Privacy and Security Manager

Hi, We’re AffiniPay! 

AffiniPay is a leading fintech company, based out of Austin, Texas. As the market leader in professional services payments and practice management software, AffiniPay’s tech products serve legal, accounting, architectural, engineering and construction firms. AffiniPay has been recognized as one of Inc. 5000’s fastest growing companies in the U.S. for 11 years in a row, and as a result, our teams continue to grow as well! 

We are seeking a highly skilled and experienced Privacy and Security Manager to join our team. In this role, you will be responsible for developing, implementing, and maintaining our organization's privacy and security. You will play a crucial role in safeguarding our company's sensitive information and ensuring compliance with relevant laws and regulations. The ideal candidate will possess a deep understanding of privacy and security best practices, strong analytical skills, and the ability to communicate effectively with stakeholders at all levels of the organization.

What You’ll Do

• Develop and Implement Privacy and Security Policies: Design, implement, and enforce policies and procedures to protect the confidentiality, integrity, and availability of sensitive information, ensuring alignment with compliance requirements.
• Risk Assessment and Management: Conduct regular risk assessments to identify potential vulnerabilities and threats to the organization's privacy and security. Develop strategies to mitigate risks and respond to security incidents in compliance with regulatory requirements.
• Compliance Management: Stay up-to-date with relevant privacy and security laws, regulations, and industry standards. Ensure compliance with requirements such as PCI, GDPR, CCPA/CPRA, HIPAA, and others applicable to our organization. Develop and maintain a compliance roadmap and ensure adherence to it.
• Security Awareness Training: Develop and deliver privacy and security awareness training programs for employees to promote a culture of security consciousness throughout the organization.
• Vendor Management: Evaluate and manage third-party vendors and service providers to ensure they meet our privacy and security standards. Conduct due diligence assessments and monitor vendor compliance.
• Incident Response: Partner with the VP and manager of Information Security on the response to privacy and security incidents, including investigating breaches, coordinating with relevant stakeholders, and implementing corrective actions to prevent future incidents, ensuring compliance with regulatory reporting requirements.
• Privacy Impact Assessments (PIAs): Conduct PIAs for new projects, systems, or processes to assess and mitigate privacy risks. Work closely with cross-functional teams to integrate privacy considerations into project planning and development.
• Data Governance: Develop and maintain data governance frameworks, including data classification, retention policies, and data access …