Governance Risk and Compliance Analyst Iii

JOB REQUISITION

Governance Risk and Compliance Analyst III

LOCATION

SAN RAMON

As a Governance Risk & Compliance Analyst III, your specific responsibilities include:

- Work closely with our domestic and international business stakeholders, business and IT management, internal audit and legal counsel to understand business requirements related to security, privacy and regulatory compliance, and to map those requirements to current security, privacy and project requirements with intermediate to complex level needs.
- Ensure the continued adoption, maturity and growth of the following functional areas by adequate planning and sustained execution of required activities:

- Compliance
- Data Privacy (Knowledge of global Privacy laws, and execution of PIAS, TIAs, Data mapping, data flows, etc.)
- Data Lifecycle Management,
- Vendor Management
- Privacy & Security Awareness
- Work with other corporate compliance personnel and the representatives from IT, Enterprise Information Security (EIS), and Global Privacy teams to identify Policies that impact privacy and require intermediate to complex level creation/updates and also process exceptions requested for existing policies. Support Policy awareness and monitoring activities for sustaining adequate privacy compliance.
Act as the liaison between the Global Data Privacy team and EIS, ITSS, Protiviti CIO, CTO, and the RH business partners for any privacy related compliance matters and ensure timely resolution of intermediate to complex issues and initiatives
- Provide guidance to functional teams with the implementation, monitoring, and reporting of privacy control processes, documentation, and compliance measures.
- Execute monthly validations of the Data Mapping, Data Flow Diagrams created for Data Privacy requirements.
- Advance relationships with developers and engineers; leverage influencing skills to help accelerate the continuous integration of privacy design and best practices into our software development lifecycle (SDLC) across all business verticals.
- Promote and manage the communication of best practices for enhanced collaboration amongst privacy ambassadors.
- Identify opportunities for privacy posture improvement and closely partner with EIS organization; provide advice on a broad range of privacy strategies.
- Drive and maintain the efficiency of the program as well as track results; drive the efforts for continued program innovation (e.g. privacy champion initiatives, privacy controls testing, etc.).
- Actively represent and show presence in the organization as a thought leader and program driver for privacy & security awareness and oversight through frequent informative news bytes, providing useful and meaningful metrics on privacy effectiveness/exposures.
- Define and implement an ongoing RHI Risk Management program, which will include facilitating risk decisions from stakeholders, tracking risk remediation efforts, developing risk management metrics, conducting third party privacy assessments and responding to privacy customer RFI questionnaires.
- Evaluate business-related controls for integrating business and information system security and risk mitigation efforts. Develop and implement tools to support automated risk management and compliance efforts.
- Provide information, answers to privacy inquiries

Qualifications:

- Bachelor's Degree (B.A.) or equivalent combination of education and experience in Information Risk Management, Engineering, Management Information Systems or related curriculum
Basic understanding of systems development life cycle methodologies required
- Strong working knowledge of GRC methodologies, risk analytic tools and development of privacy risk metrics required.
- Working knowledge of reviewing and responding to privacy compliance questions in RFIs required.
- Working knowledge of privacy by design, audit, and control methods
- Strong capabilities in gap analysis, review and validation of relevant security, privacy and regulatory requirements.
- Excellent communication, teamwork and client service skills.
- Demonstrated integrity within a professional environment
- Strong working experience interacting with external auditors, management, and internal resources to discuss and address security concerns
- Self learner and ability to work in an agile and cross functional environment.
- Excellent presentation and skills
- Project management skills.
- Results-oriented person who can achieve tangible improvements in the corporate privacy arena.
- Strong multi-tasking and analytical/troubleshooting skills
- Aptitude to prioritize and load balance sensitive projects concurrently
- Strong organizational, time management, decision making, and problem solving skills
Works on problems of diverse scope where analysis of data requires evaluation of identifiable factors. Demonstrates good judgment in selecting methods and techniques for obtaining solutions. Interacts with senior internal and external personnel.
- Normally receives