Senior Data Privacy & Governance Analyst

Alliant Insurance is hiring a Senior Data Privacy & Governance Analyst!

SUMMARY: Responsible for working with leadership to develop, implement, and administer Alliant's global data privacy and governance strategies and compliance program while enabling the use of data to foster innovation, growth, achievement of Alliant's strategic goals, and the ability to do business anywhere and anytime. Establish goals, create policies and implement procedures (including enforcement measures), and enterprise-wide staff education at all levels. Collaborate with Alliant's internal and external legal teams and consultants to ensure that practices are in accordance with all applicable laws. Join Alliant's Data Privacy and Security Governance Committee, including its annual committee summit and desk-top drills, and company-wide annual data privacy and security awareness week. Works on oversight and compliance of all data privacy frameworks with regard to applicable laws and regulations such as GDPR, HIPAA, CCPA, or any other similar statutory scheme.

This is a remote role with traveling up to 3 times a year.

ESSENTIAL DUTIES AND RESPONSIBILITIES

• Handles Incident response and investigations to meet all regulatory requirements and reduce risk to Alliant and its partners.
• Works with Alliant's leadership and business stakeholders, including Marketing, Legal, Risk Management, and divisional operations groups to support Alliant's commitment to ensuring the privacy of its customers and employees.
• Partners with Alliant's IT department executive leadership to ensure data protection measures meet regulatory requirements.
• Creates internal compliance controls and monitors adherence to them.
• Delivers guidance to ensure internal data collections are consistent with Alliant's data privacy policies as well as applicable laws.
• Performs regular compliance audits, identifies data use, storage, and/or transmission issues and risks, recommends solutions, and manages investigations of data security incidents or events, including any remediation.
• Works on Privacy and Security services and functions, such as Incident Response, Enterprise Training, Data Privacy Impact Assessments, and Data Subject Access Requests.
• Helps to deliver enterprise-wide training on relevant data privacy regulations and Alliant's policies and procedures, including administration of Alliant's annual Data Privacy & Security Awareness Week.
• Attends and helps plan Alliant's annual data privacy and security summit, to include a desk-top drill to test Alliant's data security incident responses for a variety of situations, training on new or changed requirements, and reviews of relevant data privacy and security policies/processes.
• Works with Alliant's Vendor Management team to identify and develop streamlined processes to assess risk for the use of any vendor or outsourced service under Alliant's Vendor Management Policy.
• Participates in meetings with managers to ensure privacy by design at all levels.
• Serves as Alliant's DPO, HIPAA Privacy Officer, or other similar statutorily-required position, and communicate with country, federal, and state regulators/supervisor authorities, as needed.
• Serves as primary point of contact for any internal or external requests pertaining to data privacy.
• Works with Alliant's IT team to develop a streamlined process to respond to data privacy and security questions from clients, prospective clients, and other organizations requesting this information.
• Acts as subject matter expert for all data privacy related tools and applications.

QUALIFICATIONS

• EDUCATION / EXPERIENCE: Bachelor's Degree in computer science, law, information technology, business administration or related field, or equivalent combination of education and experience
• Five (5) or more years of progressive work experience leading a data privacy and governance function within a large organization

SKILLS

• Knowledge of current domestic and international data protection and privacy legislation such as CAN-SPAM, CCPA, HIPAA, GDPR, PIPEDA, etc.
• Excellent verbal and written communication skills, including ability to message the importance of data privacy as a business differentiator and core value, in addition to a legal requirement
• Excellent problem solving, analytical, research, time management skills, and adapt to changing legal landscape or business needs
• Strong interpersonal skills to maintain good working relationships
• Understanding of the role that privacy has in supporting commercial and marketing activities in a larger enterprise
• Ability to build relationships across large and complex organizations
• Ability to develop and adjust policies and procedures based on risks, regulatory requirements, and business needs
• Ability to create high quality presentations and communicate complex subjects to all levels of the organization
• Ability to remain impartial and report all issues of non-compliance
• Proficient in Microsoft Office Products