GRC Privacy Senior Analyst

Role: GRC Privacy Senior Analyst


Job Summary

We are seeking a highly skilled Data Privacy & Governance Specialist to support enterprise privacy, compliance, and risk management initiatives. This role will be responsible for managing Privacy Impact Assessments (PIAs), Records of Processing (RoPs), Cookie governance and categorization, and supporting Data Subject Requests (DSRs) in compliance with global privacy regulations. Experience with risk assessments and familiarity with PCI, CMMC, and/or SWIFT audits is strongly preferred.


Key Responsibilities

· Conduct and maintain Privacy Impact Assessments (PIAs) and Data Protection Impact Assessments (DPIAs) for new and existing systems, products, and services.
· Develop, maintain, and govern Records of Processing (RoPs) in alignment with GDPR and other global data protection regulations.
· Implement and manage cookie governance and cookie categorization, ensuring compliance with consent management and regulatory requirements.
· Coordinate, track, and fulfill Data Subject Requests (DSRs) including access, deletion, rectification, and portability requests within regulatory timelines.
· Perform and support privacy, security, and compliance risk assessments, including gap analyses and remediation planning.
· Collaborate with Legal, Security, IT, Compliance, and business stakeholders to embed privacy-by-design and privacy-by-default principles.
· Support internal and external audits, demonstrating awareness or hands-on experience with PCI DSS, CMMC, and/or SWIFT audit requirements.
· Maintain privacy documentation, policies, procedures, and governance frameworks.
· Monitor regulatory changes and assess their impact on organizational privacy and data handling practices.


Required Qualifications

· Bachelor’s degree in Information Security, Law, Compliance, Information Systems, or a related field—or equivalent experience.
· Hands-on experience with PIAs, RoPs, and DSRs in an enterprise environment.
· Strong understanding of global privacy regulations (e.g., GDPR, CCPA/CPRA).
· Experience or working knowledge of cookie management platforms and cookie categorization frameworks.
· Demonstrated experience performing risk assessments related to data protection, privacy, or information security.
· Ability to translate regulatory requirements into practical, operational controls.


Preferred / Nice-to-Have Skills

· Experience supporting or participating in PCI DSS, CMMC, or SWIFT audits.
· Familiarity with GRC tools (e.g., OneTrust, ServiceNow GRC, Archer, TrustArc).
· Relevant certifications such as CIPP/E, CIPP/US, CIPM, CISSP, or CRISC.
· Strong documentation, communication, and stakeholder management skills.