role requires working closely with internal partners to identify, measure and manage privacy risks associated within their environments. The ideal person will have proven risk management skills, patience, attention to detail, be self-motivated, and have a collaborative and positive attitude.
- Support the design, build and execution of industry leading risk management programs, including risk assessments, risk modeling, risk treatment strategies, reporting and monitoring.
- Interpret data processing activities, systems and operational practices in order to understand and interpret our risk environment.
- Conduct Privacy Risk assessments by analyzing the current risks and identifying potential risks that are affecting the business and product groups.
- Perform Privacy Risk evaluation across the company's business and product groups handling of risks.
- Prepare reports of identified and assessed risks to the management.
- Support the process for determining appropriate risk tolerance across our risk profile.
- Providing thought partnership, risk analytics (e.g. return on Risk Mitigation investments), and recommendations around remediation, risk mitigation, or process improvement to risk owners, Compliance or other control-related functions, as well as Leadership.
- Consult and coordinate with Compliance on the creation and monitoring of risk mitigation or treatment plans.
- Manage relationships both internal and external to the privacy organization.
- Effectively communicate and interface with internal stakeholders, as well as colleagues and business partners.
- Exercise excellent people skills, be a team player with a bias to action.
- Be motivated by the opportunity to solve privacy problems within an operations environment.
- Experience in designing, building and scaling risk processes, with experience getting things done and overcoming obstacles.
- Experience influencing stakeholders and engineers, including "roll-up the sleeves" type of collaboration within a diverse, global, cross-functional team.
- Experience in end-to-end strategy to implementation, navigating business structures while maintaining confidentiality and discretion.
- 10+ years experience in the area of risk management, data privacy, security, audit and data governance in an information technology environment
- Bachelor's degree in Risk Management, Engineering, Information Systems, Business or another related field of study
- Analytical and problem-solving experience with large-scale systems, and experience interpreting bottlenecks in complex systems and partnering with teams to resolve architectural issues, with experience adapting to new technology and participating in design discussions
- Knowledge of Product Development Life Cycles (PDLC)
- Industry certifications relating to security, privacy, and risk management, such as CIPP, CIPM, CIPT or Information security certifications such as CISM, CISSP, CISA, and CRISC
- Working knowledge or willingness to quickly learn the content and requirements of various laws, regulations, industry guidance, and company compliance policies, particularly related to privacy, data disclosure, and cybersecurity
- Demonstrate data analytical skills, creativity, and experience working with attention to detail
- Experience maintaining open, candid, and trusting work relationships
Facebook's mission is to give people the power to build community and bring the world closer together. Through our family of apps and services, we're building a different kind of company that connects billions of people around the world, gives them ways to share what matters most to them, and helps bring people closer together. Whether we're creating new products or helping a small business expand its reach, people at Facebook are builders at heart. Our global teams are constantly iterating, solving problems, and working together to empower people around the world to build community and connect in meaningful ways. Together, we can help people build stronger communities - we're just getting started.
Facebook is proud to be an Equal Opportunity and Affirmative Action employer. We do not discriminate based upon race, religion, color, national origin, sex (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender, gender identity, gender expression, transgender status, sexual stereotypes, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics. We also consider qualified applicants with criminal histories, consistent with applicable federal, state and local law.Facebook is committed to providing reasonable accommodations for candidates with disabilities in our recruiting process. If you need any assistance or accommodations due to a disability, please let us know at email@example.com.
This job has expired.