IT Data Privacy, Risk, and Compliance Analyst

LaSalle Network is currently partnering with a client that is seeking an

IT Data privacy, Risk and Compliance Analyst. This is a hands-on position that involves working directly with IT and Business users. The individual in this position will take on a wide range of responsibilities in data privacy, vendor due diligence, security educational awareness, business continuity and IT risk management. This is a 6-month contract (possibilities for extension).

IT Data privacy, Risk and Compliance Analyst Responsibilities:Data Privacy:

• Responsible for designing, implementing, and maintaining IT privacy policies and procedures
• Monitor and identify for gaps with existing Company procedures and privacy-based requirements
• Monitor for the continuous adherence to the Company's Privacy Program's requirements
• Maintain the Company's personal data inventory
• Analyze and assess privacy considerations and risks for new and existing technology.
• Monitor and coordinate rights requests
• Ensure all externally facing web sites meet Compliance requirements as it relates to tracking personal data
• Coordinate third-party assessments of the Company's Privacy program
• Work with vendors to implement, validate and comply with privacy provisions as required by data protection laws and the Company's applicable policies and procedures, including those described in the Code of Ethics and Regulatory Compliance Manual, any privacy notices and/or any other IT-related policies and procedures

Vendor Due Diligence:

• Maintain the Company's Vendor Due Diligence policy
• Lead the Company's efforts with initial and ongoing vendor due diligence
• Coordinate the classification and tiering of vendors
• Coordinate updates associated with the Company's vendor management list tracking system
• Work with the CTO and Compliance to identify and select vendors for annual due diligence reviews
• Maintain the Company's Vendor Management system
• Evaluate and select questions appropriate for vendor due diligence reviews
• Review due diligence related questionnaires and perform vendor assessments\
• Document and review all vendor security breaches and report findings and analysis
• Responsible for making sure the Company complies with the Privacy Checklist for third-party agreements
• Ensure vendor incident response plans address contractual breach notification requirements

Security Training and Educational Awareness:

• Manages and leads cybersecurity awareness training
• Design, plan and execute ongoing phishing simulations
• Coordinate information security simulations of the Company's security incident response plan within IT
• Business Continuity and Disaster Recovery (BC/DR)
• Coordinate with Compliance and IT to ensure BC/DR requirements are met
• Coordinate updates to business-based BC/DR plans. (small piece of the role; 1-2 times per year)
• Assist with the planning and coordination of tabletop exercises
• Partner with the business to define and update internal recovery point and recovery time objectives
• Partner with third party technology providers to ensure recovery points and objectives are met

IT Risk Management:

• Facilitate quarterly access reviews for applications with sensitive data
• Ensure completion of periodic IT operational responsibilities
• Perform ongoing internal IT testing of technology controls
• Ensure IT complies with various requirements defined in the Company's Information Security Policy
• Partner with IT team members to capture and document cybersecurity related risks
• Perform gap assessments between existing capabilities and desired capabilities based on Compliance or other required standards
• Coordinate reporting on security incidents related to users, computers, servers, and vendors

IT Data privacy, Risk and Compliance Analyst Requirements: The ideal experience and critical competencies for the role include the following:

• At least 3 to 5 years' experience in IT risk and IT compliance related roles
• Effective at managing multiple projects and shifting priorities to meet business needs
• Experience gathering and interpreting risks and associated impacts
• Understanding of various risk and security certifications and attestations
• Familiarity with vendor management and governance concepts
• Experience with compliance and security auditing
• An appreciation and dedication to details
• Self-driven and able to thrive in a fast-paced environment
• Excellent verbal and written communication skills
• Financial services, or other regulated industry experience helpful

If you have the experience listed above, possess a great attitude and are looking for a long-term opportunity with a stable and established employer, this is the role for you! If you are interested in learning more, please apply today! Thank you,Branden Luna Technology Services LaSalle Network

Keywords and Related Terms: data privacy, Risk, Compliance, governance, infosec, security LaSalle Network is an Equal Opportunity Employer m/f/d/v.LaSalle Network is the leading provider of professional staffing and recruiting services. LaSalle has worked with more than 10,000 companies, ranging from Fortune 500s to start ups. With units specializing in accounting and finance, administrative, marketing, executive search, technology, supply chain, healthcare revenue cycle, call center, and human resources, LaSalle serves companies of all sizes and across all industries.