Overview:
The Vice President- Information Security and Data Privacy will play a critical role in conceptualizing strategy, and driving our global Information security and data privacy program. The role will report into CISO and collaborate closely with cross-functional leaders in Legal, HR, Marketing with EXL to ensure that our Information security and data handling practices comply with relevant regulations, EXL’s clients’ expectations, and industry best practices.
Responsibilities:
Geo Leader – Information Security and Cyber Security
- Influences and serves as an internal information security leadership advisor and subject matter expert to the organization on various information security initiatives
- Represents the Office of the Chief Information Officer and Chief Information Security Officer and presents to executive leadership
- Drives, implements, enforces, and maintains Information Security, Identity and Access Management, and Cyber GRC policies, procedures, metrics, and measurements
- Influences and collaborates with ERM, TPRM, Technology, Legal, and HR teams as needed to ensure alignment of policies and procedures
- Leads the Organization’s Security interface with Client Relations for client due diligence, information security questionnaires, and site visits
- Directs and improves the cybersecurity related portions of the vendor management due diligence and assessment process
- Provides leadership over Cyber GRC controls, audits, and SOC2 preparation
- Appropriately assesses risk when business decisions are made, including but not limited to compliance and operational risk.
Leader – Data Privacy and Protection
- Develops, implements, reviews, and manages data privacy and protection policies, procedures, and guidelines in alignment with applicable laws and regulations (e.g., GDPR, CCPA, HIPAA).
- Monitors and assesses data processing activities to ensure compliance with privacy laws and contractual obligations, including data transfer mechanisms and third-party data sharing agreements.
- Conducts regular data protection impact assessments (DPIAs) to identify and mitigate potential privacy risks associated with new or existing projects.
- Collaborates with legal, Technology, and other functions to ensure that data privacy considerations are embedded in data processing activities, system design, and data handling procedures.
- Responds to alleged violations of rules, regulations, policies, procedures, and Standards of Conduct by evaluating or recommending the initiation of investigative procedures.
- Provides guidance with contract review in the areas of privacy compliance, privacy and security with emphasis on business associate agreements.
- Provides guidance and training to employees on data protection regulations and best practices to enhance overall awareness and compliance.
- Establishes and maintains records of data processing activities, including data inventories, data flows, and data retention schedules.
- Monitors emerging trends and changes in data privacy regulations to ensure continuous alignment of policies and practices with evolving requirements.
- Leads incident response efforts in the event of a data breach, including coordination with internal and external stakeholders, timely notification, and remediation.
- Works with various management teams across the company to align the privacy team’s vision to meet the business requirements.
- Develops a strategy with Business Units to promote EXL privacy program as a service.
- Consults with internal legal representatives, as well as EXL Compliance Officer, as needed to address difficult legal compliance issues.
- Interfaces with external auditors, regulatory agencies, and clients/customers.
- Oversees all Business Associate Agreement privacy compliance and monitoring.
- Oversees vendor privacy compliance including establishing onboarding and offboarding policies and procedures.
- Completes all responsibilities as outlined on the annual Performance Plan.
- Completes all special projects and other duties as assigned.
Qualifications:
- Bachelor’s degree required; Master’s degree and/or Compliance-specific certifications preferred (CISSP, CIPP/E, CEH etc)
- Minimum 15 years’ compliance and privacy experience, with increasing levels of responsibility and oversight as a technical professional.
- Experience implementing and building a successful compliance and privacy program strongly desired.
- The intellect and energy to excel in a complex and ever-changing environment.
- Senior leader with proven experience in growth-oriented businesses in the healthcare information and analytics space with strong competencies in developing and leading privacy compliance programs.
- Established leader who is results-oriented.
- Requires the ability to synthesize and utilize data for problem diagnostics.
