The Data Protection Manager, AI (DPMAI) reviews and advises on compliance aspects and risks of technical solutions that process personal data and involve artificial intelligence, machine learning, or automated decision making (including, but not limited to GenAI-based solutions).
The DPMAI adds technical AI expertise as well as in-depth knowledge of applicable laws, regulations and guidance to BCG's Data Protection Office and collaborates closely with the DP Office members, Information Security Architects, case teams and functional teams. Activities include consultation, initial assessments, risk and compliance assessments of IT systems, both data protection and data transfer impact assessments, development and review of policies and risk mitigation measures.
The ideal candidate has a background in information security or information technology and data protection with work experience in a data protection team, preferably in a multinational professional services environment.
YOU'RE GOOD AT Responsibility for assessment of applications and services with AI components (Ensuring GDPR, CCPA and other data protection compliance requirements)
Identify privacy risks and translate to scalable, pragmatic controls for data collection, storage, access, usage, and deletion, in an AI context
Establishing and maintaining guidelines for technical teams and case teams that ensure compliance of technical and organizational data protection measures, including, but not limited to the use of personal data for training and application of AI, security-by-design, privacy-by-default, data minimization, anonymization or pseudonymization
Execution of Data Transfer Impact Assessments and Data Protection Impact Assessments
Audits of data protection controls (both technical and procedural)
YOU BRING (EXPERIENCE & QUALIFICATIONS) The ideal candidate will have knowledge of data protection laws, regulations, and guidance (e.g., GDPR, DPA 2018, ePrivacy Regulation, CCPA, LGPD), and an IAPP or other certifications.
Solid understanding of neural networks and machine learning technologies, including concepts of bias, hallucination and drift
Existing knowledge of AI related regulations and guidance documents and the willingness and ability to keep this knowledge updated
Experience in carrying out data protection impact assessments
Demonstrable IS and IT skills, including software development skills (e.g., Python, C# or C++)
Experience with Agile methodologies and product development frameworks
Work experience in a multinational organization
Ability to research and distil information to solve complex commercial data issues
Ability to handle information and business affairs with secrecy and confidentiality as appropriate
Proven ability to complete tasks and to effectively manage multiple priorities under time pressure
Strong communication skills, both written and verbal; fluent in English
Excellent academic credentials
Role requires occasional (<5%) travel to office and Global Services hub locations.
#J-18808-Ljbffr