Data Privacy Analyst

About The Position

Requirements

• Bachelor’s degree in Information Security, Privacy, Law, Business, Computer Science, or related field, or equivalent professional experience.
• 2–5 years of experience in data privacy, compliance, governance, or cybersecurity programs.
• Familiarity with U.S. state privacy regulations such as CCPA/CPRA and other emerging privacy frameworks.
• Experience managing DSAR processes, privacy impact assessments, or data mapping initiatives.
• Experience working with cross-functional stakeholders including legal, IT, and business units.
• Strong understanding of data privacy principles, regulatory requirements, and risk management practices.
• Ability to analyze complex regulatory requirements and translate them into practical operational controls.
• Excellent organizational and project management skills.
• Strong written and verbal communication skills with the ability to explain privacy concepts to non-technical stakeholders.
• Detail-oriented with strong analytical and problem-solving abilities.
• Ability to work independently while collaborating across diverse teams.

Nice To Haves

• Experience in hospitality, retail, or consumer-facing industries where large volumes of consumer data are processed.
• Experience working with privacy management platforms or consent management tools (e.g., OneTrust, TrustArc, BigID, Securiti).
• Certified Information Privacy Professional (CIPP/US)
• Certified Information Privacy Manager (CIPM)
• Certified Information Systems Security Professional (CISSP) or related certification

Responsibilities

• Privacy Compliance & Governance Monitor and interpret evolving data privacy regulations including CCPA/CPRA, Virginia CDPA, Colorado CPA, Connecticut CTDPA, Texas TDPSA, Florida Digital Bill of Rights, and other emerging state privacy laws.
• Assist in the development, maintenance, and operationalization of the organization’s data privacy program, policies, and procedures.
• Conduct privacy risk assessments and support Privacy Impact Assessments (PIAs) or Data Protection Impact Assessments (DPIAs) for new initiatives involving personal data.
• Maintain and update data inventories and data flow mappings to ensure visibility into how personal data is collected, stored, processed, and shared.
• Coordinate and manage Data Subject Access Requests (DSARs) and other consumer rights requests including access, deletion, correction, and opt-out requests.
• Work with internal stakeholders to ensure timely and compliant responses within statutory timelines.
• Maintain documentation and reporting related to privacy requests and regulatory obligations.
• Conduct vendor privacy reviews and assessments to evaluate third-party data protection practices.
• Support contract reviews and assist Legal in ensuring appropriate data protection and privacy clauses are included in vendor agreements.
• Monitor vendor compliance with data protection requirements and coordinate remediation efforts where necessary.
• Collaborate with IT, Marketing, HR, Product, and Digital teams to integrate privacy considerations into new technologies, campaigns, and business initiatives.
• Provide guidance on data minimization, consent management, retention policies, and responsible data use.
• Support implementation and operational management of privacy technology platforms (e.g., consent management, DSAR workflow tools, data discovery solutions).
• Track privacy program metrics, including DSAR volumes, response times, and vendor assessment outcomes.
• Prepare reports for leadership on privacy compliance posture, risks, and program maturity.
• Assist in developing and delivering privacy training and awareness programs for employees.