WebMD is the most recognized and trusted brand of health information and the leading provider of health information services, serving consumers, physicians, healthcare professionals, employers and health plans through our public and private online portals and WebMD the Magazine. The WebMD Health Network includes WebMD, Medscape, MedicineNet, eMedicine, RxList, theheart.org and Medscape Education. Our consumer portals and mobile health applications provide engaging, relevant and credible health and wellness information, personalized health assessment tools and access to online communities.

 

WebMD is an Equal Opportunity/Affirmative Action employer and does not discriminate on the basis of race, ancestry, color, religion, sex, gender, age, marital status, sexual orientation, gender identity, national origin, medical condition, disability, veterans status, or any other basis protected by law.

 

Summary
We are looking for an analyst or engineer to support our security program compliance, privacy and risk management needs. As a Compliance & Privacy Analyst/Engineer, you will be responsible for helping manage data privacy and compliance assessments, conducting data inventory and mapping exercises, and assessing and responding to data subject rights requests. You will also review compliance with our NIST 800-53 security program and take timely action to address compliance gaps. The Analyst/Engineer will have an understanding of data privacy and data protection issues and work collaboratively with compliance leadership and business stakeholders to manage data privacy and compliance operations, enable projects and enable & manage compliance and privacy risks across Internet Brands and WebMD businesses.

 

Duties and Responsibilities:
- Conduct data mapping & inventory requirements
- Perform Data Protection Impact Assessments (DPIA) on our products, processes and external/internal services
- Understand data types and flows across the businesses (systems, processes and vendors), and how these relate to policy and regulatory requirements
- Support data privacy and compliance projects and proposed technology changes
- Recommend process changes and internal projects needed to address new and changing data protection laws, standards and regulations
- Support handling for data subject right requests & privacy inquiries
- Perform compliance assessments and report findings and recommended actions to leadership 
- Administer our annual compliance training program
- Perform third-party risk assessments
- Support preparations for SOC2, ISO 27001 and HiTrust certification audits
- Communicate privacy and compliance risks and concerns to leadership
- Participate in team problem solving efforts and offer ideas to solve risk related issues
- Identify opportunities for efficiencies in program processes and policy improvements
- Assess and review business continuity, contingency planning and incident response plans and participate in exercises as needed
- Partner with business units and functional areas to facilitate risk assessment and risk management processes

 

Education and/or Experience:
- A degree in computer science, information security or a technology-related field required
- A minimum of 3 or more years of data privacy management experience is required
- A strong background and understanding of data privacy regulations, including GDPR, CCPA and state privacy regulations and prior program management is desired
- A minimum of 3 or more years of security compliance and risk management experience is required
- A professional data privacy (e.g. CIPP, CDPSE, etc.) or security certification (e.g. CISSP, CISM, etc.) is desirable but not required
- Experience using OneTrust is preferred but not required
- Strong analytical skills and the ability to understand and solve complex problems
- Experience working on global projects on cross-functional, multi-location teams 
- Experienced in documenting and implementing procedures and guidelines
- High degree of accuracy and attention to details
- Proficient in using Google and Microsoft productivity tools

 

Job title and compensation will be commensurate with education and job-related experience.

As a member of WebMD, you may have access to confidential and security-sensitive information that will require you to follow additional protocols to ensure the security of our data. As a core requirement, you must implement and act in accordance with the organization’s information security policies; protect assets and data from unauthorized access, disclosure, modification, destruction or interference; execute security processes or activities; and report security events or potential events or other security risks to the appropriate parties within the organization.