Privacy Analyst

About The Position

Requirements

• Bachelor’s degree (foreign equivalent or higher) in Information Systems, Compliance, Legal Studies, Public Policy, Risk Management, or a related field.
• Three (3) years of full-time experience in privacy, compliance, or related field.
• Knowledge of and experience working with privacy regulations and standards (e.g. FERPA, PIPL, HIPAA, GDPR, CCPA, GLBA).
• Experience providing education and training to constituents, including content development and delivery of public speaking presentations.
• Must have, keep and maintain the appropriate valid NYS Driver’s License; have a motor vehicle record which is free from major violations or a pattern of repeat violations. (Out-of-State Applicants, see "Special Notes”).

Nice To Haves

• Master’s degree (foreign equivalent or higher) or an Advanced Certification in a relevant field.
• Professional certifications such as CIPP/US, CIPP/E, CIPM, or equivalent.
• Experience in higher education, healthcare, or research-intensive organizations.
• Familiarity with information security frameworks (e.g. NIST, ISO).

Responsibilities

• Work with the CPO, the Director of Risk Management and Policy Compliance and all policy owners across the enterprise to assess institutional policies, procedures, and operations to ensure compliance with applicable privacy laws, regulations, and best practices.
• Support the development, implementation, and continuous improvement of privacy policies, guidelines, and procedures, while providing feedback and recommendations.
• Monitor changes in privacy regulations and advise the CPO on implications and required actions.
• Respond to general privacy inquiries from employees, students, and third parties; provide accurate information and sound guidance as appropriate.
• Maintain current knowledge of applicable federal, state, and international privacy and other compliance-related laws and accreditation standards.
• Conduct risk assessments to identify potential privacy vulnerabilities.
• Participate in privacy audits, compliance reviews, and mitigation strategies which may include privacy impact assessments (PIAs) for new systems, technologies, and business processes.
• Prepare reports and metrics to inform the CPO and leadership on privacy risks and trends. Assist with the development and management of privacy program metrics, reports, and dashboards, and provide recommendations for program enhancement.
• Work on projects and initiatives with the Data Governance Council on projects and initiatives involving data ownership and transfer, data inventory and mapping, data classification to ensure alignment with privacy policy and regulations etc.
• Coordinate initial and periodic privacy risk assessments and conducts related ongoing compliance monitoring activities in coordination with the university's other compliance and operational assessment functions.
• Support the development and delivery of training programs through various methods and modalities for faculty, staff, and others on privacy policies and best practices.
• Promote a culture of privacy awareness across the University.
• Work collaboratively with the Division of Information Technology, Office of General Counsel, Procurement, OVPR, and other stakeholders on areas with significant privacy components.
• Responsible for drafting content and presentation collateral for the University’s privacy website.
• Assist in investigating and documenting privacy incidents and privacy incident response processes, including review of reported incidents, remediation, process recommendations, and reporting of potential data events and incidents.
• Provide guidance on privacy considerations for new systems, technologies, and data-sharing agreements.
• Collaborate with stakeholders to address privacy issues proactively.
• Other duties or projects as assigned as appropriate to rank and departmental mission.