Vacancy expired!
- The Data Privacy Analyst will be tasked with the following responsibilities/duties, all in accordance with applicable Federal, State and local laws / regulations as well as company policies, procedures, and guidelines:
- Serving as the central point of contact for all privacy and compliance activities.
- Coordinating with 3rd party auditors and assessors to ensure timely and successful completion of audits.
- Serving as a subject matter expert (SME) on controls standards such as NIST Privacy Framework, CSF, 800-53, and 800-171; as well as regulations such as NYDFS, CCPA, CPRA, CDPA, GDPR, FedRAMP and FISMA.
- Creating and maintaining internal documentation repositories for all compliance activities.
- Reviewing documentation and artifacts related to compliance activities.
- Creating, maintaining, and enhancing the privacy program, partnering with various departments in continuous policy development and maintenance related to Privacy concerns and as well as overseeing and executing compliance and advocacy enhancement initiatives.
- Supporting privacy training programs and related strategic outreach and communication efforts.
- Support the development and implementation of Vendor Risk Management policies, procedures, and programs with a focus on maintaining Information Security and Privacy Management standards and policy objectives.
- Partner with "third-party" relationship owners and the CMO/VMO to help ensure that third-party selection and management processes are consistently followed by adhering to due diligence and compliance standards for current and prospective vendors.
- Coordinate with Security and IT department managers to analyze and attest to the adequacy of control measures in place with third-party partners by reviewing SOC I and SOC II reports or equivalent supporting documentation.
- Promote and practice strong collaboration with business units in the areas of vendor risk from an implementation, assessment, and training perspective.
- Assisting in regulatory reviews, data protection audits, and privacy reviews
- Communicating with internal teams affected by new laws and regulations and monitors to assure that necessary changes to policies and procedures are made.
- Serving as an internal expert resource for privacy compliance.
- Managing identification and rollout of scalable technologies to support global privacy compliance, including developing usage policies and guidelines, as well as audit and control processes.
- Execute data mapping & data classification exercises in conjunction with company departments and data owners.
- Conduct authorization/ privilege audits for roles and accounts within vital legacy and new enterprise applications.
- Conduct data & privacy impact analysis for legacy & new enterprise applications.
- 3+ years of privacy experience.
- Certifications such as CIPP, CIPM, CIPT, CISA, CRISC strongly preferred & highly desirable or willingness to obtain relevant certification within 1 year of employment would be ideal.
- Strong understanding of U.S. privacy and security regulations.
- Experience with privacy and security frameworks such as GAPP, ISO 27000, NIST-SP, COBIT and SSAE18, etc.
- Understanding of "role-based access" and "segregation of duties" protocols.
- Strong business acumen with the ability to assess risk across a wide range of operational processes.
- Experience supporting/interpreting 3rd party risk assessments and privacy compliance activities.
- Strong experience with privacy-related contract review and vendor management processes.
- Experience with Incident Response and Business Continuity Planning / Disaster Recovery Planning.
Vacancy expired!