Data Governance Privacy Analyst

The Enterprise Data Governance Privacy Analyst supports the Enterprise Data Governance program by embedding privacyaware practices into existing processes and integrating privacy considerations into enterprise data management. This role emphasizes data visibility, classification, lifecycle governance, and responsible data use to ensure privacy requirements are consistently incorporated into governance activities.

Working closely with Risk & Compliance, Information Security, Legal, and Technology teams, the analyst helps operationalize privacy requirements through core data governance practices, including data mapping, classification, stewardship, and metadata management. This position contributes to the organization's broader privacy and risk management objectives by increasing transparency into how data is collected, used, stored, and shared across the enterprise.

Duties and Responsibilities

• Provide guidance and consultation on Enterprise Data Governance privacy initiatives by serving as a subject matter expert (SME) to the enterprise.
• Maintain an active inventory of applicable federal, state, and local privacy laws and other regulations impacting Data Governance processes.
• Review data lineage and analyze data flows, data usage, and data lifecycle processes to support the integrity of the Enterprise Data Governance Program.
• Partner with Lines of Business to review and complete data mapping, lineage tracking, data classification, and asset profiling activities.
• Collaborate with Cybersecurity, Network Operations, Compliance, and Vendor Risk teams to support privacybydesign practices.
• Develop bestpractice guidelines to ensure appropriate privacy controls are implemented for sensitive and restricted data across cloud and onpremises environments.
• Partner with the Chief Data Officer and the Data Steward Program to embed privacy standards across enterprise systems, applications, projects, and operational processes.
• Draft, maintain, and update data governance privacy policies, procedures, and standards that support the Enterprise Data Governance Program.
• Develop privacy reporting dashboards and metrics to monitor compliance and measure program maturity.
• Monitor regulatory developments and evolving privacy frameworks to support ongoing organizational compliance.
• Support Data Loss Prevention (DLP) initiatives in coordination with Cybersecurity teams, with a focus on data classification and sensitivity labels.
• Assist with privacy program reporting and the preparation of executivelevel presentations for leadership and governance committees.
• Maintain documentation related to privacy compliance activities, assessments, and risk mitigation efforts.

Experience Requirements

3-5 years of experience in a data privacy, compliance, or data governance role, preferably within the financial services industry or another highly regulated environment.

• 3-5 years of experience using Informatica, Purview, or a data catalog to support data classification, sensitivity labeling, retention codes, data mapping, and data lineage within an Enterprise Data or Information Governance program (preferred).
• Demonstrated knowledge of data privacy regulations and frameworks, including U.S. state privacy laws, GDPR concepts, and industry regulatory expectations.
• Experience implementing privacy controls across the data lifecycle, including collection, storage, use, sharing, and deletion.
• Experience supporting Data Subject Access Request (DSAR) processes and privacy request workflows.
• Intermediate experience working with relational databases and the ability to use SQL queries.
• Experience with data classification frameworks and sensitive data identification.
• Proficiency with Microsoft Office tools, including Excel, PowerPoint, and Word.
• Working knowledge of how enterprise applications, infrastructure, and architecture influence data privacy risk.

Educational Requirements

Bachelor's degree in Data Science, Analytics, Information Systems, MIS, Cybersecurity, or a related field preferred.

• Equivalent experience in Records and Information Management (RIM), Information Management (IM), or Information Governance (IG) may be considered in lieu of formal education.
• Preferred certifications such as CIPM, CIPT, CDPSE, IAPP, IGP, CIPP, CDPSE, CISSP, CDPO, CDP, AIGP, AIGP-AI, CIPPE, CIPPA, CIPPC, CDMP, CRISC, or similar data privacy or data security certification.