Data Protection Analyst
LumiraDx is a medical technology company developing, manufacturing and marketing smart connected diagnostics and diagnostic-led care solutions. Founded in 2014 by entrepreneurs with a successful track record in building and scaling medical diagnostics and health IT businesses, the company has major operations in the UK and the USA, and is supported by a global sales network, LumiraDx currently has over 1,200 employees worldwide. We have recently launched the innovative LumiraDx Platform, and are looking for proactive, experienced, focused and enthusiastic individuals who can make a significant contribution to the continued growth and success of our dynamic and forward-looking company.
Role & Responsibilities
The key objective of this role is the implementation, management and operation of the data protection programme. The responsibilities include championing data protection in LumiraDx organisations, maintaining knowledge of relevant standards and regulations and legislation, reviewing and updating the data protection framework against the relevant standards, participating in the internal audit programme, monitoring the effectiveness of the data protection programme, reporting KPIs and understanding regulatory environment for data protection.
Key Areas of Responsibility:
- Working Knowledge of global data protection and privacy standards, regulations and legislation including but not limited to GDPR, UK Data Protection Act 2018, HIPAA, HITECH, CCPA, ISO 27701
- Work to implement, evaluate and improve the Data Protection Management System including LumiraDx binding corporate rules
- Experience of managing data subject requests, data breaches and performing data protection impact assessments including risk assessments
- Experience of data processing agreements
- Oversea management of the LumiraDx Binding Corporate Rules
- Knowledge of information security
- Perform training, competency reviews and induction training for the data protection programme.
- Oversee maintenance of the LumiraDx record of processing
- Member of Cyber Emergency Response Team (CERT)
- Participate in cyber emergency response rehearsal exercises
- Maintain expert knowledge of regulatory, legislative and privacy environment
- Participate in internal and external ISMS audit programmes
- Identify non-conformances, create, implement and review corrective and preventative action plans
- Responsible for compliance relating to the reporting and first line remediation of events involving personally identifiable data
- Work with product team and business owners to provide data protection expertise and guidance
- Improve data protection in LumiraDx products and services
- Working Knowledge of global data protection and privacy standards, regulations and legislation including but not limited to GDPR, UK Data protection Act, HIPAA, ISO 27701.
- Experience of using OneTrust privacy platform.
- Experience of conducting data privacy impact assessments including risk analysis.
- Handling of data subject requests.
- Handling of breaches of personally identifiable data.
- Have, or be working towards data protection qualification including a data protection related degree or IAPP.
- Ability to be an advocate for data protection with business leaders.
- Delivery of data protection training and awareness programmes.
- Flexibility in working style to meet business needs.
- Strong team worker.
- Health industry experience.
To apply to the role, please click APPLY