Privacy Analyst

Location: Grapevine, TX, United States
Date Posted: 01-25-2019
SCOPE OF POSITION: This position will support the Sr. Manager, Information Security Systems, Data and Privacy in developing and maintaining a comprehensive enterprise-wide privacy program.  The Privacy Analyst will lead several efforts pertaining to privacy governance, data collection practices, and administrative security.  The Privacy Analyst will also be responsible for supporting privacy-related procurement and overseeing vendor management activities.   
KEY RESPONSIBILITIES:  The Privacy Analyst will be tasked with the following responsibilities/duties, all in accordance with applicable Federal, State and local laws / regulations as well as ratified policies, procedures, and guidelines: 
  • Serving as the central point of contact for all privacy and compliance activities.
  • Coordinating with 3rd party auditors and assessors to ensure timely and successful completion of audits.
  • Serving as a subject matter expert (SME) on controls standards such as NIST 800-53, 800-66, and 800-171; as well as regulations such as HIPPAA, FERPA, GDPR, FedRAMP and FISMA.
  • Creating and maintaining internal documentation repositories for all compliance activities. 
  • Reviewing documentation and artifacts related to compliance activities.
  • Creating, maintaining, and enhancing the privacy program, partnering with various departments in continuous policy development and maintenance related to Enterprise Privacy Management and Information Security mandates and concerns, as well as overseeing and executing compliance and advocacy enhancement initiatives.
  • Supporting privacy training programs and related strategic outreach and communication efforts.
  • Assisting in regulatory reviews, data protection audits, and privacy reviews
  • Communicating with internal teams affected by new laws and regulations and monitors to assure that necessary changes to policies and procedures are made.
  • Serving as an internal expert resource for privacy compliance.
  • Managing identification and rollout of scalable technologies to support global privacy compliance, including developing usage policies and guidelines, as well as audit and control processes.
  • Execute data mapping & data classification exercises in conjunction with company departments and data owners.
  • Conduct authorization/ privilege audits for roles and accounts within vital legacy and new enterprise applications.
  • Conduct data & privacy impact analysis for legacy & new enterprise applications.
  • Performing other similar duties as assigned/required including. 
  • Bachelor’s degree or equivalent work experience required. 
  • Minimum of 5 to 7 years of relevant experience in consumer finance environment. 
  • 3-5 years of privacy or security experience. 
  • Certifications such as CIPP, CIPM, CIPT, CISA, CRISC strongly preferred & highly desirable or willingness to obtain relevant certification within 1 year of employment would be ideal. 
  • Strong understanding of U.S. privacy and security regulations. Experience with privacy and security frameworks such as GAPP, ISO 27000, NIST-SP, COBIT and SSAE18, etc.
  • Understanding of “role-based access” and “segregation of duties” protocols.
  • Strong business acumen with the ability to assess risk across a wide range of operational processes.
  • Experience supporting/interpreting 3rd party risk assessments and privacy compliance activities.
  • Strong experience with privacy-related contract review and vendor management processes.
  • Ability to work independently with minimal direction.
  • Strong written and oral communication skills.
  • Strong Microsoft Office skills.
  • Experience with Incident Response and Business Continuity Planning / Disaster Recovery Planning. 
this job portal is powered by CATS