We are looking for a Senior IT Auditor contractor who will assess and lead the organization in understanding the current risk exposure and identify actions that would be required to remain compliant with programs such as CCPA, CPRA, GDPR, PIPEDA, PCI-DSS, and SOX.
**This position can be a remote opportunity with occasional travel to the headquarters as needed.
Ideal candidates will have experience with interviewing different system owners, creating standardized data mapping and data flows, reporting findings, and recommending process improvements. This is a critical initiative for the entire company and we are looking for someone who takes initiative, builds processes, successfully engages with business stakeholders, and can get up to speed quickly!
- Develop and implement personal data governance enterprise-wide to ensure that the personal data lifecycle is identified, data flows are visualized, and data mapping inventory is maintained.
- Engage with business stakeholders to ensure controls are in place to mitigate privacy risks
- Create privacy and compliance frameworks that include personal information asset inventory management, data subject rights process, training and awareness, and incident response
- Collaborate with Business Directors, System Owners, Managers, and Stakeholders to define expectations including needed security requirements
- Provide accurate and thorough estimates of time and resources necessary to complete security efforts
- Take part in the full software development lifecycle (SDLC): design, development, testing, deployment, and maintaining
- In all phases of the SDLC, able to engage and provide recommendations to experts of cross functional disciplines
- Coach and mentor junior analysts
- 5+ years of experience as a privacy analyst overseeing programs like CCPA, PCI-DSS, and SOX
- 5+ years of experience in data privacy working with teams in a dynamic environment to promote/implement data requirements throughout the organization
- Strong understanding of retail domain
- Experience working in cloud environments and understanding of cloud infrastructure (Google Cloud or Amazon)
- Experience with privacy technologies
- Experience working with on-site and off-site development teams, coordinating work, expectations, and delivery
- Four-year degree in Computer Science or an equivalent combination of course work and job experience
- Extensive knowledge of privacy and compliance requirements (CCPA, CPRA, GDPR, PIPEDA, PCI-DSS, SOX) and new laws/privacy trends, risk assessment and mitigation practices, auditing procedures, and incident response resolution
- Proficient in data analysis, documentation, reporting and project management
- Strong understanding of data elements, data sources, data storage/inventory, data flows/lineage, and data processes
- Experience in data strategy definition, data governance, data privacy, query languages/coding and workflows
- Ability to translate compliance, privacy, audit technical issues into actionable guidance to inform senior technology leadership
Critical Skills & Attributes:
- Possesses and demonstrates curiosity
- Ability to proactively identify opportunities for process and efficiency improvements
- Demonstrates excellent communication skills to both technical and non-technical personnel
- Possess the art of negotiation to drive to end state needs
- Ability to clearly articulate and drive alignment across multiple teams and departments
- Ability to create and describe project estimations with assumptions and risks
- Ability to work in a fast-paced environment while managing multiple responsibilities
- Executes with limited to no supervision; self-motivated and self-directed