This role requires an individual with a sufficiently technical background, a solid understanding of data security, & a demonstrated knowledge of privacy related laws, regulations, industry standards & accreditations. The Information Security & Privacy Analyst should be well versed in evolving & integrating key privacy fundamentals in to information security programs to attain a high level of maturity. This position carries the responsibility to ensure the timely identification, remediation, & tracking of technical, procedural, & policy-based items that may impact the organizations privacy protections or privacy-related compliance initiatives. This role will also be responsible for maturing the existing Data Privacy efforts, including: writing policies & documentation, conducting privacy impact assessments, preparing privacy event response planning, coordinating or conducting organization wide training on privacy principles, communicating complex topics with the CISO & the security team.
- Minimum 5 years Privacy & Information Security experience, preferably in the areas of audits & compliance initiatives
- Provide privacy leading practice guidance to senior & business unit leaders
- Advocate for key privacy & governmental affairs issues
- Ensure all policies, procedures, systems, & standards of conduct are compliant with governmental statutes, rules, & regulations as relates to corporate privacy & other key compliance areas
- Oversee & monitor all corporate privacy programs, including maintenance & audits
- Serve as a liaison with Corporate Legal to prioritize & assist with contract negotiations, contract completion, & other legal matters related to privacy
- Comprehensive knowledge of information security principles, protocols, practices & industry standards
- Responsible for the performance of assigned audit reviews.
- Assist in evaluating managements responses to proposed recommendations for improvement of process/control environment.
- Provides oversight for the establishment, implementation & adherence to policies & standards that guide & support the privacy terms of the information security strategy
- Comprehensive knowledge of ISO 27001, GDPR & PCI DSS.
- Strong understanding of audits, risk & compliance
- Excellent collaborative & influencing skills
- Strong program management, project management, & execution & delivery oversight
- Attention to detail around controls, metrics, accountability & operational excellence
- Excellent technical writing & communication skills
- Excellent research & analytical skills
- Proficient with office tools & technologies such as Word, Excel, VBA, PowerPoint & Visio
- Bachelors degree in Computer Science, Information Technology, Business, Law or similar related area of study required
- Must have at least one of these certifications CIPM, CIPP, CISA, CISM or similar
- Extensive privacy laws knowledge including international regulations
- Skilled in the development of processes & programs
- Experience working with & presenting technical issues to senior leadership
- Experience with privacy & security compliance testing
- Previous experience at a startup
- Strong global acumen (experienced in working with international teams)
- Strong desire to learn (especially data science concepts)
- Skilled at creative problem solving & breaking problems into achievable parts
- Skilled at collaborating closely with team members
- Previous technical leadership experience
- Self-Starter, strategic thinker, negotiator, & consensus builder