Overview
The Cyber Security Privacy Analyst will play a pivotal role in ensuring the effectiveness, compliance, and continuous improvement of our cyber security privacy program. This position requires a comprehensive understanding of information security & privacy frameworks, privacy regulations, and best practices to support our organization's strategic objectives and mitigate risks.
Key Responsibilities:
· Develop, implement, and maintain information security privacy policies, procedures, and standards in alignment with industry regulations and best practices.
· Conduct regular assessments and audits of privacy controls to identify gaps, vulnerabilities, and areas for improvement.
· Collaborate with cross-functional teams to define and document security and privacy requirements for new systems, applications, and processes.
· Assist in the development and execution of security and privacy awareness and training programs for employees to promote a culture of compliance and risk mitigation.
· Monitor regulatory developments and industry trends related to information security and privacy to ensure ongoing compliance and adaptation of policies and procedures.
· Participate in incident response activities related to information security and privacy incidents, including investigations, remediation, and reporting as necessary.
· Serve as a subject matter expert on information security privacy matters, providing guidance and support to internal stakeholders and business units.
· Coordinate with external auditors and regulators during compliance assessments and audits, providing documentation and evidence as required.
· Support the implementation and maintenance of security and privacy-related technologies and tools, such as data loss prevention (DLP) and identity and access management (IAM) systems.
· Collaborate with legal and compliance teams to ensure contractual agreements and vendor relationships comply with applicable information security and privacy requirements.
Education
• Bachelor’s degree in information security, Computer Science, Legal Studies, or related field. (Preferred)
Certification/Licensure
Professional certifications such as CIPP/E, CIPP/US, CISSP, CISM, or equivalent preferred
Experience
• Minimum of 5 years of experience in cyber security privacy, cyber governance, compliance, or related roles with a bachelor's degree
• Minimum of 7 years total experience in cyber security privacy, cyber governance, compliance, or related roles without a bachelor's degree
• In-depth understanding of information security frameworks (e.g., ISO 27001, NIST Cybersecurity Framework) and privacy regulations (e.g., HIPAA Privacy Rule, ISO 27701).
• Experience conducting security and privacy risk assessments, audits, and compliance reviews.
• Excellent communication skills, with the ability to convey complex technical concepts to non-technical stakeholders.
• Strong analytical and problem-solving skills, with attention to detail and the ability to prioritize tasks effectively.
• Ability to work independently and collaboratively within a team environment.
• Experience working with privacy-enhancing technologies and tools is a plus.
• Self-starter – owns the role and understands next steps and proactively takes them.