- The Privacy Analyst collaborates with the Chief Privacy Officer to support the daily operation and ongoing maturity of the Sidley Global Privacy Program consistent with domestic, international and industry privacy standards. The Privacy Analyst is responsible for performing day-to-day privacy activities that support the strategy, design and execution of Sidley’s privacy activities and works with the Chief Privacy Officer to effectively integrate and maintain privacy controls in Sidley’s business operations.
- The Privacy Analyst plays a key role in ensuring that Sidley meets its legal and regulatory obligations across all lines of business, including but not limited to the General Data Protection Regulation and the Health Insurance Portability and Accountability Act.
Duties and Responsibilities:
- Contributes to the implementation of the privacy program and subsequent monitoring.
- Supports the development, maintenance and revision of policies and procedures for the general operation of the privacy program and related activities across Sidley business units.
- Reports, on a regular basis, on the progress of specific tasks related to the privacy program implementation.
- Periodically assists with revisions to the privacy program in light of changes in laws or regulations; develops or revises policies or procedures to reflect industry standards, as directed.
- Contributes to the privacy training and awareness program; develops and presents privacy trainings and tracks compliance to training requirements.
- Engages in third-party relationship management and helps to review third-party risk assessments to ensure proper privacy controls are implemented at organizations that Sidley engages.
- Assists in investigating and responding to reported privacy violations in collaboration with management, legal and human resources.
- Coordinates investigations and acts on matters related to privacy, including internal investigations (e.g., responding to reports of problems of suspected violations) and suggests corrective actions (e.g., making necessary improvements to policies and practices, etc.); maintains a repository of such investigations and their findings.
- Conducts risk assessments (including Privacy Impact Assessments) and analyzes privacy regulations to identify areas for improvement, as needed.
- Responds to requests from data subjects requesting access and/or amendment rights to their data.
- Maintains knowledge of applicable international, federal, state and local regulatory agency guidelines and laws.
- Stays current on privacy topics and seeks out appropriate training, as necessary.
To perform this job successfully, an individual must be able to perform the Duties and Responsibilities (Duties) above satisfactorily and meet the requirements below. The requirements listed below are representative of the minimum knowledge, skill, and/or ability required. Reasonable accommodations will be made to enable individuals with disabilities to perform the essential functions of the job. If you need such an accommodation,
- Bachelor’s degree in business administration, law, finance, accounting, computer science or a related field.
- A minimum of 3 years of experience in privacy, data protection, security, risk management or compliance.
One or more IAPP certifications (CIPP/US, CIPP/E, CIPM, CIPT, etc.)
Other Skills and Abilities:
The following will also be required of the successful candidate:
- Strong organizational skills
- Strong attention to detail
- Good judgment
- Strong interpersonal communication skills
- Strong analytical and problem solving skills
- Able to work harmoniously and effectively with others
- Able to preserve confidentiality and exercise discretion
- Able to work under pressure
- Able to manage multiple projects with competing deadlines and priorities