JOIN
OUR
TEAM

Allendevaux & Company is seeking a hardworking and motivated individual to join the data protection team. As a data protection analyst, the role is an exciting opportunity to build policies, practice and procedures to support the data protection programmes of several multinational companies. You will be an integral player in helping customers prepare for and undergo audit, maintain ISMS programmes, assist with data subject requests, provide updates regarding legislative and regulatory changes, perform risk assessments and more.

 

The role will report directly to a senior partner at the firm. Due to the pandemic, this is a teleworking role supported by daily meeting participation over videoconference. Normally travel is customary to support onsite audit, but nearly all travel has been suspended as of this writing.

 

Personal Characteristics and Skills

 

• Adaptable, welcomes change, comfortable as a self-starter.

• Comfortable with ambiguities that need problem-solving.

• Effectively educates, evangelizes, and promotes data protection best practices.

• Firmly understands impact of global data protection requirements.

• Comfortable with HR and marketing data protection practices.

• Drives programmatic goals while building close relationships with business partners.

• Organized, responsive, and persistent with good follow-through; customer service oriented.

• Demonstrates initiative, passion, and resourcefulness.

• Maintains a strong work ethic and a high degree of accountability.

• Effectively balances competing priorities in a rapidly growing, fast-paced environment.

• Passionate about data protection and building a culture of data protection.

• Maintains a sense of humor.

 

Responsibilities

​

• As a Privacy Analyst on the data protection team, you will:

• Analyze and evaluate compliance with relevant data protection regulations, standards, and frameworks (e.g ISO/IEC 27001, ISO/IEC 27017, ISO/IEC 27018) to help ensure customers continue to embrace best-in-class practices.

• Assist with breach processes and facilitate breach notifications.

• Develop, maintain, and evolve privacy programs to manage privacy inquiries and requests for access to personal information internally and externally.

• Review marketing and HR data collection practices and help embed in them Privacy by Design principles.

• Maintain GDPR Article 30 Records of Processing.

• Assist with the administration of data processing agreements (DPA), standard contractual clauses (SCCs) and BCR process for the transfer of personal data.

• Participate in ISO/IEC 27001 audit prep, internal audit and external third-party audit.

• Conduct supplier vetting activities.

• Maintain asset registers.

• Facilitate management security review meetings.

• Monitor and maintain effective measures of controls.

• Interface with the cybersecurity team in their role of conducting vulnerability scanning and penetration testing.

• Assist with security and compliance questionnaires.

• Help monitor data collection practices, investigate and document how data is shared within an organisation’s ecosystem, and maintain data protection policies.

• Conduct data protection impact assessments (DPIAs) for new and existing processes, services, and applications.

• Assist with overseeing and appropriately responding to internal/external audits of data protection processes and procedures.

• Intake, triage, and analyze reported data protection incidents to ensure appropriate escalation to the team for rapid response and remediation.

• Support the integration of acquired companies and technologies through data protection due diligence.

• Advise on complex data protection best practices through consistent analysis, feedback, and follow-through with internal business partners.

• Support the development of data protection infrastructure and process automation across the enterprise.

• Develop data protection awareness campaigns and training programs.

• Represent the team in day-to-day activities across business, legal, and technology business partners.

​

Minimum Qualifications

​

• Bachelor’s degree; Advanced degree is desirable.

• 5-8 years professional experience in a role involving privacy compliance.

• Must have privacy or security certifications (e.g. CISSP, CIPP, CIPT, or CIPM).

• Deep knowledge of global data protection laws, standards, and associated frameworks (e.g. GDPR, CCPA, HIPAA, and others).

• Strong track record of working collaboratively with cross-functional business partners.

• History of managing privacy programs relating to web, advertising, and analytics technologies and practices (e.g. cookies and other tracking technologies).

• Expresses complex ideas in easily understandable ways.

• Strong technical understanding of data ecosystems and the technology that powers them.

• Demonstrated ability to analyze sophisticated privacy and security concepts and apply them to real-world situations.

• Comfort influencing business leaders in the promotion of consistent practices and policy.

• Experience working with legal, marketing, HR, IT, product, and security teams.

 

Preferred Qualifications

​

• Legal academic and professional background.

• Sophisticated skills with Microsoft Office and G-Suite.

• Familiarity with privacy program management tools (e.g. OneTrust or Nymity).

• Knowledge of data related initiatives such as ingestion, report and dashboard creation, and web analytics.

• Strong command and certification in ISO/IEC 27001.

• Strong competence in ISO/IEC 27005, ISO/IEC 27032, ISO/IEC 27004

 

We value diversity at our company. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, or any other applicable legally protected characteristics in the location in which you are applying.