Sr Compliance & Privacy Analyst

Welcome to Aventiv! Please watch this brief video to find out if this is the place you want to be!

Aventiv Technologies – Where your future awaits - YouTube

**Associate Referral Reward Eligible**

Job Purpose: This role is responsible for assisting with the development, implementation, and maintenance of the company's ethics, compliance, and privacy programs. The Senior Analyst will conduct risk assessments, monitor compliance activities related to relevant laws and policies, and manage privacy requirements to safeguard sensitive data and uphold the organization's ethical standards. The role also supports privacy operations, incident response, third-party reviews, and program documentation, including operationalizing privacy-by-design through standardized processes, templates, training, and cross-functional coordination. 

Essential Duties:

• Assist in the development, implementation, and oversight of the corporate Ethics & Compliance Program, including the ethics hotline and related policies. 
• Serve as a point of contact for internal stakeholders, providing guidance and answering questions related to compliance policies, ethical conduct, and privacy laws. 
• Conduct privacy impact assessments (PIAs) and data protection impact assessments (DPIAs) for new and existing projects, products, and processes. 
• Manage the process for handling Data Subject Access Requests (DSARs), ensuring timely and compliant responses in accordance with regulations like CCPA/CPRA. 
• Conduct third-party and vendor due diligence reviews to identify and remediate compliance, security, and privacy risks. 
• Utilize investigative tools to research and analyze potential conflicts of interest, ethical violations, and compliance breaches. 
• Develop, maintain, and enhance reporting to track key performance indicators (KPIs) and key risk indicators (KRIs) for the ethics, compliance, and privacy programs. 
• Assist in creating and delivering compliance and privacy training and awareness campaigns for all employees. 
• Collaborate with legal, IT, and information security teams to ensure that privacy-by-design principles are embedded in the development of new technologies and business initiatives. 
• Manage end-to-end privacy (including HIPAA) incident response, including intake, triage, investigation, mitigation tracking, closure, and support for notification determinations and communications. 
• Coordinate cross-functional privacy incident response activities with Legal, IT, Information Security, Compliance, HR, and Operations to ensure timely, well-documented resolution. 
• Perform privacy (including HIPAA) breach risk assessments using best practices such as the four-factor methodology and maintain incident logs, supporting evidence, and remediation records. 
• Develop and maintain privacy templates, policies, procedures, risk registers, SOPs, workflows, intake forms, and dashboards to support consistent operations, visibility, and reporting. 
• Maintain records of processing activities, data inventories, incident documentation, and evidence repositories required to support compliance and audit readiness. 
• Track privacy requests, investigations, remediation items, and compliance deadlines, and use privacy management, ticketing, and documentation platforms to preserve evidence, generate reports, and support continuous improvement. 

Knowledge, Skills, and Abilities:

• Strong understanding of general ethics and corporate compliance principles. 
• In-depth knowledge of privacy laws and regulations, such as GDPR, CCPA/CPRA, and other relevant data protection frameworks. 
• Experience with privacy risk management and conducting privacy assessments. 
• Ability to take initiative, make key decisions, and work both independently and collaboratively within a team. 
• Excellent verbal and written communication skills with the ability to translate complex legal and regulatory requirements into practical business guidance. 
• Highly organized, detail-oriented, and able to manage competing priorities. 
• Proficiency in MS Office and experience with Governance, Risk, and Compliance (GRC) or privacy management software (e.g., OneTrust, TrustArc, etc.). 
• Strong knowledge of HIPAA privacy and security requirements, breach notification obligations, and privacy

Minimum Qualifications:

• Highschool Diploma or GED 
• 5+ years of experience in a compliance or legal role, with at least four years focused on ethics and/or data privacy. 
• Proven background in conducting research and analysis for vendor due diligence and compliance investigations. 
• Demonstrated experience supporting compliance and privacy programs, adhering to policies and procedures to meet legal and regulatory requirements. 
• Hands-on experience with privacy incident intake, investigation, documentation, remediation tracking, HIPAA-related incident response or breach analysis, and privacy assessments with supporting logs, documentation, or evidence. 

 Preferred Qualifications:

• Bachelor’s Degree in Business, Law, or a related field. 
• Professional certifications such as Certified Information Privacy Professional (CIPP), Certified Information Privacy Manager (CIPM), Certified Compliance & Ethics Professional (CCEP), Leadership Professional in Ethics & Compliance (LPEC) or similar credentials. 
• Experience with implementing and managing a Data Subject Rights (DSAR) program and managing an ethics hotline. 
• Past background in roles related to ethics, data governance, and third-party risk management. 
• Degree in Privacy, Information Management, Health Information Management, or a related field. 
• Professional certifications such as CHPC, CHPS, HCISPP, or similar healthcare privacy or information governance credentials. 
• Experience supporting HIPAA breach notification analysis, records of processing activities, formal privacy program documentation, and workflow or case management tools such as ServiceNow or Jira. 

Physical Requirements:

• While performing the duties of this job, the employee is regularly required to stand, sit, talk, hear, and use hands and fingers to operate a computer, telephone, and office equipment. 
• Occasionally may need to reach, stoop, or kneel. 

Salary and Benefits:

At Aventiv, our salary and benefits are designed to fit you as a whole person. We offer a salary range based on experience and qualifications to ensure your unique contributions are met with our most competitive offer.

• $95,846.29 - $110,000 per year
• Eligible for $255 to purchase company equipment (keyboard, monitor, headset, etc.)
• Health Insurance
• 401(k)
• Disability
• Life Insurance
• Paid Time Off
• Voluntary Benefits

Aventiv Privacy Policy:

www.aventiv.com/privacy

Equal Employment Policy:

Aventiv is proud to be an equal opportunity employer. All decisions regarding recruiting, hiring, promotion, assignment, training, termination and other terms and conditions of employment will be made without regard to race, color, national origin, biological sex, sexual orientation, gender identity, gender expression, gender presentation, religion, age, pregnancy, disability, work-related injury, veteran status, genetic information, marital status, or any other factor that the law protects from employment discrimination. We do not discriminate based on genetic information in accordance with the Genetic Information Nondiscrimination Act.