The Security Compliance Analyst (Privacy) will be responsible for ensuring that our systems, applications and business process are compliant with emerging privacy regulations such as CCPA, GDPR, HIPAA etc.
Job Duties/Essential Functions:
● Understands and documents complex records of personal processing activities across the enterprise.
● Applies established Privacy scoping criteria.
● Obtains and reviews evidence of compliance to support technical or complex SOX control requirements.
● Conducts technical activities on privacy management including privacy impact assessment, analysis, drafting remediation plans.
● Drives necessary system and process updates.
● Scopes, interprets, and prioritizes both privacy control requirements, controls testing for completeness and accuracy.
● Manages and communicates key compliance milestones for critical systems and complex processes.
● Facilitates interaction between the business and our internal and external assessors and auditors.
● Consults on complex privacy considerations and requirements for architecture, systems design, application design and data lifecycle management.
● Works closely with cross-functional teams and develop strong liaison relationships.
● Stays current with new and evolving security, compliance, privacy topics and technologies via formal training and self-directed education.
● Willingly shares knowledge and experiences with less experienced staff to help grow team talent bench through training and mentoring.
● Regular and reliable workplace attendance at your assigned location.
Ability to operate vehicles, equipment or machinery.
● Computer, phone, printer, copier, fax.
Experience, Skills, Education & Licenses/Certifications Required:
● Service delivery experience in an enterprise environment.
● Privacy knowledge base including but not limited to understanding GDPR and CCPA legislation.
● Understanding of ServiceNow Platform CSM module, ticketing system modules and related capabilities.
● Demonstrated interest in privacy and data protection.
● Understand and able to draw inference on the data mapping and flow (ROPA - Records of processing).
● Collaborate effectively with a diverse range of internal stakeholders including IS stakeholders.
● Ability to work with multiple inter-disciplinary teams.
● Troubleshooting skills for system integration including ServiceNow, websites, databases, APIs.
● Management of technical activities including data discovery, analysis, generation, masking, subsetting, validation, defect resolution, refresh, archival, and purge.
● Problem solving ability to delete, anonymize or mask data ability to work with database administrators and application teams.
● Interact with technical teams to stay involved and abreast of current and emerging technologies and regulations in Privacy space.
● Bachelor's degree or equivalent experience required.
● Successful internal candidates will have spent one year or more on their current team.