Location: North America HQ, Broomfield, CO US
Permanent / Contract: Regular
Job number: 1030527
This is an exciting and challenging opportunity for a dynamic IT Compliance professional who seeks to leverage their existing experience and technical skills to consult and direct Privacy compliance with the ultimate goal of protecting Staples’ associates and customers. Along with getting involved in various projects directly, the Privacy Analyst is the primary point of contact for Privacy Impact Assessments (PIAs). They manage the repository of assessments, conduct privacy assessments, communicate determinations, and produce relevant management reports. This position is an important member of the Information Security Privacy and Compliance (ISPC) team and will work closely with teams all across the enterprise providing Privacy consulting and guidance to ensure effective implementation and adherence to Staples Privacy policies and procedures.
- Ensure project teams are informed of their Privacy responsibilities.
- Guide project teams to ensure projects are delivered in compliance with internal and external Privacy policies, obligations, and regulations.
- Remain informed of new and upcoming legislations that may have an impact on Staples compliance posture.
- Manage the Privacy Impact Assessment (PIA) lifecycle from receipt to closure, including tracking and reporting. This includes significant project management skills to track multiple activities and ensure milestones are met in a timely manner.
- Act as the liaison between the project team and other entities that may need to provide input (e.g., Security, Legal, Risk, etc.).
- Maintain subject matter expertise with regard to applicable regulations pertaining specifically to Privacy (globally) and Data Breach Notifications.
- Participate in industry-related forums and training activities to stay current with Privacy compliance requirements as well as assessment and audit practices.
- Stay informed and aware of enterprise Privacy initiatives and how they may impact company compliance.
- Assist in the evaluation of issue/incident classifications and action plans. Work with the incident response team as well as the business lines to ensure appropriate issue closure and evidence artifacts.
- Provide regulatory risk advice pertaining to Privacy, as well as ongoing information about new and changing landscapes.
- Partner effectively with Staples HR, Legal, Internal Audit, Loss Prevention, and other business teams to ensure effective Privacy requirements are maintained. Ensure timely identification, mitigation, resolution, and reporting/escalation of existing, emerging, and upstream regulatory risks and issues.
- Continually keep up-to-date with changes in the IT and business landscape to evaluate their impacts on Staples’ privacy risks and controls and take a role in providing guidance and recommendations for necessary adjustments.
- Participate in Privacy and Security Awareness Programs as requested including, material preparation and event coordination/execution.
- Escalate compliance issues and updates to senior Security leadership.
- Partner with the Business to review policies, procedures, standards, controls, and tests that meet existing, new or changing regulatory requirements
- Communicate within the team to keep others aware of new trends and ownership and to collaborate on messages and direction.
- Consult with all aspects of Staples (i.e., Corporate, Business Units, SDS, and non-SDS) regarding Privacy impacts and how to remain compliant.
- Establish and cultivate strong working relationships throughout Staples to advance the culture and effectiveness of a synchronized approach to Privacy in respect to current, new, or emerging laws and regulation as well as internal corporate compliance policies and procedures.
- Partner with the Vendor Risk Assessment function to address the risk management of both the project and the vendor.
- Coordinate with other Staples functions to ensure all areas of potential risk are addressed by the appropriate decision makers (e.g., Legal, Security, etc.).
- Collaborate with the Training and Awareness function to continually educate and communicate the messages associated with Privacy compliance.
- Interact with Vendors and other Third Parties to understand and evaluate their services in relationship to the submitted project.
- This is an individual contributor role within the ISPC department.
- Knowledge of other compliance programs also preferred (e.g., PCI, HIPAA, etc.)
- Excellent verbal and written communication skills and the ability to communicate effectively with all levels of management (internal and external).
- Strong time management and project management skills to manage multiple activities over extended periods of time.
- Strong interpersonal skills and the ability to work laterally as well as hierarchically and engage others to achieve success.
- Strong process orientation and ability to develop as well as follow standard processes.
- Results oriented and attention to detail with a keen focus on success and achievement
- Provide oversight as it relates to process & compliance needs.
- Determine, develop and deploy actionable metrics by which success should be measured that focus on the highest risk areas within STAPLES, including:
- Percent of projects, geographies, and business entities completing Privacy Impact Assessments.
- Percent of projects audited against Privacy standards post-implementation.
- Days PIAs Outstanding
- Other measures pertaining to the lifecycle of a PIA and its correlation to the associated vendor assessment.
- Drive closure on integrations which provide process and technology improvements while ensuring effective compliance.
- Actively collaborate across the Staples Compliance team; share information and insight in order to improve reporting and establish a comprehensive view of regulatory risk.
- Work in a collaborative manner to offer support and assistance in compliance-related matters to ensure an open, adequate and effective Privacy culture.
- Establish and cultivate a strong working relationship with the respective teams to advance the culture and effectiveness of a synchronized approach to Privacy in respect of current, new or emerging applicable laws and regulations as well as internal corporate compliance policy and procedures.
Research & Analysis
- Research and analyze compliance trends and industry bench-marking to prepare for and monitor upstream risks and issues.
- In coordination with the rest of the team, identify relevant regulatory updates to report out to management committees and leadership teams.
- Bachelor’s Degree and 3+ years of experience
- 1+ years of Privacy/Compliance/Risk/Audit experience within a large multi-disciplined organization
- Experience working with Archer GRC software.
- Experience with technical and regulatory components related to Privacy;
- Strong written and oral communication skills, as well as collaboration, and technical compliance skills. Should be able to work effectively with others at all levels across the organization;
- Strong working knowledge of the compliance risks associated within an IT Technology and Retail environment as well as experience working in and/or building effective Privacy programs;
- Experience reading and interpreting regulations, laws, and statutes.
- Problem solving skills as well as flexibility and adaptability are of key importance.
- Successful candidate will demonstrate proactive work ethic along with the desire to effect change.
- Member of and certifications from International Association of Privacy Professionals (IAPP) is highly desirable
- Certified Information Privacy Professional (CIPP)
- Certified Information Privacy Manager (CIPM)
- Certified Information Privacy Technologist (CIPT)
- Strong research skills preferred
- Familiarity with Safe Harbor, Privacy Shield, GDPR, MA CMR1700, and OECD Privacy Principles.
Staples is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, protected veteran status, disability, or any other basis protected by federal, state, or local law.
View full post on National Cyber Security Ventures