Third Party Privacy Risk Analyst

Third Party Privacy Risk Analyst

Job Summary:

Viking is seeking a highly motivated and dedicated Third Party Privacy Risk Analyst to join our Data Privacy team in Woodland Hills, CA. Reporting to our Director Privacy within the Internal Audit department, you will primarily focus on third-party vendor privacy risks management throughout the entire vendor engagement lifecycle, including privacy risk assessments, onboarding, controls implementation, vendor inventory, ongoing monitoring, and offboarding. You will interact with vendors and collaborate with internal Viking business owners to effectively address privacy-security issues. Additionally, you will support the team in developing and implementing data mapping and may be involved in other privacy projects as needed.

Our ideal candidate will have some background in cybersecurity and a strong understanding of data protection principles, privacy frameworks, US state laws, and GDPR. Prior experience in third-party vendor privacy risk management is highly preferred.

This is a hybrid position based in our Woodland Hills, CA office. You will be required to adhere to our hybrid work policy, working from our office Monday, Wednesday and Thursday on a weekly basis.

Job Responsibilities:

• Collaborate with Viking business owners in the  third-party vendor onboarding .
• Initiate, manage, and review third-party risk assessments, review vendor security infrastructure, identify  risks and suggest mitigation measures.
• Collaborate with IT to implement necessary controls and mitigation measures from privacy risk assessments.
• Monitor vendor assessment status, vendor audits, and requalification on a scheduled plan.
• Prepare regular reports and keep them current.
• Create and review templates for privacy-security risk questionnaires, checklists, AI tools assessments, and other necessary forms.
• Identify offboarding activities and collaborate with IT to ensure compliance with privacy laws and security standards.
• Collaborate with cross-functional teams to align privacy laws, security standards, and business imperatives.
• Stay updated on data privacy regulations, AI functionalities, and cybersecurity guidelines, recommending changes as needed.
• Support our data mapping project by identifying and documenting data sources, data flow, data  storage and ensure accurate data tracking.
• Assist with the development, review, update, and implementation of privacy/security policies and procedures.
• Conduct data privacy impact assessments on software applications as requested.
• Support privacy program goals as directed by the supervisor.
• Assist with other department initiatives and projects as needed.
• Assess privacy-related risks from existing products and services.

Job Requirements:

• Bachelor's degree in Privacy, Cyber Security, Computer Science, or MIS.
• 2-3 years of relevant experience in Data Privacy/Security and Compliance roles; Vendor risk management experience preferred.
• Knowledge of data privacy-security concepts and key privacy laws and security standards (e.g., GDPR, CCPA, PCI-DSS, NIST, ISO 27001).
• Familiarity with  of AI concepts, tools, policies, and best practices.
• Relevant privacy-security certifications (e.g., CIPP/US, CIPP/E, CIPM, CIPT) are highly desirable.
• Experience in designing, implementing, and maintaining privacy policies, programs, and processes.
• Ability to translate regulatory requirements and technical concepts into practical, actionable instructions to support the business.
• Experience in performing privacy risk assessments, identifying risks, prioritizing, and suggesting mitigation plans.
• Experience with  with GRC and risk management tools.
• Ability to deliver on time and work well both independently and as part of a team.
• Proactive, self-motivated and willing to learn.
• Adaptable to a global environment and unexpected business changes.
• Strong multi-tasking skills, detail-oriented, and effective in collaborating with cross-functional teams.
• Excellent interpersonal, verbal, and written communication skills.
• Willingness to travel up to 10% if needed.

 What We Offer You:

• Highly competitive compensation plan.
• Salary range $95,000-$110,000 annually determined by a myriad of factors including, but not limited to, years of experience, depth of experience, and other relevant business considerations.
• Employees are eligible for annual discretionary bonus.
• 401(k) plan with company match.
• Full benefits including medical, dental, vision, life and disability insurance at a highly subsidized rate (some plans are fully paid by Viking).
• Accrue 15 paid vacation days, sick time accrual by state, and 6 paid holidays per year.
• Opportunity to take a free and/or discounted cruise.
• Highly subsidized gym membership.
• Discounts on theatres, theme parks, movie tickets, travel discounts through IATA membership and too many more discounts to name.

Viking is a certified Great Place to Work company. This certification is a result of our commitment to excellence, integrity and our teams’ outstanding contributions.

About Viking

Viking was founded in 1997 and provides destination-focused voyages on oceans, rivers and lakes around the world. Designed for experienced travelers with interests in science, history, culture and cuisine, Chairman Torstein Hagen often says Viking offers experiences for The Thinking Person®.

Viking has more than 250 awards to its name, including being rated #1 for Rivers, #1 for Oceans and #1 for Expeditions by Condé Nast Traveler and voted at the top of its categories by Travel Leisure. No other cruise line has ever received these same honors by both publications at the same time.

Salary : $95,000 - $110,000