Summary of This Role

The Analyst, Data Security and Privacy role is an exciting opportunity to bring about data driven transformation and drive execution of enterprise-wide governance and management of data assets.
As a member of the Enterprise Data & AI Governance (EDAiG) program, the Analyst, Data Security and Privacy role is responsible for executing data asset management standards and driving adoption of the data asset management framework, with an emphasis on working with enterprise, data, and business stakeholders to identify and highlight where sensitive data exists within the organization. The Analyst will leverage tools and collaborate with Information Security to provide visibility into on-premises and cloud-hosted data stores, classify data, and validate security controls in-place to secure data at-rest. The Analyst will also collaborate with Privacy to confirm where personal data is stored/processed, determine data subject categorization, capture business purpose/need associated with processing activities, and implement data minimization practices (i.e., retention and destruction).
The Analyst will also lead the implementation of the enterprise Issue Management Standard on behalf of the EDAiG program for identified data risk and issues. The Analyst will coordinate with business, data, and risk stakeholders to execute issue management processes, including identification, intake, analysis, prioritization, remediation/acceptance, and closure of identified gaps. The Analyst is a visible role across the enterprise, engaging with business, technology, and corporate functions to define and document data requirements, collect artifacts and streamline practices, research and curate documentation, and implement process improvements.

What Part Will You Play?

• Assist the EDAiG program in working with Information Security, Privacy, Data Owners/Stewards/Custodians, Risk, Compliance, IT, Legal, Internal Audit, and business stakeholders to ensure data security and privacy requirements are implemented and enforced consistently for structured and unstructured data throughout GPN’s on-premise and cloud environments.
• Employ data discovery tools (specifically Informatica Enterprise Data Catalog, Data Quality, and Axon) to identify sensitive data, ensure implementation of GPN’s Data Classification Standard, validate protection of sensitive data at-rest, and capture sensitive data locations and business usage.
• Engage with Privacy, Data Stewards/Custodians, and business stakeholders to validate where personal data is stored/processed, capture business purpose/need, maintain sensitive data inventories, and ensure data use assessments in OneTrust accurately reflect current business processing activities and applicable data subjects.
• Engage with Data Stewards, IT, Information Security, and Enterprise Architecture stakeholders to ensure organizational inventories accurately capture data asset deployment information, hosting locations, and SaaS/PaaS/IaaS usage.
• Assist the EDAiG program in working with Information Security, Privacy, Data Owners/Stewards/Custodians, Risk, Compliance, IT, Legal, Internal Audit, and business stakeholders to inventory, prioritize, manage, remediate, and monitor data risks and issues.
• Serve as the EDAiG program’s primary representative for intake, classification, and rating of data risks and issues identified via assessments, EDAiG technology (e.g., sensitive data discovery scans), the enterprise Self-Identified Risk Process, and other risk management activities.
• Support the initial review and vetting of newly discovered data quality issues (e.g., identified via data quality rules, checks, and assessments), including working with Business Unit Data Stewards, EDAiG team members, and associated business stakeholders to determine the appropriate prioritization, rating, and system for entry/tracking (e.g., Jira, Rally, Archer, etc.).
• Manage the documentation of identified data risk and issues within RSA Archer as the Issue Author, including entering initial/known issue date, assigning issue/remediation/acceptance ownership, and populating other necessary metadata (i.e., source, description, risk, business unit, related assets and processes, etc.) in the Issue record and associated Remediation or Acceptance records.
• Provide oversight of data risk and issues within RSA Archer by obtaining/reviewing initial treatment plans, monitoring remediation status and requesting updates, monitoring risk acceptances approaching expiration and initiating the extension process, and approving risk acceptances and extensions.
• Work with Issue Owners, Remediation Plan Owners, Remediation SMEs, and EDAiG team members to approve the closure of risk acceptances, confirming issue remediation, and approving issue closure.
• Work with BU team and EDAiG leadership to define and provide key metrics for reporting, escalation, and communication of data risk and issue status, remediation timelines, and aging/overdue remediation/acceptance plans, milestones, and due dates.
• Work collaboratively as part of the EDAiG team to improve data documentation and drive continuous improvement of the data governance process, with a specific focus and emphasis on data risk and issue management.
• Participate in risk and issue management forums, working groups, and intake review cadences to ensure appropriate implementation of and adherence to the enterprise Issue Management Standard.

What Are We Looking For in This Role?

Minimum Qualifications

• Bachelor’s Degree in Computer Science, Management Information Systems, or equivalent combination of education and applicable job experience
• 2+ years of experience supporting and executing enterprise risk management, data governance, privacy, and/or information security processes and procedures.
• 2+ years of experience working in a complex technology-driven business and cross-functional environment supporting and executing issue management processes and procedures.
• Experience working with Governance, Risk, and compliance (GRC) tools, in particular RSA Archer, and Agile methodology/operations tools, such as Jira and Rally.
• Experience moving technical or business driven projects from inception to delivery, including tracking of action plans, milestones, deliverables and completion dates.
• Experience creating, maintaining, and tracking metrics, KPIs, and KRIs, including dashboarding with data visualization tools.
• Strong team-oriented interpersonal skills, with the ability to interface effectively with a broad range of stakeholders (i.e., internal/external business, technology, risk, and data governance teams).
• Analytical and problem-solving skills to examine identified risks and issues and relate them to appropriate enterprise policies, standards, and requirements.
• Excellent presentation, persuasion, written, and interpersonal skills, including procedure and technical materials and presentations.
• Ability to understand and synthesize technical details and processes in order to produce clear summaries for communication and reporting across multiple stakeholder and leadership groups.
• Ability to contribute and collaborate as a team member while working proactively and independently.
• Ability to act as an ambassador for the organization’s data and risk culture.

Preferred Qualifications

• 2+ years of experience in a financial institution setting and/or within the payment industry.
• Experience with data management/data governance practices and approaches, including a keen understanding of the role of data governance in successful implementation of data strategy.
• Experience with complex data management engagements and use of data governance tools, specifically Informatica Axon, Enterprise Data Catalog, and Data Quality.
• Knowledge of Information Security principles, as well as data privacy and protection regulatory requirements.
• Knowledge of information and data risk concepts, including data privacy/security safeguarding methods, and ability to relate business needs to data protection controls.
• Experience with data governance, data quality, and data discovery tools (e.g., Informatica).

What Are Our Desired Skills and Capabilities?

• Skills / Knowledge - A seasoned, experienced professional with a full understanding of area of specialization; resolves a wide range of issues in creative ways. This job is the fully qualified, career-oriented, journey-level position.
• Job Complexity - Works on problems of diverse scope where analysis of data requires evaluation of identifiable factors. Demonstrates good judgment in selecting methods and techniques for obtaining solutions. Networks with senior internal and external personnel in own area of expertise.
• Supervision - Normally receives little instruction on day-to-day work, general instructions on new assignments.