**Senior Manager, Data Privacy** **Location: Houston, Texas, Calgary, Alberta or Bogota, Colombia** **Model of Work: Hybrid** Are you excited by challenges? Do you enjoy working in a fast-paced, international and dynamic environment? Then now is the time to join Quorum Software, a rapidly growing company and industry leader in oil & gas transformation. Quorum Software is the world's largest provider of digital technology focused solely on business workflows that empower the next evolution of energy. From emerging companies to supermajors, throughout every region of the globe, customers rely on Quorum's proven innovation and unmatched global expertise to streamline business operations and make data-driven decisions that optimize profitability and growth. Our industry-leading solutions are transforming energy companies across the entire value chain, helping visionary leaders evolve their organizations into modern energy companies. **Overview** As Senior Manager of the privacy program, you will report to our CISO, Vice President of InfoSec, Privacy & Security (ISPC). In this role, you will manage Quorum’s Global Privacy Program working in collaboration with the Information Security, Privacy and Compliance team. You will be responsible to mature Quorum’s privacy program as well as supporting expansion to new global jurisdictions and the privacy implications that accompany this growth. You will confirm compliance with all data protection regulations across Quorum and our markets while collaborating cross-functionally to mitigate privacy risk, support innovation, and instill best practices. **Responsibilities** - Mature our privacy program leveraging the NIST Privacy Framework - Designing, implementing, and maintaining Quorum’s global privacy program - Advising on data protection legislation, such as GDPR, CCPA, PIPEDA, LGPD, etc. - Identifying, analyzing, and resolving privacy compliance issues - Working closely with enterprise and business unit stakeholders to champion the integration of privacy principles, processes, and practices within their services and products - Managing, monitoring, and maintaining internal policies and procedures related to data privacy, including but not limited to website/cookie policies, cross-border transfers, and privacy by design - Identifying, investigating, and correcting potential compliance gaps and/or areas of risk to ensure full compliance with privacy and other regulations - Building and administering templates and processes for Asset Discovery, Data Mapping, Processing Activities, and Privacy Impact Assessments in diverse operational environments regarding compliance with applicable privacy regulations and company policies - Ongoing auditing and reporting on Quorum’s privacy compliance - Proactively researching and maintaining a working knowledge and understanding of relevant privacy laws and regulations - Managing, implementing, and reporting on the Training and Awareness program in IT security, data protection, and privacy - Managing and continuously improving upon the Privacy components of the vendor management process - Assist in managing the response to privacy incidents, in collaboration with the ISPC, technology, legal, and business stakeholders, and monitor and track resulting remediation action plans - Identify, assess, manage, and report data privacy risk issues as part of the firm’s wider privacy risk management program, and work with stakeholder groups to address and mitigate any identified gaps. - Support business stakeholders in ensuring appropriate contractual arrangements are in place with clients and vendors for data protection and security requirements - And other duties as assigned. **Requirements**: - Bachelor’s degree or higher from an accredited university or college - 5+ years of experience in privacy & compliance - Privacy certifications such as CIPP/US, CIPP/C, CIPP/EU, CIPM, CIPT - Ability to understand and interpret laws and regulatory requirements (e.g. GDPR, CCPA/CPRA, PIPEDA) related to data privacy, and develop and implement appropriate processes to keep the Company in compliance and reduce legal liabilities - Working knowledge of SOC2, ISO27001, and NIST Privacy Framework - Experience with Vendor Management, Incident Management, Risk Management - Excellent skills in risk assessment processes, policy development, proposals, work statements, product evaluations, and delivery of technology - Previous experience with GRC or compliance tools (e.g. OneTrust) - Excellent interpersonal and communication skills are a must to be able to present ideas in a clear and concise way, and to address internal and external stakeholders - Ability to prioritize work and to work in demanding (tight) timelines - Ability to demonstrate a positive, logical, and proactive approach while executing tasks in a stressful situation - Excellent organizational and time management skills - Superb analytical and research skills with strong attention to de