Senior Privacy & Compliance Analyst

Epson is a global technology leader whose philosophy of efficient, compact, and precise innovation enriches lives and helps create a better world.  The company is focused on solving societal issues through innovations in home and office printing, commercial and industrial printing, manufacturing, visual and lifestyle. 

This is a remote position.
 
The Senior Privacy and Compliance Analyst will be responsible for supporting Privacy and Compliance Strategy Planning for the Americas, which may include the following: 

• Conduct gap analyses and assessment of the privacy program, with a focus on third party risk management.
• Assist in developing a strategic road map to evolve the privacy and third-party risk management programs.
• Ensuring compliance with North and South American privacy and data protection laws and regulations, including:
  • CCPA/CPRA and other US state privacy laws
  • Canada’s PIPEDA and Quebec’s Law 25
  • Mexico’s LFPDPPP
  • Brazil’s LGPD

Principal Accountabilities:
In addition to following Epson's policies and procedures, Principal accountabilities include, but are not limited to:

• Assist with privacy and third-party risk management strategic planning and implementation.
• Enforce policies and procedures related to data protection and third-party risk management.
• Provide regular program status reports and metrics to management.
• Assist with internal and external program audits and assessments.
• Conduct privacy impact assessments (PIAs) to assess and mitigate risks related to processing, transmission, and storage of personally identifiable information (PII).
• Participate in new business initiatives and product development activities to champion privacy-by-design principles and identify and escalate privacy considerations.
• Collaborate with and assist business units to develop corrective action plans for identified privacy compliance issues.
• Continuously monitor the status and effectiveness of privacy controls.
• Ensure privacy-related key risk indicators are effectively monitored to prevent an unacceptable impact on business objectives and reputation.
• Update and re-evaluate the extent to which customer and employee information is collected and shared internally and externally.
• Maintain registry of data stores and processes involving personal data.
• Develop and drive privacy and third-party risk management training and awareness campaigns.
• Respond to data subject requests (DSRs).

What will you bring:

• Completion of an undergraduate program (Pre-law or Computer Science related fields) or equivalent experience.
• At least five (5) years of experience in data privacy and third-party risk management program development and management.
• Privacy Certifications such as:
  • IAPP: CIPP/US, CIPP/C, CIPM, or CIPT
  • ISACA: CDPSE
• Third Party Risk Management Certifications such as:
  • Shared Assessments: CTPRP, CTPRA
  • Third Party Risk Institute: C3PRMP
• Ability to obtain buy-in from key business and technology stakeholders for key data privacy and third-party risk management initiatives.
• Strong program and/or project management skillset with proven experience managing concurrent initiatives.
• Demonstrated ability to understand and articulate the complexity of business processes and develop practical communication plans based upon those needs.
• Prior consulting experience in data protection and/or third-party risk management.
• Proficiency with OneTrust and Navex.
• Excellent communication (verbal and written), facilitation, and interpersonal skills, including the ability to influence across all levels of an organization.
• Inquisitive, adaptive, and agile learner.
• A hands-on practitioner with the ability to shift between operational and strategic mindsets.
• Highly motivated self-starter with the ability to work collaboratively and independently.
• Must be able to work Pacific time zone hours.