Information Security & Privacy Compliance Analyst to support our expanding Information Security and Data Privacy deliverables. This role ensures compliance with regulatory requirements, manages risk assessments, and drives audit readiness across security and privacy domains. The position will work closely with internal stakeholders and external vendors to maintain a strong governance posture.
Information Security
- Review and respond to third-party security questionnaires (TISQ).
- Manage quarantined email releases and access requests (Cloud Storage, SFTP, RMD, etc.).
- Track and report cybersecurity training and awareness completion.
- Support security audits and prepare management reports.
- Facilitate implementation of security solutions within the business unit.
- Perform Cybersecurity Risk and Control Self-Assessments (RCSA) and scenario analysis.
- Manage technology and cybersecurity incidents and remediation activities
Data Privacy
- Ensure compliance with local privacy laws and Group Privacy policies.
- Manage privacy incidents, including breach response and regulatory notifications (NPC, Group, Data Subjects).
- Conduct Privacy RCSA and scenario analysis.
- Review and approve Privacy Impact Assessments (PIA) and Sensitive Information Transfers (SIT) in OneTrust and ServiceNow.
- Define/review DLP rules and whitelists.
- Support privacy audits and regulatory assessments.
- Coordinate with Group Privacy Team and participate in privacy roundtables.
- Oversee vendor data protection reviews and annual compliance checks.
Minimum Qualifications
Education Bachelor's degree in Information Technology, Computer Science, or related field
- Knowledge (Certification - Technical, Product, Industry, etc.)- Strong understanding of ISO 27001, NIST, GDPR, and local privacy regulations.
- Experience in risk assessments, audits, and compliance reporting.
- Excellent communication and stakeholder management skills.
- Ability to manage multiple priorities under regulatory deadlines.
- Nice to have: Experience in one or more of the following areas:
- Agile Strategy, Agile Transformation, Agile Operating Model, or
- Lean Software Development Lifecycle.
Years of Relevant Work Experience (State if management experience is required)
- 3- 5 years in Information Security, Data Privacy, or GRC roles.
