Privacy & Compliance Analyst

The Privacy & Compliance Analyst supports the CPM International Privacy & Compliance team to deliver against CPM’s Privacy & Compliance strategy to materially manage and reduce risks to the business, ensure that CPM maintains its reputation as a trusted and secure partner, and achieve and maintain internationally-recognized, industry-standard accreditations. Serving seven agencies across Europe and the UK, and as part of a global organization committed to adhering to legal and regulatory requirements, the Privacy & Compliance Team provides comprehensive services to the business and its clients and stakeholders including policy management, compliance monitoring, training and awareness, and risk management. The Privacy & Compliance Analyst plays a crucial role in ensuring CPM agencies operate within legal and regulatory boundaries and in accordance with best practices.

**Requirements**:

- Support the creation, maintenance and enforcement of privacy, information security and quality management system policies, processes and procedures.
- Monitor compliance with privacy, information security and quality management system policies and regulations, identifying potential areas of risk or non-compliance.
- Support the development and delivery of privacy, information security and quality management system training programs and awareness initiatives.
- Provide guidance to internal departments on privacy, information security and quality management system best practices and compliance requirements.
- Support the maintenance of regulatory frameworks including PCI-DSS, ISO 27001, ISO 27701 and ISO 9001, including participating in the coordination and execution of compliance audits and assessments to evaluate adherence to the same.
- Assist in the development, execution and monitoring of corrective action and remediation plans to address risks and non-conformities.
- Aid the business in ensuring appropriate information security and data protection measures and controls are in place, such as encryption, access controls and data retention policies.
- Support the management of information security incidents, including analysing, reporting, notifying and documenting incidents and response actions.
- Assist in evaluating and managing third party risks, including supporting the gathering and submission of information required for vendor risk assessments and vendor risk treatment plans, supporting due diligence of third parties, and reviewing contracts and agreements to ensure compliance with privacy and information security requirements.
- Conducting research on emerging and changing privacy laws, regulations and standards, including assisting in preparing reports and documentation of the same.
- Support responses to requests for information from current and prospective clients and other external and internal stakeholders with information relating to the privacy, information security and quality management programmes.
- Coordinate and manage the completion of data privacy and information security governance documentation requirements including privacy assessments, data privacy impact assessments, records of processing, asset and vendor inventories, and risk registers, ensuring documentation is created and maintained in a timely, accurate manner and used effectively in all areas of the business.
- Participation in the reviewing, drafting, revising and negotiation of contracts to ensure appropriate Data Protection and Information Security requirements are agreed between CPM and third parties.
- Any other duties as may reasonably be required including involvement in ad hoc CPM/Omnicom Projects.

**Skills, know-how and experience**:
**Must Have**
- Experience driving change and compliance in a multi-language, multi-disciplinary environment, including experience with governance, project planning, risk and issue management and mitigation.
- Knowledge of and experience working with EU data privacy and data protection regulation, and other major privacy and quality frameworks and evolving legislation worldwide, including ISO 27001, ISO 27701, ISO 9001 and PCI-DSS.
- Strong interpersonal skills and stakeholder management, with the ability to collaborate effectively with cross-functional teams in a fast-paced environment.
- Strong analytical skills with the ability to assess complex issues and identify, develop, implement, monitor and document effective solutions.
- Able to communicate clearly and effectively in both written and spoken word in English.
- Ability to handle confidential and sensitive information with the appropriate discretion.
- Detail-oriented with a commitment to upholding high standards for work product.
- Ability to work unsupervised and take initiative and ownership of tasks.
- Proficiency in privacy management software such as OneTrust.
- Willingness and ability to learn about new regulations, requirements and developments in information security, privacy and quality management.
- Time management and prioritiza