GRC Privacy Senior Analyst
Posted Today by Rapsys Technologies
Negotiable
Undetermined
Remote
Remote
Summary: The GRC Privacy Senior Analyst role involves managing enterprise privacy, compliance, and risk management initiatives, focusing on Privacy Impact Assessments, Records of Processing, and Data Subject Requests. The position requires a strong understanding of global privacy regulations and experience with risk assessments. The analyst will collaborate with various stakeholders to ensure compliance and support audits related to data protection. This role is essential for embedding privacy principles within the organization.
Key Responsibilities:
- Conduct and maintain Privacy Impact Assessments (PIAs) and Data Protection Impact Assessments (DPIAs) for new and existing systems, products, and services.
- Develop, maintain, and govern Records of Processing (RoPs) in alignment with GDPR and other global data protection regulations.
- Implement and manage cookie governance and cookie categorization, ensuring compliance with consent management and regulatory requirements.
- Coordinate, track, and fulfill Data Subject Requests (DSRs) including access, deletion, rectification, and portability requests within regulatory timelines.
- Perform and support privacy, security, and compliance risk assessments, including gap analyses and remediation planning.
- Collaborate with Legal, Security, IT, Compliance, and business stakeholders to embed privacy-by-design and privacy-by-default principles.
- Support internal and external audits, demonstrating awareness or hands-on experience with PCI DSS, CMMC, and/or SWIFT audit requirements.
- Maintain privacy documentation, policies, procedures, and governance frameworks.
- Monitor regulatory changes and assess their impact on organizational privacy and data handling practices.
Key Skills:
- Bachelor’s degree in Information Security, Law, Compliance, Information Systems, or a related field—or equivalent experience.
- Hands-on experience with PIAs, RoPs, and DSRs in an enterprise environment.
- Strong understanding of global privacy regulations (e.g., GDPR, CCPA/CPRA).
- Experience or working knowledge of cookie management platforms and cookie categorization frameworks.
- Demonstrated experience performing risk assessments related to data protection, privacy, or information security.
- Ability to translate regulatory requirements into practical, operational controls.
Salary (Rate): £60,000 yearly
City: undetermined
Country: undetermined
Working Arrangements: remote
IR35 Status: undetermined
Seniority Level: undetermined
Industry: Other
Role: GRC Privacy Senior Analyst
Job Summary
We are seeking a highly skilled Data Privacy & Governance Specialist to support enterprise privacy, compliance, and risk management initiatives. This role will be responsible for managing Privacy Impact Assessments (PIAs), Records of Processing (RoPs), Cookie governance and categorization, and supporting Data Subject Requests (DSRs) in compliance with global privacy regulations. Experience with risk assessments and familiarity with PCI, CMMC, and/or SWIFT audits is strongly preferred.
Key Responsibilities
· Conduct and maintain Privacy Impact Assessments (PIAs) and Data Protection Impact Assessments (DPIAs) for new and existing systems, products, and services.
· Develop, maintain, and govern Records of Processing (RoPs) in alignment with GDPR and other global data protection regulations.
· Implement and manage cookie governance and cookie categorization, ensuring compliance with consent management and regulatory requirements.
· Coordinate, track, and fulfill Data Subject Requests (DSRs) including access, deletion, rectification, and portability requests within regulatory timelines.
· Perform and support privacy, security, and compliance risk assessments, including gap analyses and remediation planning.
· Collaborate with Legal, Security, IT, Compliance, and business stakeholders to embed privacy-by-design and privacy-by-default principles.
· Support internal and external audits, demonstrating awareness or hands-on experience with PCI DSS, CMMC, and/or SWIFT audit requirements.
· Maintain privacy documentation, policies, procedures, and governance frameworks.
· Monitor regulatory changes and assess their impact on organizational privacy and data handling practices.
Required Qualifications
· Bachelor’s degree in Information Security, Law, Compliance, Information Systems, or a related field—or equivalent experience.
· Hands-on experience with PIAs, RoPs, and DSRs in an enterprise environment.
· Strong understanding of global privacy regulations (e.g., GDPR, CCPA/CPRA).
· Experience or working knowledge of cookie management platforms and cookie categorization frameworks.
· Demonstrated experience performing risk assessments related to data protection, privacy, or information security.
· Ability to translate regulatory requirements into practical, operational controls.
Preferred / Nice-to-Have Skills
· Experience supporting or participating in PCI DSS, CMMC, or SWIFT audits.
· Familiarity with GRC tools (e.g., OneTrust, ServiceNow GRC, Archer, TrustArc).
· Relevant certifications such as CIPP/E, CIPP/US, CIPM, CISSP, or CRISC.
· Strong documentation, communication, and stakeholder management skills.