Associate Director, Digital Privacy Engineer

Planned Parenthood is the nation’s leading provider and advocate of high-quality, affordable sexual and reproductive health care for all people, as well as the nation’s largest provider of sex education. With more than 600 health centers across the country, Planned Parenthood organizations serve all patients with care and compassion, with respect, and without judgment, striving to create equitable access to health care. Through health centers, programs in schools and communities, and online resources, Planned Parenthood is a trusted source of reliable education and information that allows people to make informed health decisions. We do all this because we care passionately about helping people lead healthier lives. Planned Parenthood Federation of America (PPFA) is a 501(c)(3) charitable organization that supports the independently incorporated Planned Parenthood affiliates operating health centers across the U.S. Planned Parenthood Action Fund is an independent, nonpartisan, not-for-profit membership organization formed as the advocacy and political arm of Planned Parenthood Federation of America. The Action Fund engages in educational, advocacy, and electoral activity, including grassroots organizing, legislative advocacy, and voter education.Planned Parenthood Federation of America (PPFA) and Planned Parenthood Action Fund (PPAF) seek a dynamic and effective Associate Director, Digital Privacy Engineer. This job reports to the National Director, HIPAA, Risk & Compliance, in the Information Security department. The Associate Director, Data Privacy /Pixel Engineer, is responsible for supporting the technical side of data privacy initiatives.  This professional must understand technology and be able to integrate perspectives that span product design, software development, cyber security, human-computer interaction, as well as business and legal considerations related to digital privacy.  Purpose: The purpose of this privacy engineering role is to serve as a translator between product teams, design teams, IT teams, IS teams, and legal or compliance teams, turning privacy requirements into technical realities. This role might recommend technical tools and processes that apply privacy protections to personal data. It would involve embedding privacy into systems, commencing with SDLC/SSDLC and Privacy by Design concepts, and covering the eventual digital product. The Associate Director, Digital Privacy Engineer, will work with Application Development staff as part of the design and build phase and will inspect code before deployment to assess privacy risk; this role requires a strong grasp of a variety of data architectures and common programming languages. This role would work with key staff to determine the best methods for anonymization, ensure that the data minimization principle is adhered to, and design clear privacy controls.  The Associate Director, Digital Privacy Engineer, will serve as the liaison between the IT Engineering, Digital Products, and InfoSec teams. They will serve as a subject matter expert on the privacy aspects of the software development process for the Engineering team. They will collaborate with stakeholders across multiple teams to identify compliance, status, and challenges, and develop and implement remediation plans. The Associate Director, Data Privacy Engineer is responsible for supporting the technical side of data privacy initiatives and may participate in IT Engineering/AppDev’s Agile development processes, working with Scrum teams, including product managers, quality assurance, software engineers, and development operations to plan and implement data privacy measures. Responsibilities:●Work with the National Director, HIPAA, Risk & Compliance and the Data Privacy Committee to identify and resolve digital data privacy concerns across the organization.●Liaise with IT Engineering, Enterprise Architecture, InfoSec Architecture and Engineering, and Digital Products regularly.●Perform regular reviews of our databases to ensure we fully comply with PPFA data governance, privacy policies, and state/federal regulations.●Work with Digital Products, IT Engineering, Enterprise Architecture and the Vendor Risk Assessment Team to ensure that new online tracking technologies and scripts are reviewed from a data privacy perspective prior to being implemented.●Work with AppDev and InfoSec leadership to identify and evaluate third-party tools from a data privacy perspective, assist with vendor risk assessments, and oversee implementation to ensure that data privacy controls are adhered to.●Assess and identify potential threats that could or are affecting the organization, as well as its build process and technology-enabled innovations. Responsible for reporting risk management issues to AppDev/InfoSec/CIO Leadership and to the Data Privacy Committee.  As a member of our security team, respond to control inquiries periodically.●Monitor tracking technologies used on PPFA digital properties and coordinate the approval with the Third Party Risk Management team of new tracking technology vendors or uses.Interdepartmental Liaison:●Work closely with HIPAA, Risk and Compliance Team, and the Office of General Counsel to understand current and future data privacy regulations and implement programs to ensure we are in full compliance but in our current state and with future development. ●Work closely with our infrastructure team to ensure new features and functionality are implemented privately and securely.●Work closely with our product team to help ensure new features are compliant with PPFA standards and provide recommendations for third-party tools that suit specific needs as necessary. Engagement: The Associate Director, Data Privacy Engineer, plays a vital role in ensuring that our digital properties are in full compliance with PPFA data privacy and data governance processes as well as federal and state privacy regulations. They will serve as the internal engineering subject matter expert on privacy and security-related issues. Knowledge, Skills and Abilities (KSAs): ●IAPP CIPT certification desired●5+ years of experience directly working in the technology industry●5+ years working as a technical lead/engineering / architecture●Strong knowledge of privacy practices and associated regulations (HIPAA, FTCA, 21st Century Cures Act, etc.).●Experience with formal threat modeling and frameworks such as STRIDE, DREAD, or PASTA.●Proficiency with cloud architecture practices and a prior track record of working with a cloud hosting platform such as AWS, GCP, or Azure.●Experience with Static Application Security Testing tools such as SonarQube, Veracode, Fortify, Coverity, etc.●Experience with CI/CD tools.●Experience with containerization technologies such as Docker.●Effective collaborator, ability to coordinate multiple work streams simultaneously.●Excellent written, oral, and interpersonal communication skills.●Ability to present ideas in business-friendly and user-friendly language.●Highly self-motivated, self-directed, and attentive to detail.●Experience with systems design and development from business requirements analysis to day-to-day management.●Ability to work in diverse groups and a multicultural workforce while showing sensitivity and appreciation to cultural differences.●A compelling and clear communicator who can showcase strategy/program value in concise, practical messages that influence decision-makers.●A technology thought leader with a clear understanding of technology and software processes.●Ability to work collaboratively and flexibly with a dynamic, fast-moving team, completing multiple tasks with poise, accuracy, and confidence.●Strong organizational, analytical, and problem-solving skills●High proficiency in Google products●Flexibility and ability to adapt to quickly changing priorities and ambiguous situations. ●Commitment to PPFA’s mission and diversity, equity, and inclusion, particularly surrounding race equity.●A deep commitment to Planned Parenthood’s mission of promoting Sexual and Reproductive HealthTravel: 0-10% Travel, as needed.Total offer package to include generous vacation + sick leave + paid holidays, individual/family provided medical, dental and vision benefits effective day 1, life insurance, short/long term disability, paid family leave and 401k. We also offer voluntary opt-in for Flexible Spending Account (FSA) and Transportation/Commuter accounts.   We value a truly diverse workforce and a culture of inclusivity and belonging. Our goal is to attract qualified candidates and encourage applications from all individuals without regard to race, color, religion, sex, national origin, age, disability, veteran status, marital status, sexual orientation, gender identity, or any other characteristic protected by applicable law.  We're committed to creating a dynamic work environment that values diversity and inclusion, respect and integrity, customer focus, and innovation.PPFA participates in the E-Verify program and is an Equal Opportunity Employer.#LI-SY1*PDN-HRAll roles that are denoted as NYC, DC, or both will be on a hybrid schedule, requiring 2-3 days per week in the office.