"Alerted.org

Privacy Analyst

Required Qualifications** **(as evidenced by an attached resume):

Bachelor’s degree (foreign equivalent or higher) in Information Systems, Compliance, Legal Studies, Public Policy, Risk Management, or a related field. Three (3) years of full-time experience in privacy, compliance, or related field. Knowledge of and experience working with privacy regulations and standards (e.g. FERPA, PIPL, HIPAA, GDPR, CCPA, GLBA). Experience providing education and training to constituents, including content development and delivery of public speaking presentations. Must have, keep and maintain the appropriate valid NYS Driver’s License; have a motor vehicle record which is free from major violations or a pattern of repeat violations. **(***Out-of-State Applicants, see "Special Notes”).**

Preferred Qualifications:

Master’s degree (foreign equivalent or higher) or an Advanced Certification in a relevant field. Professional certifications such as CIPP/US, CIPP/E, CIPM, or equivalent. Experience in higher education, healthcare, or research-intensive organizations. Familiarity with information security frameworks (e.g. NIST, ISO).

Brief Description of Duties:

The Privacy Analyst supports the Chief Privacy Officer in maintaining and enhancing the University’s privacy program. This role focuses on assessing policies, procedures, and operational practices to ensure compliance with federal, state, and international privacy regulations. The Privacy Analyst plays a significant role in safeguarding the privacy and security of sensitive information by conducting ongoing privacy risk assessments, implementing improvements, and assisting in training stakeholders to safeguard sensitive information across academic, research, clinical, and administrative functions. The successful candidate will demonstrate strong analytical, organizational, and problem-solving skills as well as excellent written and verbal communication skills. The incumbent will explain privacy concepts to diverse audiences and collaborate effectively across multiple departments and with senior leadership.

+ **Privacy and Compliance:**

+ Work with the CPO, the Director of Risk Management and Policy Compliance and all policy owners across the enterprise to assess institutional policies, procedures, and operations to ensure compliance with applicable privacy laws, regulations, and best practices.

+ Support the development, implementation, and continuous improvement of privacy policies, guidelines, and procedures, while providing feedback and recommendations.

+ Monitor changes in privacy regulations and advise the CPO on implications and required actions.

+ Respond to general privacy inquiries from employees, students, and third parties; provide accurate information and sound guidance as appropriate.

+ Maintain current knowledge of applicable federal, state, and international privacy and other compliance-related laws and accreditation standards.

+ **Risk Assessment and Reporting:**

+ Conduct risk assessments to identify potential privacy vulnerabilities.

+ Participate in privacy audits, compliance reviews, and mitigation strategies which may include privacy impact assessments (PIAs) for new systems, technologies, and business processes.

+ Prepare reports and metrics to inform the CPO and leadership on privacy risks and trends. Assist with the development and management of privacy program metrics, reports, and dashboards, and provide recommendations for program enhancement.

+ Work on projects and initiatives with the Data Governance Council on projects and initiatives involving data ownership and transfer, data inventory and mapping, data classification to ensure alignment with privacy policy and regulations etc.

+ Coordinate initial and periodic privacy risk assessments and conducts related ongoing compliance monitoring activities in coordination with the university's other compliance and operational assessment functions.

+ **Training and Awareness:**

+ Support the development and delivery of training programs through various methods and modalities for faculty, staff, and others on privacy policies and best practices.

+ Promote a culture of privacy awareness across the University.

+ Work collaboratively with the Division of Information Technology, Office of General Counsel, Procurement, OVPR, and other stakeholders on areas with significant privacy components.

+ Responsible for drafting content and presentation collateral for the University’s privacy website.

+ **Incident Response and Advisory:**

+ Assist in investigating and documenting privacy incidents and privacy incident response processes, including review of reported incidents, remediation, process recommendations, and reporting of potential data events and incidents.

+ Provide guidance on privacy considerations for new systems, technologies, and data-sharing agreements.

+ Collaborate with stakeholders to address privacy issues proactively.

+ **Other duties or projects as assigned as appropriate to rank and departmental mission.**

Special Notes:

This is a full-time appointment. FLSA Exempt position, not eligible for the overtime provisions of the FLSA. Minimum salary threshold must be met to maintain FLSA exemption.

In addition to the employee's base salary, this position is eligible for $4,000 UUP annual location pay, paid biweekly.

**Essential Position:** This has been designated as an essential position based on the duties of the job and the functions performed. Positions that are designated as such may be required to report to work/remain at work even if classes are canceled, and the campus is working on limited operations in an emergency.

Evening and weekend work will be required at times.

***Out-of-State Applicants: Please note as a condition of employment and in order for this position to be tendered, the successful incumbent will be required to provide evidence of a valid license and driving abstract from the state issuing the license within five business days of a conditional offer and must obtain a NYS driver's license within 30 days of start date.

For this position, we are unable to sponsor candidates for work visas.

Resume/CV and cover letter should be included with the online application.

_Stony Brook University is committed to excellence in diversity and the creation of an inclusive learning and working environment. All qualified applicants will receive consideration for employment without regard to race, color, national origin, religion, sex, pregnancy, familial status, sexual orientation, gender identity or expression, age, disability, genetic information, veteran status and all other protected classes under federal or state laws._

If you need a disability-related accommodation, please call the university Office of Equity and Access (OEA) at (631) 632-6280 or visit OEA (https://www.stonybrook.edu/commcms/oea/) .

_In accordance with the Title II Crime Awareness and Security Act_ a _copy of our crime statistics can be viewed_ here (https://www.stonybrook.edu/police/) _._

Visit our WHY WORK HERE (https://www.stonybrook.edu/jobs/working-here/) page to learn about the **total rewards** we offer.

The starting salary range (or hiring range) to be offered for this position is noted below, it represents SBU’s good faith and reasonable estimate of the range of possible compensation at the time of posting.

**Job Number:** 2503917

**Official Job Title:** : Senior Staff Assistant

**Job Field** : Administrative & Professional (non-Clinical)

**Primary Location** : US-NY-Stony Brook

**Department/Hiring Area:** : Division of Enterprise Risk Management

**Schedule** : Full-time

**Shift** : Day Shift **Shift Hours:** : 8:30 a.m. - 5:00 p.m. :

**Posting Start Date** : Oct 23, 2025

**Posting End Date** : Nov 6, 2025, 11:59:00 PM

**Salary:** : Commensurate with experience within the range of $80,000 - $95,000

**Appointment Type:** : Term

**Salary Grade:** : SL3

**SBU Area:** : Stony Brook University

**Req ID:** 2503917