Privacy Analyst

About The Position

Requirements

• Six (6) or more years of experience in public policy, regulatory compliance, or legal roles involving financial services, data privacy, data protection, cybersecurity, or cybercrime.
• Strong understanding of legal, regulatory compliance, and/or public policy issues related to data privacy, data protection, and cybersecurity.
• Foundational knowledge of current privacy laws, regulations, and principles, with a demonstrated ability and willingness to learn and adapt in a rapidly evolving regulatory environment.
• Excellent written, verbal, and listening communication skills, with the ability to engage effectively across all levels of the organization.
• Strong analytical, problem‑solving, and decision‑making skills, with the ability to manage multiple priorities and workstreams simultaneously.
• Demonstrated ability to build and maintain effective working relationships with internal and external stakeholders.
• High degree of integrity, judgment, and objectivity when balancing business objectives with risk and compliance considerations.
• Proficiency with Microsoft Office applications and strong general computer skills.
• Exceptional attention to detail and organizational skills.
• Ability to work independently as well as collaboratively within cross‑functional teams.
• Flexibility and adaptability in a dynamic and changing environment.

Responsibilities

• Triage, scope, and respond to branch office privacy and data incidents, coordinating with Compliance, Information Security, Legal, and business stakeholders.
• Perform privacy and breach analysis of incidents and determine notification obligations under GLBA, Regulation S‑P, and applicable state privacy laws.
• Draft and support delivery of client, consumer, and regulatory breach notifications, when required.
• Monitor and respond to the firm’s Privacy inbox, serving as the lead for privacy-related inquiries.
• Respond to privacy-specific consumer complaints, coordinating with Compliance if appropriate.
• Maintain documentation and evidence to support defensible privacy decision-making.
• Maintain and fulfill privacy and data subject access rights requests, including requests under Regulation S‑P and applicable state privacy laws.
• Coordinate request intake, validation, scoping, response preparation, and tracking within required timeframes.
• Help operationalize privacy obligations under GLBA, SEC Regulation S‑P, CPRA/CCPA and other state privacy laws, and related regulatory guidance.
• Support responses to SEC, FINRA, and state regulatory examinations, internal audits, and compliance reviews involving data protection and privacy controls.
• Support critical privacy functions, including privacy by design, privacy impact assessments (PIAs/DPIAs), and risk assessments for new systems, vendors, and initiatives.
• Participate directly in privacy-related strategic initiatives, including enhancements to privacy governance, advisor oversight, vendor risk management, and emerging technology controls.
• Perform other duties as assigned in support of the enterprise privacy program.

Benefits

• health
• vision
• dental insurance
• 401k
• paid time away
• volunteer days
• annual performance bonus