Senior Analyst - Data Privacy (AMC 66780) Orange, CT or Rochester, NY in Orange, CT at Avangrid

Date Posted: 9/24/2018

Job Snapshot

Job Description

Publication date: 24.09.2018
REFERENCE: 5102036201

Company: AVANGRID Management Company (AMC)
Department: Physical and Cyber Security
Job Title: Senior Analyst - Data Privacy
Reports to: Manager - Privacy
Location: Orange, CT or Rochester, NY
Cross Company Responsibility: Yes

Business and Department


Scope of Work - Main duties, settings, geography, reporting relationships, other relationships:

The Senior Data Privacy Analyst will play a key role within the Corporate Security; Cyber Security & Privacy
department by ensuring that the appropriate controls and mechanisms are implemented to protect AVANGRID
data/information from internal and external threats and vulnerabilities in alignment with Corporate Security policies,
rules, procedures, industry best practice , standards and state and federal regulations.

MAJOR ROLES AND RESPONSIBILITIES (Scope of work - range of responsibilities):

- Perform privacy impact assessments utilizing NIST SP800, GAPP and/or OECD privacy frameworks.
- Perform third party risk evaluations and assessments on vendors and other third parties with which AVANGIRD
data is shared, stored, processed or transmitted to ensure that proper security controls are in place.
- Provide review of AVANGRID agreements being negotiated with vendors and other third parties with which
AVANGRID data is shared, stored, processed or transmitted to ensure that AVANGRID privacy, data breach, and
confidentiality requirements are met.
- Perform initial and periodic risk assessments and other necessary to identify, measure and mange identified third
party risks.
- Partner and coordinate closely with internal stakeholders' areas to facilitate and evaluate third party relationships.
- Provide third party and privacy controls and requirements during RFP and RFIs.
- Maintain listing and knowledge of state data breach notification laws, applicable state and federal security laws
and GDPR.
- Work with the privacy manager in the event of privacy incident.
- Provide third party risk assessment and Risk Exception and Acceptance process training to the businesses.

- Maintain the third party risk and exceptions databases.
- Work with the Manager Privacy on REV related cyber security and privacy issues.
- Participate in privacy related projects with HR, Customer Service and IT.


Education & Experience Required:

• Bachelor's degree preferably in business, pre-law, technology, information security, or related field, plus seven (7)
years minimum related experience in a privacy, legal, or security compliance and governance capacity; or
equivalent combination of education and experience.
• Master's degree in business, pre-law, technology, information security, or related field preferred.


• Ability to communicate complex concepts or ideas in a confident and well-organized manner
• Ability to build effective relationships with key stakeholders
• Ability to lead work processes and work independently
• Ability to communicate with business areas to ensure business needs are being addressed effectively
• Ability to travel occasionally, perform after-hours project related work, and provide on-call support as needed
• Strong analytic, problem solving and decision-making skills
• Advanced knowledge of GAPP and OECD privacy frameworks
• Advanced knowledge of industry standards and best practices ISO 27000, NIST SP800, PCI, etc.
• Advanced knowledge of audit controls and standards when performing third party risk assessments including SOC
TSP, COBIT, COSO, NIST and ISO and the ability to review and provide feedback on SOC reports
• Advanced knowledge of state data breach laws and GDPR


• Information Security (CISSP, CISA) required
• Privacy (CIPP/US and CIPP/E) required
• Privacy (CIPP/IT) preferred
• Third-party assessment certifications (CTPRP) preferred
• Working knowledge of PCI-DSS preferred

This opportunity will offer
AVANGRID is an Equal Opportunity / Affirmative Action employer. AVANGRID shall abide by the requirements of
41 CFR 60-1.4(a), 60-300.5(a) and 60-741.5(a). These regulations prohibit discrimination against qualified
individuals based on their status as protected veterans or individuals with disabilities, and prohibit discrimination
against all individuals based on their race, color, religion, sex, sexual orientation, gender identity, or national origin.
Moreover, these regulations require that covered prime contractors and subcontractors take affirmative action to
employ and advance in employment individuals without regard to race, color, religion, sex, sexual orientation,

gender identity, or national origin, protected veteran status or any other status protected by federal, state, or local
law. The Company is committed to a policy in all of its employment practices of equal opportunity without regard to
race, color, religion, sex, sexual orientation, gender identity, or national origin, disability, religion, marital status,
veteran status, sexual orientation, or other protected status.

If you are an individual with a disability or a disabled veteran who is unable to use our online tool to search for or to
apply for jobs, you may request a reasonable accommodation by contacting our Human Resources department at
877-387-9061 or