Job Description

Summary GE is seeking a qualified professional with expertise in data privacy regulations to support global compliance initiatives. This role involves leading and conducting data privacy risk assessments, security assessments and information security audits across systems processing personally identifiable information (PII), using established frameworks to evaluate privacy and security controls, identify gaps, and prepare detailed assessment reports. The candidate will work closely with business teams to address and remediate issues, ensuring compliance with international and emerging privacy laws such as GDPR, HIPAA, DPDP, and LGPD.

Roles and Responsibilities:

• Lead and perform data privacy assessments for systems managing personally identifiable information.
• Evaluate the design and operational effectiveness of privacy / security controls by partnering with control owners and stakeholders.
• Identify control deficiencies, support remediation efforts through resolution, and report non-conformances in a timely manner.
• Prepare and deliver comprehensive summary reports for each data privacy / security assessment or review.
• Align all activities with the Unified Control Framework (UCF) to maintain consistency and compliance across processes.
• Maintain clear and proactive communication with application teams regarding assessment scope, expectations, and timelines.
• Drive initiatives to improve processes and enhance efficiency through automation and streamlined controls.
• Educate project teams on privacy regulations and related IT control requirements to promote awareness and ensure regulatory compliance.
• Establish operating rhythm to report out on key metrics including status of assessments and issue management.
• Ensure audit readiness, provide audit support, and manage audit-related activities to facilitate successful outcomes.

Qualifications & Skills:

• Bachelor's degree in information security, Computer Science, Information Technology, Law, or a related field.
• Some years of experience in data privacy, information security, IT audit, compliance, or risk management.

• Strong knowledge of global data privacy laws and frameworks (e.g., GDPR, LGPD, DPDP) and U.S. health data regulations (HIPAA).
• Solid understanding of the concept of personally identifiable information (PII) and its protection requirements.
• Familiarity with IT security concepts, IT controls: including access management, infrastructure, encryption, and cybersecurity practices.
• Ability to identify appropriate testing procedures and assess the effectiveness of technology and privacy controls.
• Strong communication skills with the ability to explain complex issues to both technical and non-technical audiences, including engineering, legal, and project teams, focusing on risk and impact.
• Critical thinking and analytical skills to interpret data, identify trends, and assess privacy risks.
• Self-driven with the ability to independently plan and manage assessment schedules.
• Proficiency in English, both written and verbal.

Desired Characteristics

• Internationally recognized information security/information system audit certification/qualifications such as CISA, CISM, CISSP or CIA (IAPP)
• Experience with GRC tools (e.g., Archer, ServiceNow GRC).
• Experience conducting risk assessments, identifying gaps, and recommending mitigation strategies.
• Experience supporting audits and managing audit readiness activities.

Additional Information
Relocation Assistance Provided: No

Skills Required