Senior Privacy and Security Analyst

Summary

Join Rightway Healthcare as a Privacy & Security Analyst and contribute to strengthening our privacy and security assurance capabilities. You will design and execute the company’s privacy roadmap, manage data subject access requests, support privacy impact assessments, and expand GRC tooling. Responsibilities include documenting control activities, assisting with audits, maintaining a repository of security documentation, supporting AI risk and governance controls, conducting vendor risk assessments, collaborating on customer RFPs, and partnering with legal on agreements. The ideal candidate has at least 3 years of experience in a privacy-oriented role in a regulated environment, a CIPP certification or similar, and familiarity with relevant compliance frameworks. A passion for privacy programs and interest in emerging technologies are also desired. The salary range is $105,000-$145,000/yr.

Requirements

• Minimum of 3 years in a heavily Privacy oriented role in a regulated environment
• Maintains a Certified Information Privacy Professional (CIPP) or similar certification
• Familiarity with security/privacy compliance frameworks and regulation (e.g., SOC 2, ISO 27001, NIST, HIPAA, HITRUST NY DFS)
• Experienced with third party risk management broadly and from a privacy perspective
• Experience responding to customer due diligence inquires e.g. Questionnaires
• Strong organizational skills and the ability to manage multiple tasks and deadlines simultaneously
• Passionate advocate for Privacy Programs, believing that these are not merely check box activities, but vital tools that significantly improve privacy posture and protect the organization

Responsibilities

• Contribute to the design and execution of the company’s privacy roadmap, including the rollout of new policies, tooling, and operational workflows
• Design, implement, and oversee processes, procedures, and operational workflows for managing and fulfilling data subject access requests (DSARs) and privacy-related inquiries
• Support the execution and documentation of privacy impact assessments (PIAs) and data protection impact assessments (DPIAs)
• Initiate and expand GRC tooling to provide privacy control coverage and control health monitoring
• Document and track completion of control activities and escalate issues where needed
• Assist with internal and external audits, ensuring timely and complete evidence collection and review
• Maintain and continuously improve a centralized repository of commonly requested security documentation and artifacts (e.g., SOC 2, SIG, CAIQ)
• Support the implementation and operationalization of AI risk and governance controls in alignment with ISO/IEC 42001 and emerging regulatory guidance. Monitor AI systems for compliance with ethical and legal standards
• Conduct initial and periodic vendor risk assessments, ensuring that third parties meet Rightway's privacy, security, and other compliance standards
• Track and follow up on remediation plans and risk treatment for vendor
• Support automation and optimization of the vendor risk assessment lifecycle
• Collaborate with Security GRC Manager to respond to customer privacy and security RFPs, questionnaires and assessments
• Partner with legal on language of BAAs and Data Protection Agreements

Preferred Qualifications

Interest in emerging technologies and willingness to develop subject matter expertise in AI risk and compliance

Benefits

$105,000-$145,000/yr