Senior Manager, Data Privacy

This role is for an experienced privacy professional to provide direct, day-to-day management of data privacy risk for Wella Company across the USA and the Americas, whilst supporting the Global Data Privacy Officer in maintaining and enhancing Wella Company’s Global Data Privacy Compliance Program. This is a full-time role reporting to the Global Data Privacy Officer. The role has responsibility for the following tasks, working in conjunction with and under the direction of the Global Data Privacy Officer: Supporting the Global Data Privacy Officer to maintain and enhance the Global Data Privacy Compliance Program, including but not limited to: Drafting, maintaining, and communicating policies, standards, and processes related to Wella Company’s privacy practices. Overseeing the creation, completion, and maintenance of documentation to demonstrate compliance and/or accountability or to meet regulatory obligations, including but not limited to: A record of personal data processing activities. Registrations with regulators (where required). The transfer mechanism used for cross–border data flows (e.g., approved standard contractual clauses, BCRs, Regulatory approvals), including records of the Group entities that have signed the Intra Group Data Transfer Agreement. Data protection/privacy impact assessments (where required). Appropriate transparency/disclosure notices (e.g., privacy notices, cookie notices). Raising awareness and delivering training to stakeholders at all levels in the organization (including senior leaders) to promote a positive privacy culture across Wella Company. This includes designing and rolling out data privacy training to support Wella Company’s Compliance Training Strategy, and maintaining and developing Wella Company’s Privacy Hub. Driving a “Privacy by Design” culture across Wella Company to facilitate the growth and expansion of the company including by supporting the business to embed privacy considerations into their operational processes and to conduct data protection/privacy impact assessments where appropriate, as well as giving guidance on ways to minimize operational privacy risks, including those arising from the use of technology and third parties. Assisting Wella Company to comply with consent management and data subject rights under applicable laws including providing advice on what rights exist, how these must be catered for, the scope of requests to exercise such rights, coordinating and supporting technical and non-technical teams to fulfill requests, reviewing responses to data subjects, and monitoring compliance with the legal requirements. Monitoring and reporting on data privacy compliance across the Wella Company, carrying out risk assessments and gap analysis exercises, identifying shortcomings, advising on risk, and making recommendations for remediation. Acting as a point of escalation for data incidents, supporting the investigation and management of the same, and advising in relation to breach reporting requirements. Supporting Wella Company’s interactions with privacy regulators, law enforcement, and customers on privacy matters as appropriate. Managing the administration of the Privacy Management Platform and the relationship with the vendor (currently OneTrust), including but not limited to: Maintaining the organizational structure of records and attributes (entities, assets, processing activities, etc.) within all available Apps in the platform Assigning roles and granting/managing access to the platform Building and maintaining appropriate templates (assessment questionnaires, DSR response templates, cookie banner templates) Assigning, launching, monitoring, and reviewing responses to assessment questionnaires Creating and maintaining the subtasks, assets, and workflows in the Privacy Rights Automation module; supporting the Data Subject Rights (DSR) process and monitoring the fulfilment of requests. Creating ad hoc reports. As a subject matter expert in privacy laws in the USA and Americas region, supporting the Global Data Privacy Officer to define and implement the strategy for the Data Privacy Compliance Program in the USA and the Americas region, including but not limited to: Monitoring the external environment, reviewing and assessing new privacy laws, regulations, and risk trends in the region, and providing timely advice regarding their implications to the Wella Company and its operations in that region. Creating, implementing, and maintaining specific local (or variations to global) policies, standards, processes, notices, templates, etc., where appropriate, including but not limited to those pertaining to the collection and use of sensitive personal information, consent management, data subject/consumer rights, disclosure, data sharing, and data processing agreements.