Privacy & Data Security Analyst

Overview

Ready to write your story? Join MoFo as a Privacy & Data Security Analyst on our Information Technology team! This role can be based in San Francisco, Palo Alto, Los Angeles, or San Diego. Office Locations:

The Privacy & Data Security Analyst, aligned with Information Security objectives and firm priorities, is responsible for executing and coordinating day‑to‑day privacy operations embedded within the Information Security function. The Analyst partners closely with the Data Governance Lead and GRC Lead and coordinates with Legal stakeholders for interpretation and approvals where required. The role also ensures client service and satisfaction across all areas of responsibility.

• Operate the Firm’s privacy intake process, including monitoring mailboxes/queues, acknowledging requests, gathering required context, and routing to appropriate reviewers.
• Track requests through completion with clear ownership, timelines, and closure documentation.
• Maintain organized records of requests, decisions, approvals, and supporting evidence for audit and client readiness.
• Escalate novel or high‑risk matters to Info Sec and Legal using defined triggers.
• Coordinate workflow artifacts (DSARs, PIAs, DPIAs, TIAs), ensuring inputs, documentation, approvals, and follow‑ups are completed.

• Support privacy‑by‑design within Security‑by‑Design reviews by gathering key inputs (data categories, purpose, retention, sharing, access).
• Prepare decision‑ready summaries outlining processing context, risk considerations, and required approvals.
• Promote repeatable standards and playbooks to improve consistency and efficiency.

• Coordinate privacy components of vendor onboarding and system changes, emphasizing data minimization, appropriate use, retention, and sharing constraints.
• Partner with Procurement and business stakeholders to gather inputs and document outcomes.
• Maintain review artifacts and track remediation actions to closure.
• Route matters to Legal for review/approval when required.

• Conduct structured data inventory activities using standardized templates.
• Maintain accurate, defensible processing records as systems, vendors, and processes evolve.
• Coordinate documentation and evidence for privacy assessments (including DPIAs).
• Support audits and client inquiries by organizing and presenting privacy documentation.

• Coordinate updates to privacy notices and disclosures, including stakeholder input, version control, and Legal review.
• Maintain repositories of approved language, rationale, and change history.
• Support maintenance of internal privacy guidance (FAQs, templates, standards).

• Coordinate privacy‑related inputs for the Info Sec training program (topics, audiences, review requirements).
• Track training completion and coverage metrics; prepare summary reporting for leadership.
• Coordinate Legal review of training content as needed.

• Support documentation and routing of privacy‑related incidents in coordination with Info Sec.
• Ensure appropriate escalation, tracking, and record retention.
• Maintain incident documentation for audit and regulatory readiness.

• Bachelor’s degree required.
• 3‑5 years of experience in privacy, compliance, governance/risk support, Info Sec/GRC coordination, or a similar operational role.
• Experience managing structured workflows (intake, triage, documentation tracking, and closure) across multiple stakeholders.
• Strong organizational, documentation, and follow‑through skills; able to manage multiple parallel requests and deliverables across stakeholders.
• Clear, concise written communication, including summaries, decision logs, and audit/client‑ready documentation.
• Sound judgment with appropriate escalation of risks or uncertainties; high discretion in handling sensitive information.
• Ability to collaborate effectively…