Data Privacy and Protection Technology Lead

About The Role at S&P Global

As the Data Privacy and Protection Technology Lead at S&P Global, you will be a pivotal member of our enterprise data privacy/protection and data governance functions. Your role involves collaborating with various divisions and corporate functions to operationalize our data privacy, protection, and governance programs. You will take ownership of our data privacy governance tool, including the OneTrust Privacy Governance tool, and lead Privacy Impact Assessment (PIA) and Data Protection Impact Assessment (DPIA) processes for new projects, assets, systems, and products. Additionally, you will oversee the day-to-day operations of the team while advancing strategic initiatives within our information governance and data privacy programs.

What’s in it for you:

• Collaborate with each division and corporate function across the enterprise.
• Be an integral part of enhancing and developing the program, working alongside executive leadership to drive our team forward.
• Take charge of your success by selecting and managing projects to completion.

Responsibilities

• Leading the implementation, integration, and management of privacy-enhancing technologies to ensure compliance with global data privacy laws.
• Overseeing the implementation of AI tools for the Data Privacy, Protection, and Governance team.
• Oversight of the Data Privacy, Protection and Governance Team’s AI governance program.
• Advising on privacy risks while working closely with IT and business teams.
• Configuring and deploying privacy tools, including OneTrust, to support compliance efforts.
• Owning and managing the Privacy Impact Assessment and Data Protection Impact Assessment processes.
• Providing data privacy compliance consultation to S&P Global business lines and corporate functions.
• Overseeing the management of the OneTrust Privacy Governance tool.
• Collaborating with procurement and third-party risk teams to assess new vendors’ abilities to comply with internal and global privacy policies and regulations.
• Assisting with the implementation and annual management of privacy compliance policies and procedures.
• Contributing to data mapping, privacy training, and incident response efforts.
• Managing other projects and duties as assigned.

Basic Qualifications

We are looking for candidates with:

• BA/BS degree in legal, Information Technology, or a related field, or equivalent technology/business management degree preferred but not required.
• Experience configuring, administering, and integrating platforms for RoPA, DSRs, cookie compliance, and data mapping.
• Advanced administrative experience with the OneTrust Governance Tool.
• Strong understanding of cookies, local storage, tracking technologies, and how they are deployed.
• Experience with Tag Managers and the ability to configure consent-based firing rules.
• Ability to implement and troubleshoot Consent Management Platforms.
• Understanding of data flows, system integrations, and APIs.
• Basic SQL, Python or scripting, including 1-3 years’ experience with JavaScript SDK and RESTful APIs.
• Familiarity with cloud platforms (AWS, Azure, GCP) and how data residency, logging, and storage work.
• Understanding of SaaS data flows and vendor integrations.
• Ability to serve as an effective liaison, bridging the legal and compliance privacy team with technical teams.
• Understanding of data privacy concepts and compliance.
• 5 or more years of applicable working experience in data privacy and protection technology management and implementation preferred.
• Excellent attention to detail with strong project management and time management skills.
• Exceptional problem-solving and cross-group collaboration skills, including conflict resolution and negotiation capabilities.
• A proactive self-starter with the ability to balance multiple tasks effectively and prioritize.
• Someone with a growth mindset that owns outcomes, follows through on commitments, meets deadlines and thrives in changing environments and adjusts quickly to new priorities.

Flexible Working:

S&P Global values agility and diversity, welcoming requests for flexible working arrangements. Flexible hours and/or remote working are usually possible for most roles. Please discuss your preferred arrangement during the interview.

Key skills/competency

• Data Privacy Laws
• Privacy-Enhancing Technologies
• OneTrust Governance Tool
• Privacy Impact Assessment (PIA)
• Data Protection Impact Assessment (DPIA)
• AI Governance
• Consent Management Platforms
• JavaScript SDK
• RESTful APIs
• Cloud Platforms (AWS, Azure, GCP)