|Date Posted||November 27, 2019|
Contract to Hire
Summary of Role
Reporting to the Director, Privacy & Regulatory Compliance, this position is part of ***'s Global Information Security organization. The Privacy & Regulatory Compliance analyst is a vital role in the implementation of the Data Privacy program and regulatory initiatives. This position involves working with teams across the organization to understand and assess Data Privacy and access regulatory compliance requirements impacting ***.
This role will assist in the facilitation of the organization's compliance regulatory requirements, such as but not limited to General Data Protection Regulation (GDPR), New York Department of Financial Services (NYDFS), Payment Card Industry-Data Security Standards (PCI-DSS), Health Insurance Portability and Accountability (HIPAA), and California Consumer Privacy Act (CCPA). Moreover, this role will be required to assist in the development of Data Privacy governance and necessary elements to implement execution & control, program management & oversight and independent assurance.
• Assist in the annual review of Compliance and Privacy programs include process and standards, policy and policy review, audit calendar and other annual requirements as needed.
• Conducts Privacy Impact Assessments of identified applications and/or business processes identified as in-scope for GDPR and/or other Data Privacy and regulatory/compliance areas, including but not limited to development and completion of action plans to address findings.
• Participates in developing and implementing action plans to maintain compliance with internal and external regulatory bodies.
• Provide guidance during development of internal systems used by the business to ensure appropriate compensating controls are in-place for ongoing compliance.
• Assists in the monitoring and investigations of operational issues relating to compliance matters or items resulting from Data Privacy Impact Assessments.
• Utilizes tools to assess Data Privacy and Regulatory Compliance related matters as it pertains to *** and the organizations privacy and compliance requirements.
• Technical acumen to manage and enhance enterprise Data Privacy tools and solutions.
• Assists in the development and provides privacy training and communications to address a variety of privacy issues and programs.
• Assist with the identification of process improvements focusing on continuous improvement to move from manual to automated processes pertaining to security/data privacy controls.
• Provide appropriate reports and updates to GIS management on data privacy matters and assist with the creation/development of appropriate tracking metrics.
• Additional responsibilities as required.
• Bachelor's degree in a business-oriented or related discipline.
• Working knowledge of common IS security regulations and standards, such as ISO/IEC 27001 and 27002, FISMA, the NIST Cybersecurity Framework and NIST Special Security Publications and AICPA SOC2 required.
• Three or more years of experience conducting security control assessments or IT audits
• Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), Certified Internal Auditor (CIA), and other applicable certifications preferred.
• Experience in the areas of risk analysis and data, information and application security management, IT security standards and best practices, and privacy and security legislation.
• Strong analytical and problem-solving skills, strategic, innovative and creative thinking with ability to assist in developing best practices.
• Strong technical ability and previous server and networking experience.
• Strong verbal and written communication skills with the ability to communicate cybersecurity related concepts to a broad range of technical and non-technical staff.
• Must demonstrate proficiency in the areas of HIPAA, NYDFS, Sarbanes-Oxley, and PCI-DSS controls and regulatory standards.
• Networking and relationship building skills.
• Ability to work independently, in a team setting.
• A high level of initiative.
• Willingness to travel as required.