Privacy Analyst

About The Position

Requirements

• Four (4) years of experience in data privacy, compliance, or a related field.
• Strong understanding of fair information practices as well as data privacy laws and regulations (e.g., HIPAA, PIPEDA, CCPA, GDPR).
• Familiarity with data governance frameworks and privacy-enhancing technologies, including data anonymization and pseudonymization techniques.
• Experience contributing to privacy impact assessments, identifying potential privacy risks, and making recommendations to minimize privacy risks.
• Familiarity with using privacy compliance management platforms (e.g., OneTrust, Smartsheet).
• Strong communication and presentation skills, including the ability to convey complex legal and technical concepts to diverse stakeholder groups across Hub.
• Attention to detail and a methodical approach to work.
• Ability to work independently and as part of a team.
• A commitment to ethical data practices and data privacy principles.

Nice To Haves

• Certified Information Privacy Professional (CIPP), Certified Information Privacy Manager (CIPM), or Certified Information Systems Security Professional (CISSP) certifications are preferred.
• Experience in the insurance and financial sectors is welcome.

Responsibilities

• Privacy Impact Assessments: Conduct and assist in reviewing Privacy Impact Assessments (PIAs) to identify and mitigate potential privacy risks associated with projects, data systems, and activities that involve the processing of personal information across the business. Provide recommendations to minimize risks and promote a privacy-by-design culture among stakeholders.
• Policy Development and Compliance: Support the development, implementation, and regular review of Hub’s privacy policies and procedures to ensure alignment with applicable data privacy laws (e.g., HIPAA, GLBA, PIPEDA state-level consumer privacy laws, and GDPR) Stay informed about changes in privacy regulations and identify areas in Hub’s policies and procedures that must be updated for Hub to remain in legal compliance Collaborate with stakeholders conducting compliance audits of privacy program activities
• Reporting and Metrics: Collect and analyze privacy program metrics to identify trends, measure effectiveness, and support Hub’s continuous efforts to improve the privacy program. Prepare and present to stakeholders, on a regular basis, reports on Hub’s privacy-related work to comply with regulatory requirements.
• Records of Processing Activities: Support data inventory and data mapping activities to ensure that Hub documents the types of personal information collected, processing purposes, storage locations, recipients, and retention periods.
• Data Subject Access Rights (DSAR) Requests: Counsel stakeholders on how to handle privacy inquiries, complaints, and opt-out requests from consumers. Support efforts to automate and improve Hub’s DSAR operations.
• Training and Awareness: Assist in developing and delivering privacy training and awareness programs to help employees understand (a) their roles in protecting personal information, (b) best practices when handing personal information, and (c) data breach response procedures.
• Vendor and Third-Party Management: Collaborate with Hub’s risk management stakeholders in their due diligence investigations into whether to privacy-related policies and procedures of service providers and third parties align with Hub’s privacy standards.
• Collaboration and Counseling: Work closely with legal, IT, security, marketing, and other departments and business lines to ensure data protection measures are (a) aligned with Hub’s privacy program guidelines and (b) effectively integrated into business processes and technology platforms. Provide advice on privacy best practice, including areas where consumer rights and privacy practices intersect.
• Manage Privacy Impacts of Security Incidents: Collaborate with incident response stakeholders and investigation of incidents involving personal information; create records outlining Hub’s compliance with data breach notification and other privacy-related obligations for analysis by counsel (e.g. interviewing individuals involved in an incident to determine what data was impacted).
• Administrative Tasks: Perform other administrative tasks as needed to support Hub’s privacy program.

Benefits

• health/dental/vision/life/disability insurance
• FSA, HSA and 401(k) accounts
• paid-time-off benefits such as vacation, sick, and personal days
• eligible bonuses, equity and commissions for some positions