Location: Hershey, PA
Department: Legal / Privacy & Data Compliance
Summary of Role:
This position plays a critical role in Hershey's enterprise risk management and privacy programs by managing digital risk assessments driving risk intelligence.
Role Responsibilities:
• Manage digital risk assessment process including Privacy and AI, working collaboratively with internal and external stakeholders to ensure accurate risk identification and assessment
• Primary advisor to the business on Privacy risk and compliance for specific use cases, helping to develop proposed solutions to achieve desired business outcomes while upholding compliance
• Support digital risk tracking and remediation planning processes, including proper controls and accountability
• Maintain accurate documentation to meet regulatory requirements (i.e. Record of Processing Activities [ROPAs], Data Protection Impact Assessment [DPIAs], Transfer Impact Assessment [TIAs], High risk AI use cases)
• Partner with data governance and InfoSec teams to establish enterprise data mapping to enable accurate risk management
• Review systems and processes for proper adherence to Hershey data retention, usage, and privacy/AI policies
• Effectively communicate and collaborate with all departments and job levels across the enterprise
• Ability to facilitate timely collaboration with risk domain owners and proper escalation on high-risk use cases
• Lead staff augmentation resources effectively and efficiently
Desired knowledge, skills, and abilities:
• Experience managing risk assessment processes (i.e. Privacy Impact Assessments [PIA], AI Assessments)
• Working knowledge of privacy and AI regulations including technology trends to enable the business on risk mitigation
• Experience working in an enterprise Privacy SaaS tool (i.e. OneTrust or equivalent) specifically for PIAs, Risk Management, or Risk Intelligence
Minimum Education and Experience Requirements:
• Education –
• Bachelor’s degree in related field
• Experience –
• At least 3+ years in privacy and/or risk management required
• Privacy certifications (i.e. CIPP, CIPM, or CIPT) and/or risk management certifications strongly preferred
• OneTrust application or equivalent tool certifications strongly preferred
• Experience in CPG preferred
#LI-TL1
#LI-Remote
Apply Now
Apply Now