Description

WebMD is the most recognized and trusted brand of health information and the leading provider of health information services, serving consumers, physicians, healthcare professionals, employers and health plans through our public and private online portals and WebMD the Magazine. The WebMD Health Network includes WebMD, Medscape, MedicineNet, eMedicine, RxList, theheart.org and Medscape Education. Our consumer portals and mobile health applications provide engaging, relevant and credible health and wellness information, personalized health assessment tools and access to online communities.

WebMD is an Equal Opportunity/Affirmative Action employer and does not discriminate on the basis of race, ancestry, color, religion, sex, gender, age, marital status, sexual orientation, gender identity, national origin, medical condition, disability, veterans status, or any other basis protected by law.

Summary

We are looking for an analyst or engineer to support our security program compliance, privacy and risk management needs. As a Compliance & Privacy Analyst/Engineer, you will be responsible for helping manage data privacy and compliance assessments, conducting data inventory and mapping exercises, and assessing and responding to data subject rights requests. You will also review compliance with our NIST 800-53 security program and take timely action to address compliance gaps. The Analyst/Engineer will have an understanding of data privacy and data protection issues and work collaboratively with compliance leadership and business stakeholders to manage data privacy and compliance operations, enable projects and enable & manage compliance and privacy risks across Internet Brands and WebMD businesses.

Duties and Responsibilities:

• Conduct data mapping & inventory requirements
• Perform Data Protection Impact Assessments (DPIA) on our products, processes and external/internal services
• Understand data types and flows across the businesses (systems, processes and vendors), and how these relate to policy and regulatory requirements
• Support data privacy and compliance projects and proposed technology changes
• Recommend process changes and internal projects needed to address new and changing data protection laws, standards and regulations
• Support handling for data subject right requests & privacy inquiries
• Perform compliance assessments and report findings and recommended actions to leadership
• Administer our annual compliance training program
• Perform third-party risk assessments
• Support preparations for SOC2, ISO 27001 and HiTrust certification audits
• Communicate privacy and compliance risks and concerns to leadership
• Participate in team problem solving efforts and offer ideas to solve risk related issues
• Identify opportunities for efficiencies in program processes and policy improvements
• Assess and review business continuity, contingency planning and incident response plans and participate in exercises as needed
• Partner with business units and functional areas to facilitate risk assessment and risk management processes

Education and/or Experience:

• A degree in computer science, information security or a technology-related field required
• A minimum of 3 or more years of data privacy management experience is required
• A strong background and understanding of data privacy regulations, including GDPR, CCPA and state privacy regulations and prior program management is desired
• A minimum of 3 or more years of security compliance and risk management experience is required
• A professional data privacy (e.g. CIPP, CDPSE, etc.) or security certification (e.g. CISSP, CISM, etc.) is desirable but not required
• Experience using OneTrust is preferred but not required
• Strong analytical skills and the ability to understand and solve complex problems
• Experience working on global projects on cross-functional, multi-location teams
• Experienced in documenting and implementing procedures and guidelines
• High degree of accuracy and attention to details
• Proficient in using Google and Microsoft productivity tools

At Internet Brands, we carefully consider a wide range of factors when determining compensation, including your background and experience. These considerations can cause your compensation to vary. We expect the compensation for this role to have a range that starts at $80,000 and will depend on your skills, qualifications, and experience. We encourage all interested candidates to apply.

In addition to our awesome culture, we offer a comprehensive benefits package designed to support the health and well-being of you and your family. Our benefits include health insurance options such as medical, dental, and vision coverage, flexible spending accounts (FSA) for medical and dependent care, short-term and long-term disability insurance, and life and AD&D insurance. We also provide a 401(k) retirement savings plan with a company match, paid time off (PTO), paid holidays, commuter benefits as well as access to our Employee Assistance Program (EAP) and well-being coaching services. In addition, employees can take advantage of voluntary benefits such as home, auto and pet insurance, and discounted legal and financial services. For more details, feel free to inquire during the interview process.