Senior Privacy & Cybersecurity Governance Analyst (Hybrid - Seattle)

About The Position

Requirements

• 5-7 years of experience in privacy, information security, legal, or compliance roles
• Demonstrated leadership in privacy or security program/project delivery with proven ability to drive initiatives to completion
• Practical experience operationalizing privacy regulations and security frameworks in business environments
• Experience coordinating across multiple stakeholders to achieve comprehensive privacy and security outcomes
• Hands-on experience building or maturing a third-party risk management (TPRM) function, including vendor assessment, risk tiering, and ongoing monitoring
• Bachelor's or Master's degree in Information Technology, Computer Science, Engineering, Information Security, or related field, or equivalent work experience
• IAPP certifications preferred (CIPP/US, CIPM, CIPT, or similar)
• Advanced security certification required (CISSP, CISM, CISA, or equivalent)
• Deep understanding of privacy regulations including U.S. privacy laws (CCPA/CPRA and emerging state privacy laws) and their practical application
• In-depth knowledge of cybersecurity frameworks (NIST CSF, ISO 27001, CIS Controls, SOC 2, PCI DSS) and regulatory environments
• Strong understanding of security controls, risk assessment methodologies, and compliance frameworks
• Expertise in control design, implementation, and effectiveness assessment across multiple security domains
• Demonstrated experience with project management tools (e.g., Jira, Confluence, Smartsheet, or similar) to manage initiative tracking, documentation, and cross-functional collaboration
• Strong communication, leadership, and influence skills with ability to build relationships across all organizational levels
• Effective communicator who can translate complex technical and regulatory requirements into actionable business guidance
• Expert attention to detail, quality, and consistency in program delivery and documentation
• Excellent technical writing and stakeholder communication abilities, including presentation skills
• Proven ability to lead cross-functional initiatives and collaborate across enterprise teams to achieve shared objectives
• Strong bias for results and can operate with autonomy to address bottlenecks, provide escalation management, and encourage behavior to maximize business benefit

Nice To Haves

• Multiple IAPP certifications (CIPP, CIPM, CIPT)
• Multiple security certifications (CISSP, CISM, CISA)
• Governance certifications such as CGEIT or CRISC valued
• Experience with integrated privacy and security control implementations across multiple domains
• Background in developing risk assessment methodologies and frameworks
• Experience with GRC, privacy, and vendor management platforms (e.g., OneTrust, ServiceNow GRC, Onspring) to optimize program delivery
• Knowledge of privacy automation and data governance technologies
• Experience with security architecture governance and design principles
• Background in third-party security risk assessment programs

Responsibilities

• Serve as primary contact and subject matter expert for domain-specific data privacy activities or those within a specific privacy-related area of expertise (e.g., artificial intelligence, consumer credit, marketing)
• Identify emerging privacy threats and trends and advise on strategic initiatives to enhance data protection across the organization
• Evaluate and enhance privacy related risk assessment processes including identifying and anticipating changes in relevant industry and/or regulatory frameworks
• Implement process improvements within their specialized privacy domain, developing standardized approaches and best practices for recurring data privacy assessment scenarios
• Educate stakeholders on data privacy requirements and changes through training sessions, workshops, and consultation to improve organizational privacy awareness and readiness
• Analyze legal and regulatory developments in privacy and assess their business impact, ensuring the organization stays ahead of evolving compliance requirements
• Participate in investigations and remediation of privacy incidents or breaches, supporting incident response coordination and documentation
• Coordinate operational activities across multiple stakeholders including Legal, IT, Security, and Marketing to ensure comprehensive privacy and security input and effective data governance strategies, including owning initiative scoping, workplans, and milestone tracking end-to-end
• Identify and develop advanced risk management frameworks that integrate privacy and security considerations for holistic risk assessment and treatment
• Lead the build-out and operationalization of the Third-Party Risk Management (TPRM) program, including vendor assessment frameworks, risk tiering, intake workflows, and ongoing monitoring
• Evaluate and enhance privacy and security risk assessment processes, identifying and anticipating changes in relevant industry and regulatory frameworks
• Implement process improvements within specialized domains, developing standardized approaches and best practices for recurring assessment scenarios
• Develop integrated privacy and security metrics and reporting, creating dashboards and analytics that provide actionable insights to management and support strategic decision-making
• Represent the privacy and security governance team in cross-functional governance forums, building relationships and serving as a trusted advisor across the enterprise
• Maintain and mature the personal information (PI) inventory, ensuring data maps and records of processing activities (ROPAs) are accurate and sufficient to support DSR fulfillment and privacy compliance obligations
• Support data classification efforts for personal and sensitive data in partnership with IT and data teams, ensuring privacy requirements are reflected in classification taxonomies and handling standards
• Contribute to data minimization and retention reviews, advising on privacy obligations and regulatory requirements that should inform lifecycle decisions owned by data and legal teams
• Support the evaluation of data governance tooling (e.g., Collibra, BigID, OneTrust Data Mapping) where it intersects with privacy use cases such as data discovery, PI identification, and automated inventory management
• Mentor junior analysts by providing guidance on assessment techniques, regulatory interpretation, and organizational privacy and security practices
• Share expertise and best practices to build organizational capability in privacy and cybersecurity governance
• Support the development of team members through coaching on complex privacy and security scenarios

Benefits

• Medical/Vision
• Dental
• Retirement
• Paid Time Away
• Life Insurance
• Disability
• Merchandise Discount
• EAP Resources
• 401k
• Performance-based incentives/bonuses
• Holidays