As the Senior Data Privacy and Compliance Analyst, you will be responsible for the compliance needs and activities for the entire organization. You will be expected to work with our IT teams, legal, and business units to set-up and manage the data privacy standards for the organization. You will also be responsible for Risk mitigation management, and global policy management. This position reports to the Director of Information Security.
- Overall administration and management for ongoing company compliance with
- HIPAA * Manage the design, implementation, maintenance, and enforcement of privacy policies, procedures, and controls.
- Identify technological opportunities and evaluate the information security and privacy impacts on clients’ business
- Oversee Vulnerability and Threat Management
- Perform Risk Assessment and recommending risk mitigation strategies
- Manage security incident response operations across all business units, according to documented procedures and industry best practices
- Manage information security awareness and training
- Third Party Vendor Management utilizing SIG assessment tools
- Management and completion of client-based security assessments and audits
- Up to 20% travel domestically and internationally will be required for this role
- Bachelor’s degree in Computer Science, Information Security or related major or commensurate work experience
- 5+ years working experience in data privacy and /or IT Compliance
- Experience in accessing and managing cyber risk.
- Thorough knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy for GDPR and EU Data Protection, PCI-DSS, SSAE18, and HIPAA
- Knowledge and experience working with data encryption technologies.
- Experience with Application Security & Application Penetration Testing
- Experience in cybersecurity frameworks such as NIST, COBIT, ISO
- Experience with Business Continuity testing and planning
- Advanced knowledge of working in environments that adhere to regulatory compliance (PCI-DSS, SSAE-18, HIPAA, etc.,)
- Advanced knowledge of Incident response handling for security incidents
- Experience with Veracode or similar secure application testing software
- Experience designing data privacy controls for GDPR for locations residing outside the USA.
- Experience or understanding of Data Protection Authority is preferable.
- Experience with Privacy Shield self-certification and is a plus.
- Security Certifications preferred but not limited to:
- Certified Information Systems Security Professional – (CISSP)
- Certified Information Systems Auditor – (CISA)
- Certified Information Security Manager – (CISM)
- Data Protection or Data Privacy Certification(s)
- Manage individual workload and deliver to agreed-upon timelines
- Excellent analytical and organizational skills and attention to detail
- Outstanding customer service skills
- Demonstrate the ability to work in a team environment
- Excellent written and verbal communication skills
Job Types: Full-time, Permanent
- IT Compliance: 5 years (Required)
- data privacy: 5 years (Required)
- English (Required)