Job#10283 - Associate University Compliance and Privacy Officer
Job#10283 - Associate University Compliance and Privacy Officer
Under the direction of the chief officer, the Associate University Compliance and Privacy Officer provides strategic insight and strategic leadership for the development and implementation of Case Western Reserve University’s Compliance Program. The associate officer assists the University Chief Compliance and Privacy Officer in shaping and sustaining an environment and culture of compliance at Case Western Reserve University by proactively identifying and addressing potential areas of compliance risk. Further, in partnership with the chief officer, the associate officer promotes effective communication and coordination of compliance initiatives and enhance compliance awareness throughout CWRU’s campus community.
Under the direction of the chief officer, the associate officer initiates university-wide compliance efforts to address newly-arising compliance risk areas, and works collaboratively with university stakeholders so that the efforts can be maintained and modified as needed.
- Provide high level support to the chief officer’s oversight and coordination of the Compliance Program. Together with the chief officer, develop, implement, lead, and continually evaluate the Institution-wide compliance program, promoting adherence to all applicable federal and state laws and regulations and University policies, standards, and procedures. Under the direction of the chief officer work collaboratively with stakeholders to perform compliance risk assessments in targeted operational areas. Under the direction of the chief officer work collaboratively with stakeholders to develop and implement compliance risk mitigation action plans. Provide consultative guidance on matters of regulatory compliance throughout all areas of the university, working to develop cross-functional relationships and foster education. Orchestrate and coordinate compliance activities within a complex, decentralized environment. Under the direction of the chief officer initiate programs to address new compliance risks, and work with university collaborators so that appropriate stakeholders sustain the compliance efforts. Develops, aligns, and monitors compliance training and education. Engage the University community members in maintaining a culture of compliance in the working and learning environment. Act as deputy to the chief officer in leading the University Compliance Committee. Together with the chief officer, respond to—and accommodate—the university’s changing compliance profile by initiating new projects and programs. Work with stakeholders to start new compliance programs that will be sustainable within the appropriate operational areas of the university (33%).
- Lead the university’s Privacy Management Program. Develop and manage the approach and objectives of the organization's privacy strategy. Develop and manage procedures for reviewing and monitoring implementation of privacy objectives across the university. Report in a timely fashion any serious privacy non-compliance, suspected serious privacy non-compliance, serious privacy breach or potential serious privacy breach to the chief officer or the General Counsel. Maintain accountability for implementing the enterprise-wide privacy strategy, approach, and objectives. Ensure that privacy policies are maintained to reflect the organization's risk stance and the current state of market environment and legislative requirements. Manage the implementation and maintenance of the organization's privacy policies and guidelines in coordination with other stakeholders. Facilitate the implementation of privacy policies and guidelines within university operations and act as a consultation resource to all stakeholders. Recommend changes to sensitive information management practices as necessary. Develop and disseminate privacy-related education and training material for use by faculty, staff, students, and volunteers. Participate in the privacy due diligence and ongoing privacy compliance monitoring of all third parties who process sensitive information on behalf of the university. Coordinate with Information Technology Services to set up a program to monitor and evaluate the level of compliance and effectiveness of the Data Privacy Program. Monitor and enforce compliance with the university's privacy policies, including adherence to industry best practices and applicable laws. Ensure and routinely verify that appropriate employee training and awareness building is in place and that internal procedures for periodically conducting objective reviews of compliance are in place. Establish and administer a process for receiving, documenting, tracking, investigating, and taking action on all complaints concerning the university's privacy policies and practices in coordination with, when necessary, Office of General Counsel. Develop and manage a Privacy Incident Response Procedure for the timely regulatory and business resolution of incidents based on an analysis of the facts associated with the incident and input from all relative parties, potentially including but not limited to Information Technology Services, Office of General Counsel, and Human Resources, to determine the appropriate regulatory notification response as well as internal response to deal effectively with the incident based on standard risk evaluation and business criteria. Manage the process for privacy incident response per the Privacy Incident Response Procedure. Function as the primary privacy contact representing the university to regulatory agencies, data protections authorities and other external entities. Coordinate with Marketing and Communications to manage communications with outside parties about privacy practices and issues. Establish privacy accountability for all personnel. Coordinate with Human Resources and, if necessary, Office of General Counsel, to carry out appropriate disciplinary actions for violations of privacy policies. Coordinate with Information Security to define security requirements to meet Data Privacy Program goals. Maintain current knowledge of applicable international, federal and state privacy laws and monitor advancements in information privacy technologies for organizational adaptation when appropriate. Carry out other duties and projects as assigned by the chief officer (33%).
- Act as university-wide resource in addressing all applicable export control laws and regulations. Provide training and guidance concerning export control issues to faculty and staff regarding sponsored programs and other activities that may implicate such issues, including but not limited to physical exports, deemed exports, and international travel and communications. Draft and maintain policies, training manuals, website resources, and a manual of standard operating procedures to ensure consistency and export control compliance throughout the university. Serve as a designated point of contact and resource for university researchers, staff and sponsors with respect to the university's compliance with export control laws and regulations. Assess need and draft and submit applications for export licenses and other authority, commodity jurisdiction requests, and institutional registrations as necessary. Coordinate the development and maintenance of area specific and project specific export control plans. Monitor and audit export control compliance efforts, including existing export control plans, to insure compliance with applicable law. Conduct technology screening on anticipated work by university personnel to determine applicable Export Control Classification Number(s) and United States Munitions List category(ies) and coordinate efforts to ensure compliance with relevant laws, including but not limited to federal immigration laws (33%).
Perform other duties as assigned (1%)
Department: Regular contact with supervisor and other members of the Office of General Counsel
University: Regular contact with areas of financial compliance and internal audit, Risk Management, Human Resources, and Research Compliance, as well as other areas as needed
External: Regular contact with regulatory agencies and peer institutions
Students: Occasional contact with students
No direct supervisory responsibility.
Experience: Minimum of 8 years of professional job experience required with at least four years of demonstrated leadership or experience in financial, legal, compliance or audit issues (experience in multiple areas preferred). Professional experience within an academic institution is preferred.
Education/Licensing: Advanced degree required.
- In depth understanding of key applicable federal, state and local legislation.
- Ability to read and interpret complex regulatory or legal documents.
- Ability to communicate technical and complex concepts required.
- Ability to work with diverse populations of faculty, staff, and students.
- Possess ability to apply principles of logical thinking to a wide range of intellectual and practical problems.
- Possess ability to build effective interpersonal relationships and garner support in a decentralized environment in order to bring about lasting change.
- Possess ability to build and sustain strong collaborative relationships across university, including with faculty and staff.
- Possess ability to coordinate organizational policies
- Proven ability to manage multiple initiatives and projects with attention to detail.
- Ability to respond effectively to confidential inquiries or complaints.
- Ability to communicate through effective and persuasive speeches and presentations.
- Ability to work as a leader and as a member of a team.
- Great organization and self-initiative.
- Strong computer skills with Microsoft Word, Excel and Qualtrics.
- Ability to meet consistent attendance.
- Ability to interact with colleagues, supervisors, and customers face to face.
General office environment.
The university offers partner benefits and is responsive to the needs of dual-career couples. The university offers a Hybrid Work Program for up to two remote workdays weekly.
Visit https://case.edu/hr/careers, job id: 10283