Privacy Analyst

What you'll do

• Own the end-to-end Privacy Incident Management program, including notification workflows, escalation paths, process documentation, responder enablement, and automation opportunities.
• Lead privacy incident response as the DRI and Incident Commander, coordinating across Privacy, Privacy Legal, CSIRT, Product, Engineering, and Communications to drive analysis, remediation, and follow-through.
• Maintain on-call readiness to support privacy incident triage, severity classification, and urgent escalations, ensuring incidents are correctly assessed and routed.
• Drive privacy incident retrospectives, track resulting remediation items and control gaps, and deliver incident metrics and reporting covering trends, remediation status, and process health.
• Build and maintain strong cross-functional and cross-geography stakeholder relationships to improve readiness, response quality, and business accountability.
• Support broader Privacy initiatives during lower-volume periods, including cross-functional efforts, tooling development, and automation projects.

Required Skills and Experience

• 3+ years of experience in privacy, security, incident response, technology risk, or a related operational risk function, including direct experience leading or supporting incident, issue, or risk workflows requiring structured analysis, documentation, and cross-functional coordination.
• Strong incident management skills with experience communicating privacy risk and incident findings to both technical and non-technical audiences, including producing written incident analyses, retrospective documentation, and executive-level summaries.
• Proven track record of leading technical investigations within cloud-native architectures, with hands-on proficiency in SQL, Python, and data analysis tools (e.g., Postgres, MongoDB, Airflow, Looker, Snowflake).
• Demonstrated experience building automation to reduce manual operational tasks and improve incident response efficiency.
• Working knowledge of privacy regulations and frameworks (e.g., GDPR, CCPA, PIPEDA, ePrivacy, DPIAs/PIAs, ROPA, data subject rights), privacy controls, and privacy issue management.
• Utilizes and builds generative AI responsibly, maintaining human oversight to deliver business-ready outputs and drive measurable improvements in workflow efficiency, cost, and quality.