Information Security Privacy Analyst
This role requires an individual with a sufficiently technical background, a solid understanding of data security, and a demonstrated knowledge of privacy related laws, regulations, industry standards and accreditations. The Information Security & Privacy Analyst should be well versed in evolving and integrating key privacy fundamentals in to information security programs to attain a high level of maturity. This position carries the responsibility to ensure the timely identification, remediation, and tracking of technical, procedural, and policy-based items that may impact the organization’s privacy protections or privacy-related compliance initiatives. This role will also be responsible for maturing the existing Data Privacy efforts, including: writing policies and documentation, conducting privacy impact assessments, preparing privacy event response planning, coordinating or conducting organization wide training on privacy principles, communicating complex topics with the CISO and the security team.
- Minimum 5 years Privacy and Information Security experience, preferably in the areas of audits and compliance initiatives
- Provide privacy leading practice guidance to senior and business unit leaders
- Advocate for key privacy & governmental affairs issues
- Ensure all policies, procedures, systems, and standards of conduct are compliant with governmental statutes, rules, and regulations as relates to corporate privacy and other key compliance areas
- Oversee and monitor all corporate privacy programs, including maintenance and audits
- Serve as a liaison with Corporate Legal to prioritize and assist with contract negotiations, contract completion, and other legal matters related to privacy
- Comprehensive knowledge of information security principles, protocols, practices and industry standards
- Responsible for the performance of assigned audit reviews.
- Assist in evaluating management’s responses to proposed recommendations for improvement of process/control environment.
- Provides oversight for the establishment, implementation and adherence to policies and standards that guide and support the privacy terms of the information security strategy
- Comprehensive knowledge of ISO 27001, GDPR and PCI DSS.
- Strong understanding of audits, risk and compliance
- Excellent collaborative and influencing skills
- Strong program management, project management, and execution and delivery oversight
- Attention to detail around controls, metrics, accountability and operational excellence
- Excellent technical writing and communication skills
- Excellent research and analytical skills
- Proficient with office tools and technologies such as Word, Excel, VBA, PowerPoint and Visio
- Bachelor’s degree in Computer Science, Information Technology, Business, Law or similar related area of study required
- Must have at least one of these certifications CIPM, CIPP, CISA, CISM or similar
- Extensive privacy laws knowledge including international regulations
- Skilled in the development of processes and programs
- Experience working with and presenting technical issues to senior leadership
- Experience with privacy and security compliance testing
- Previous experience at a startup
- Strong global acumen (experienced in working with international teams)
- Strong desire to learn (especially data science concepts)
- Skilled at creative problem solving and breaking problems into achievable parts
- Skilled at collaborating closely with team members
- Previous technical leadership experience
- Self-Starter, strategic thinker, negotiator, and consensus builder