Senior Manager, Data Privacy

About Wella Company

Wella Company is one of the world’s leading professional and retail hair companies. It is a beauty collective with a mission to enable consumers to look & feel like their true self. Its love brands, which include beauty icons such as Wella, Clairol, OPI, and ghd (all together Wella Company), are co-created by & designed for the beauty junkies of today & tomorrow. Wella Company and its brands, are and will remain committed to a range of social causes as well as seeking to minimize its impact on the environment. For additional information about Wella Company please visit www.wella.com.

The job and key responsibilities

This job is for an experienced privacy professional to provide direct day-to-day management of data privacy risk for Wella Company across the USA and the Americas, whilst supporting the Global Data Privacy Officer to maintain and enhance Wella Company’s Global Data Privacy Compliance Programme.

This is a full-time role reporting to the Global Data Privacy Officer.

The role has responsibility for the following tasks working in conjunction with and under the direction of the Global Data Privacy Officer:

1. Supporting the Global Data Privacy Officer to maintain and enhance the Global Data Privacy Compliance Programme including but not limited to:
   1. Drafting, maintaining and communicating policies, standards and processes related to Wella Company’s privacy practices.
   2. Overseeing the creation, completion and maintenance of documentation to demonstrate compliance and/or accountability or to meet regulatory obligations including but not limited to:
      1. A record of personal data processing activities.
      2. Registrations with regulators (where required).
      3. The transfer mechanism used for cross–border data flows (e.g., approved standard contractual clauses, BCRs, Regulatory approvals) including records of the Group entities that have signed the Intra Group Data Transfer Agreement.
      4. Data protection/privacy impact assessments (where required).
      5. Appropriate transparency/disclosure notices (e.g., privacy notices, cookie notices).
   3. Raising awareness and delivering training to stakeholders at all levels in the organisation (including senior leaders) to promote a positive privacy culture across Wella Company.  This includes designing and rolling out data privacy training to support Wella Company’s Compliance Training Strategy; and maintaining and developing Wella Company’s Privacy Hub.
   4. Driving a “Privacy by Design” culture across Wella Company to facilitate the growth and expansion of the company including by supporting the business to embed privacy considerations into their operational processes and to conduct data protection/privacy impact assessments where appropriate, as well as giving guidance on ways to minimise operational privacy risks, including those arising from the use of technology and third parties.
   5. Assisting Wella Company to comply with consent management and data subject rights under applicable laws including providing advice on what rights exist, how these must be catered for, the scope of requests to exercise such rights, coordinating and supporting technical and non-technical teams to fulfill requests, reviewing responses to data subjects, and monitoring compliance with the legal requirements.
   6. Monitoring and reporting on data privacy compliance across the Wella Company, carrying out risk assessments and gap analysis exercises, identifying shortcomings, advising on risk and making recommendations for remediation.
   7. Acting as a point of escalation for data incidents, supporting investigation and management of the same and advising in relation to breach reporting requirements.
   8. Supporting Wella Company’s interactions with privacy regulators, law enforcement and customers on privacy matters as appropriate.
   9. Managing the administration of the Privacy Management Platform and the relationship with the vendor (currently OneTrust) including but not limited to:
      1. Maintaining the organisational structure of records and attributes (entities, assets, processing activities etc.) within all available Apps in the platform

1. 1. 2. Assigning roles and granting/managing access to the platform
      3. Building and maintaining appropriate templates, (assessment questionnaires, DSR response templates, cookie banner templates)
      4. Assigning, launching, monitoring and reviewing responses to assessment questionnaires
      5. Creating and maintaining the subtasks, assets and workflows in the Privacy Rights Automation module; supporting the Data Subject Rights (DSR) process and monitoring the fulfilment of requests.
      6. Creating ad hoc reports.

2. As a subject matter expert in privacy laws in the USA and Americas region, supporting the Global Data Privacy Officer to define and implement the strategy for the Data Privacy Compliance Programme in the USA and Americas region including but not limited to:
   1. Monitoring the external environment, reviewing and assessing new privacy laws, regulations and risk trends in the region, and providing timely advice regarding their implications to the Wella Company and its operations in that region.
   2. Creating, implementing and maintaining specific local (or variations to global) policies, standards, processes, notices, templates etc., where appropriate, including but not limited to those pertaining to the collection and use of sensitive personal information, consent management, data subject/consumer rights, disclosure, data sharing and data processing agreements.

QUALIFICATIONS /SKILLS

• 5 years’ experience working in privacy/data protection, preferably some in-house.
• Strong knowledge of US and Latin American Privacy laws and understanding of other global privacy laws including EU GDPR.
• Relevant Privacy Certification (e.g., CIPP-US, CIPM) is desirable.
• Ability to multi-task, work proactively and independently.
• Experience of working within a global organization.
• Good project/change management skills. Ability to engage with multiple stakeholders and to partner with the business and functions to get things done.
• Self-starter, take the initiative and operate with a sense of urgency, decisiveness and responsiveness with minimal supervision, know when to seek help and be a part of a team as required.
• Demonstrate a positive, professional and collaborative demeanor to build trustful relationships with stakeholders and leadership.
• A highly agile individual with business acumen, and unquestionable integrity.

We disclose the compensation range for positions in compliance with local law. Actual salaries will vary and may be above or below the range based on various factors including but not limited to location, experience, skills and in comparison to internal incumbents currently in similar roles. Pay Range: $135,000 - $160,000 salary per year. The range listed is just one component of Wella Company's total rewards package for employees. Other rewards may include annual bonus plan or variable pay, depending on the role. In addition, Wella Company provides a rich variety of benefits to employees, including health insurance, life and disability insurance, 401(k) retirement plan, paid holidays and paid time off (PTO).

NOTICES

All qualified applicants will receive consideration for employment without regard to race, color, sex, sexual orientation, gender identity, religion, national origin, disability, veteran status, or other legally protected status.

If you need assistance and/or a reasonable accommodation due to a disability during the application process, please email NA.Recruiting@wella.com. This email account will not respond to inquiries regarding the status of a candidate’s application.

[For CA located postings ONLY]: Qualified Applicants with arrest or conviction records will be considered for employment in accordance with the Los Angeles County Fair Chance Ordinance for Employers and the California Fair Chance Act. 

Information regarding your rights: Know Your Rights and Pay Transparency Nondiscrimination Provision.