Analyst II, Cybersecurity- Information Risk Management

About The Position

Requirements

• Bachelor’s degree in business / computer science / information systems (or related)
• 2+ years working experience in privacy, technology compliance, IT Audit, cybersecurity, or related experience.
• One or more of the following privacy-focused certifications such as: CIPP, CIPM, CIPT, CIA, CRSC, CISA.
• Experience / familiarity with relevant U.S. legal frameworks and privacy regulation such as: CCPA, GLBA, PCI, NYDFS, CFPB.
• Detail oriented – Possess a keen eye for detail and accuracy in all operations.
• Leverage defined, repeatable methods for managing work and communicating progress and priority.
• Analytical approach – Ability to perform data analysis and trending, problem solve obstacles and find alternative ways to meet and achieve privacy goals.
• Ability to understand and implement information risk and privacy principles across disciplines.
• Apply a risk-based approach to analysis in a fast-paced, rapidly evolving environment.
• Customer Focus – Ability to provide exceptional customer service for our internal partners, with a mindset for understanding their needs and consistently finding ways to exceed expectations.
• Communication – Excellent verbal and written communication skills, with the ability to structure and deliver clear, accurate messaging.
• Ability to create and present concepts to various audiences, facilitate discussion with diplomacy while seeking diverse opinions to reach consensus.
• Collaboration – Strong emphasis on effective relationship building and partnership.
• Demonstrate initiative, ownership, and a service-oriented mindset in all interactions.

Responsibilities

• Facilitate and support regulatory and privacy operations for the company to ensure an effective and compliant posture.
• Serve as the conduit between the business community, Privacy core team, technology, and application development teams.
• Manage the intake, analysis, and completion of privacy requests.
• Facilitate all operational aspects of the privacy lifecycle, including coordinating with technology teams to capture, assess, and process data subject access requests (DSAR) timely and accurately.
• Implement, execute, and measure the privacy program and related services consistently and effectively using service delivery principles.
• Prepare and deliver regular program updates with KPIs that illustrate volumes, trends, and risk areas to stakeholders.
• Maintain appropriate work management practices and backlogs to meet or exceed SLAs.
• Identify and implement opportunities to simplify and strengthen privacy risk management processes and capabilities using process analysis, automation, and AI.
• Utilize standalone and integrated platforms in daily operations and perform system improvements and administration.
• Facilitate ongoing data privacy assessments of internal systems to effectively manage data sensitivity risk across the enterprise.
• Own and manage the technology and information security focused guidance to ensure all policies, procedures, standards, and job aids remain current, published, and available for associates.
• Document and maintain clear, effective reference documentation (playbooks, processes, job aids, technical diagrams) as an internal knowledgebase and for ease of customer experience.
• Participate in related strategic and tactical projects as necessary to mature the privacy operations function.
• Exhibit ownership, follow-through, initiative, awareness, and effective communication with peers and management.
• Speak to details of privacy operations.
• Maintain a strong knowledge base and awareness of industry and technological trends, external regulations for new or changed requirements within privacy and technology for core processes (e.g., NIST, PCI, ITIL, data privacy etc.).