Position: Data Privacy & Regulatory Compliance Analyst
Location: REMOTE any time zone
Term: 3 Months
Data Privacy & Regulatory Compliance Analyst
Reporting to the Manager, Data Privacy & Regulatory Compliance, this position is part of the company's Global Information Security organization. The Data Privacy & Regulatory Compliance Analyst is a vital role in supporting the Data Privacy program and regulatory initiatives. This position involves working with teams across the organization to understand and assess Data Privacy and access regulatory compliance requirements impacting Realogy.
This role will assist in the facilitation of the organizations compliance regulatory requirements, such as but not limited to General Data Protection Regulation (GDPR), New York Department of Financial Services (NYDFS), Payment Card Industry-Data Security Standards (PCI-DSS), Health Insurance Portability and Accountability (HIPAA), and state Consumer Privacy Acts. Moreover, this role will be required to support Data Privacy governance processes and necessary elements involved with the execution, control management, program management & provide independent assurance.
* Assist in the annual review of Compliance and Privacy programs include process and standards, policy and policy review, audit calendar and other annual requirements as needed.
* Conducts Privacy Impact Assessments of identified applications and/or business processes identified as in-scope for Data Privacy, the company's Information Security Standards and various Regulations, including but not limited to development and completion of action plans to address findings/observations.
* Participates in developing and implementing action plans to maintain compliance with internal and external regulatory bodies.
* Provide guidance during development of internal systems used by the business to ensure appropriate compensating controls are in-place for ongoing compliance.
* Assists in the monitoring and investigations of operational issues relating to compliance matters or items resulting from Data Privacy Impact Assessments.
* Utilizes tools to assess Data Privacy and Regulatory Compliance related matters as it pertains to Realogy and the organizations privacy and compliance requirements.
* Technical acumen to manage and enhance enterprise Data Privacy tools and solutions.
* Assists in the development and provides privacy training and communications to address a variety of privacy issues and programs.
* Assist with the identification of process improvements focusing on continuous improvement to move from manual to automated processes pertaining to security/data privacy controls.
* Provide appropriate reports and updates to GIS management on data privacy matters and assist with the creation/ further development of appropriate tracking metrics.
* Additional responsibilities as required.
* Bachelor's degree in a business-oriented or related discipline, or equivalent experience
* Working knowledge of common IS security regulations and standards, such as ISO/IEC 27001 and 27002, FISMA, the NIST Cybersecurity Framework and NIST Special Security Publications and AICPA SOC2 required.
* Working knowledge of data privacy regulations such as CCPA/CPRA, GDPR, PCI, NY DFS and others
* Three or more years of experience conducting security control assessments or IT audits
* Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), Certified Internal Auditor (CIA), and other applicable certifications a plus.
* Experience in the areas of risk analysis and data privacy compliance, vendor risk assessments, information and application security/controls management, IT security standards and best practices, and privacy and security legislation preferred
* Strong analytical and problem-solving skills, strategic, innovative and creative thinking with ability to assist in developing best practices.
* Strong technical ability and previous server and networking experience preferred.
* Strong networking and relationship management skills are required. This role is forward-facing to many in the organization and at many levels.
* Project Management experience preferred
* Strong verbal and written communication skills with the ability to communicate cybersecurity and data privacy related concepts to a broad range of technical and non-technical (business) internal customers
* Must demonstrate proficiency in the areas of HIPAA, NYDFS, Sarbanes-Oxley, and PCI-DSS controls and other data privacy regulatory standards. International and domestic a plus.
* Ability to work independently and collaboratively, in a team setting.
* A high level of initiative