Since our founding in 1919, The New School (TNS) has redrawn and redefined the boundaries of intellectual and creative thought as a preeminent academic center. Our rigorous, multidimensional approach to education dissolves walls between disciplines and helps nurture progressive minds. At our university, students have the academic freedom to shape their unique, individual paths for a complex and rapidly changing world. Our colleges include Parsons School of Design, Eugene Lang College of Liberal Arts, the College of Performing Arts, The New School for Social Research, the Schools of Public Engagement, and Parsons Paris.

Working at The New School comes with several unique benefits including a generous time off policy and a tuition benefit for employees and their dependents.

The New School seeks an experienced, service-oriented Privacy Engineer to lead the design, development, implementation, and operation of The New School’s privacy solutions to safeguard personal information used by The New School and ensure that the university complies with applicable data privacy laws and does not violate the privacy rights of individuals.

Modern privacy laws and regulations require that IT systems, networks, and applications implement privacy by design and by default. This position will be responsible for working with software developers, system and network engineers, application and database administrators, and project managers to help them build data protection and information security measures into new and existing data processing environments. This position will report to the Director of Information Security.

Major Responsibilities

  • Participate in the performance of a university-wide information audit (data inventory and dataflow analysis) to identify the personal data held by the university, and the design and implementation of processes and procedures to keep the inventory and dataflow records current.
  • Lead the design, development, and implementation of a Data Protection Impact Assessment (DPIA) process, with a focus on the portion of the process that identifies technological measures to address risks to the rights and freedoms of data subjects, including safeguards, security measures, and mechanisms to ensure the protection of personal data.
  • Work with software developers, system and network engineers, and application and database administrators to review their designs and implementations and verify that they (a) support the privacy and data protection requirements of university business processes and procedures and (b) implement necessary and appropriate data protection (information security) safeguards. Identify gaps and contribute to the development of project plan(s) to close the gaps and meet the data protection requirements set forth by applicable national and international data privacy and security laws and regulations.
  • Lead the design, development, and implementation of information technology solutions to support the response to data subject rights requests, including access and rectification, data portability, right to withdraw consent, right to object, right to be forgotten, right to restriction of processing and not to be subject to automated decision-making and profiling.
  • Provide advice and guidance to software developers, system and network engineers, application and database administrators, and project managers about the privacy and data protection requirements of current and new laws and regulations.
  • Contribute to the development and delivery of initial and ongoing training on technology-related privacy topics to IT personnel.
  • Participate in the investigation of and response to privacy complaints and privacy related incidents.
  • Maintain current knowledge of applicable state, federal, and international privacy and data protection laws and regulations.
  • Collaborate with the privacy compliance lead to design, build, and implement the privacy and security quality management system.
  • Collaborate across the university to enable the New School Privacy program.

Minimum Qualifications:

  • Working knowledge of data protection laws and practices (including GDPR, GLBA, and FERPA) that aligns with The New School’s data processing operations and level of data protection required for the personal data processed by data controllers and data processors.
  • Strong technical understanding of encryption, pseudonymization, anonymization, and tokenization algorithms, technologies, and methods.
  • Working knowledge of ISO 27000 series of standards.
  • Hands-on programming experience in major languages, e.g., Java, C/C++, Python, PHP, etc.
  • Technical working knowledge of Windows Server and Linux operating systems, Java EE/ASP.NET application design, RESTful APIs and SOAP web services, RDBMS and NOSQL databases (Oracle, MSSQL, MySQL, Mongo DB).
  • Prior employment in a privacy- or information security-related role with experience in risk assessment, control selection, and control implementation.
  • Demonstrated ability to use superior judgment and discretion in dealing with sensitive and confidential information.
  • Comfortable working on teams comprised of technical and non-technical members, as well as able to work independently with minimal supervision.
  • Self-directed and detail-oriented, with excellent problem-solving skills and a record of solving complex problems.
  • Ability to see a project through from start to finish, including analysis, design, planning, testing, and implementation.
  • Good written and oral communication skills, including the ability to explain complex technical issues to non-technical individuals.
  • Excellent documentation skills and the willingness to use them.
  • Bachelor’s degree.

Preferred Qualifications:

  • Familiarity with Ellucian Banner, Workday, Starfish, Canvas, and other software solutions used in the higher education market.
  • Knowledge of cloud platforms (Amazon AWS, Microsoft Azure) and the capabilities of their specific products and services a plus.
  • Familiarity with HIPAA security and privacy requirements.
  • IAPP CIPM/CIPT, ISC2 CISSP, and/or ISACA CISA certifications a plus.