The Data Protection and Privacy analyst role is responsible for assisting the Director, IT Data Protection and Privacy in the execution of the global data protection and privacy program and standardization of security controls necessary for compliance with data privacy/protection regulations as well as contract obligations. This role helps drive data security efforts by empowering IT operations and project teams with enterprise data security policies, technology standards, industry regulation guidance, awareness campaigns, and best practices.
- Execute procedures for vetting and auditing vendors for compliance with privacy and data security policies and legal requirements
- Perform impact assessments when organization creates or changes procedures for handling confidential data or as applicable regulations require
- Examine data security controls, identify data privacy protection gaps, and advise necessary remediation
- Develop, maintain and update Data Governance Policy, related standards and documentation
- Assist with the development and execution of privacy and data protection control testing and reporting; proactively devising solutions to any privacy issues found in testing
- Education: Bachelor’s Degree in Business, Accounting, Information Technology, or other quantitative discipline.
- 4 + years of broad privacy and data protection, information security, compliance or legal experience working for a multi-national organization
- 2+ years online retail experience
- 2+ years of assessment experience
- Sound understanding of security principles, such as logical access controls, change control, least privilege, segregation of duties, computer operations, identity and access management, network security, vulnerability management, and secure coding.
- General to intermediate understanding of data protection regulations and standards (e.g., Safe Harbor/Privacy Shield, EU Data Protection Directive, EU directive 95/46/ec, EU Cookie Law, etc.).
- Strong technology acumen and the ability to assess data privacy gaps in products/services design
- Sound understanding of information security governance frameworks and related controls
- Experience with common information security management frameworks, such as International Organization for Standardization (ISO) 2700x, ITIL, CSC20, COBIT and National Institute of Standards and Technology (NIST) frameworks
- Broad technical understanding of data management platforms (e.g., IBM DB2, Oracle, Microsoft SQL Server, etc.) and associated data security controls.
- Familiar with global, national and state privacy rules and regulations including regulatory agency requirements
- Familiar with assessing Data protection and privacy contract terms
- Expert understanding of data classification, data protection, and data retention standards and practices.
- Familiarity with common enterprise, web, and mobile application technologies
- Familiarity with developing privacy and information security training programs
- Ability to maintain a high degree of confidentiality
- Strong analytical and time management skills
- Ability to adapt quickly to a rapidly changing environment
- Available to travel up to 20%
- Certified Information Privacy Professional (CIPP)
- Industry Standard Security certifications including: SANS, CEH, CISA, CISM, CISSP, and CSSLP
- Certified Information Security Auditor (CISA)
Job Type: Contract
Salary: $45.00 to $65.00 /hour
- Information Security: 3 years (Required)
- Information Privacy: 3 years (Required)
Full Time Opportunity: