Data Protection Director

Werfen

Werfen is a growing, family-owned, innovative company founded in 1966 in Barcelona, Spain. We are a worldwide leader in specialized diagnostics in the areas of Hemostasis, Acute Care Diagnostics, Transfusion, Autoimmunity, and Transplant. Through our Original Equipment Manufacturing (OEM) business line, we research, develop, and manufacture customized assays and biomaterials. We operate directly in 30 countries, and in more than 100 territories through distributors. Our Headquarters and Technology Centers are located in the US and Europe, and our workforce is more than 7,000 strong.

Our success comes from a specific focus in these rapidly evolving diagnostic areas, our commitment to customers, and our dedication to innovation and quality. We're passionate about providing healthcare professionals the most valuable and complete solutions to improve hospital efficiency and enhance patient care.

Job Summary

The Data Protection Director will spearhead the organization's data protection strategy, leveraging Microsoft 365 Data Loss Prevention (DLP) and Microsoft Purview tools to ensure the confidentiality, integrity, and availability of sensitive information. This role will involve the development and implementation of robust data protection policies, procedures, and technologies to mitigate risks associated with data breaches and regulatory non-compliance. Reporting directly to the Chief Information Security Officer (CISO), the Data Protection Director will collaborate with various teams to enhance data governance, privacy initiatives, and ensure compliance with relevant regulations.

Key Accountabilities Data Protection Strategy Development:

• Lead the development and execution of the organization's data protection strategy, specifically through the utilization of 0365 DLP and Purview tools.
• Establish data classification and handling protocols aligned with business goals and compliance requirements.

Policy and Compliance Management:

• Develop, review, and enforce data protection policies, standards, and procedures to ensure compliance with applicable laws and regulations (e.g., GDPR, HIPAA).
• Conduct regular audits and assessments to measure the effectiveness of data protection controls and compliance with established policies.

Incident Response and Management:

• Collaborate with the Incident Response team to ensure effective response and recovery strategies for data breaches or incidents involving sensitive data.
• Oversee root cause analysis and reporting for data-related incidents, ensuring lessons learned are integrated into future preventive measures.

Training and Awareness:

• Design and implement data protection training programs for employees to promote awareness of data handling practices and the importance of data protection.
• Serve as a subject matter expert in data protection, guiding stakeholders on best practices.

Stakeholder Engagement and Communication:

• Build strong relationships with key stakeholders, including IT, legal, compliance, and business units, to foster a culture of data protection throughout the organization.
• Provide regular updates to executive leadership on data protection initiatives, compliance status, and risk assessments.

Technology and Tool Management:

• Oversee the deployment and management of 0365 DLP and Purview tools, ensuring they are effectively configured and utilized to monitor and protect sensitive data.
• Evaluate and recommend additional data protection technologies and tools to enhance the organization's data security posture.

Networking/Key relationships To be determined based on all cybersecurity program needs, to include interactions with:

• All Corporate functions.
• Communication with product development, operations, or manufacturing disciplines.
• Coordination/ communication with executive management teams.

Minimum Knowledge & Experience required for the position:

• Bachelor's degree in computer science, Cybersecurity, Information Technology, or a related field (Master's degree preferred).
• 8+ years of experience in data protection, cybersecurity, or information governance, with a focus on Microsoft 365 tools.
• Proven experience in developing and implementing data governance frameworks and compliance programs.

Skills & Capabilities:

• Strong understanding of data protection regulations and best practices.
• Excellent leadership, communication, and interpersonal skills, with the ability to engage both technical teams and executive leadership.
• Strong analytical and problem-solving skills, with a proactive approach to identifying and mitigating data protection risks.
• Experience with security frameworks (e.g., NIST, ISO 27001) and data protection technologies

Travel requirements: Less than 25% of the time.

If you are interested in constantly learning and being challenged on a daily basis we encourage you to submit your resume or CV.

Werfen is an Equal Opportunity employer and is committed to a diverse workplace. Werfen strictly prohibits unlawful discrimination, harassment or retaliation based upon an individual's race, color, religion, gender, sexual orientation, gender identity/expression, national origin/ancestry, age, mental/physical disability, medical condition, marital status, veteran status, or any other protected characteristic as defined by applicable state or federal law. If you have a disability and need an accommodation in relation to the online application process, please contact NAtalentacquisition@werfen.com for assistance.

We operate directly in over 30 countries, and in more than 100 territories through distributors. Annual revenue is approximately $2 billion and more than 7,000 employees around the world comprise our Werfen team.

www.werfen.com