Privacy Analyst

Privacy Analyst

Chicago, IL (loop)

The Privacy Analyst focuses on the day-to‑day tasks to help build the program. They will be responsible for risk assessments and client privacy impact assessments to be done in coordination with the IT security team. They will consult some of our internal attorneys as a resource who are SME on HIPAA and privacy and be a part of the thinking and decision‑making processes.

Writing or editing policies and ensuring everything is updated.

Internally and externally with vendors, and potentially clients over time.

Supporting investigations and working with PR on communications.

Building rights (access, edit, and deleting) and responding to requests.

• 3+ years of experience in a privacy focused role, ideally as a Privacy Analyst, but any data protection, GRC or other security/compliance role that manages privacy also works.

• IAPP certifications (CIPP/US, CIPP/E, CIPM, CIPT, etc.).

• HIPAA experience.

• GDPR experience.

• Contributes to the implementation of the privacy program and subsequent monitoring.

• Supports the development, maintenance, and revision of policies and procedures for the general operation of the privacy program and related activities across business units.

• Reports, on a regular basis, on the progress of specific tasks related to the privacy program implementation.

• Periodically assists with revisions to the privacy program in light of changes in laws or regulations; develops or revises policies or procedures to reflect industry standards, as directed.

• Contributes to the privacy training and awareness program; develops and presents privacy trainings and tracks compliance to training requirements.

• Engages in third‑party relationship management and helps to review third‑party risk assessments to ensure proper privacy controls are implemented at organizations that the company engages.

• Assists in investigating and responding to reported privacy violations in collaboration with management, legal and human resources.

• Coordinates investigations and acts on matters related to privacy, including internal investigations (e.g., responding to reports of problems of suspected violations) and suggests corrective actions (e.g., making necessary improvements to policies and practices, etc.); maintains a repository of such investigations and their findings.

• Conducts risk assessments (including Privacy Impact Assessments) and analyzes privacy regulations to identify areas for improvement, as needed.

• Responds to requests from data subjects requesting access and/or amendment rights to their data.

• Maintains knowledge of applicable international, federal, state and local regulatory agency guidelines and laws.

• Stays current on privacy topics and seeks out appropriate training, as necessary.