Tech Our Way

The Data Privacy Analyst will work within the Cybersecurity function with a focus towards strengthening privacy controls within systems/applications deployed by the organization.
The Data Privacy Analyst will liaise with business and project stakeholders to elicit, analyse, communicate and validate data privacy requirements as a result of changes to business processes and information systems. This position requires an ability to understand and translate data privacy standards into usable business requirements and thereby embed a culture of privacy by design into the organization

Key Responsibilities 
 

• Work across all Technology projects to ensure security and data privacy requirements are fully documented and understood. Ensure all new projects build in the appropriate security controls and measures to comply with the Technology GDPR / Security Stage Gates and standards
• Collaborate with the Legal compliance team on Data Privacy Impact Assessments for high risk data processing activities
• Ensure that all projects follow the PMO gate governance process and complete GDPR / Security impact assessments before going live
• Work with project teams on an ongoing basis supporting them to build in data privacy requirements from the start
• Be a proficient system analyst to analyse privacy gaps in projects / systems & applications and work with the project team to bring them to closure
• Collaborate with business streams, Cyber Team members, Legal team and Operations personnel to advance our Data Privacy programme
• Perform Data Protection assessments / gap analysis and assessing controls across the lifecycle of personal data
• Develop creative ways of embedding Privacy requirements into key operational processes, in a way that allows business stakeholders to clearly understand their compliance duties.
• Support Legal, Compliance, Information Security, and the DPO in performing due diligence and contracting with new third parties. This will involve assessing privacy and information security controls and standards, reviewing and recommending Privacy & Data Protection contractual requirements and coordinating across the business to communicate and remediate risks associated with new third party relationships.
• Work with information gathered from multiple sources, be able to evaluate true security / data privacy impact, ensuring that proposed solution/s are reconciled with all security standards and controls.
• Ensure that the Security and Data Privacy Non-Functional requirements are kept up to date in accordance with Primark’s Policies and Standards

Knowledge & Experience Required:

• 3+ years focused on Information Security / GDPR and a proven track record working on security / privacy projects
• Working knowledge of Privacy & Security principles, techniques and technologies.
• Privacy experience within a retail or regulated environment
• An appropriate degree, equivalent qualification or experience
• A recognised Privacy / security certification is desirable e.g. CIPPE, CIPM, CISM, CISA, CISSP or CRISC
• Knowledge of security tooling is desirable – for example Varonis

Successful candidates will:

• Be a passionate professional able to inspire others to challenge and disrupt the current reality to co-create a compelling technology/cyber security orientated future business by embracing new ways of working and successfully executing new opportunities
• Possess excellent communication and influencing skills with the ability to operate within a pressurised and fast paced environment, delivering results and achieving objectives in line with the agreed parameters.