Senior Compliance Analyst
We are Relativity. A market-leading, global tech company that equips legal professionals with a powerful platform to organize data, discover the truth, and act on it. The U.S. Department of Justice, 198 of top 200 U.S. law firms, and more than 70 Fortune 100 companies are among our customers who trust Relativity during litigation, internal investigations, and compliance projects.
Our SaaS product, RelativityOne, has become the fastest-growing product in the company's history and we have consistently been named a great workplace. As we grow, we continue to seek individuals that will bring their whole self to our team atmosphere.
Join us in the transformation of the legal industry and play a pivotal role in shaping the future of the practice of law and beyond.
As a Senior Compliance Analyst you will join a phenomenal team that ensures Relativity remains compliant as we continue to create innovative technology. You will create controls and processes from scratch, especially as we enter new domains and incorporate new technologies. You will lead efforts across the compliance team, enacting controls, working with teams across the organization, and ensuring we stay on top of industry trends.
The Compliance Team:
At Relativity, we have a world-class compliance team focused on maintaining an industry-leading approach to data protection. We are building scalable processes and programs to ensure they are customer-centric and fit a rapidly growing company worldwide. We are passionate about data privacy, security, cloud computing, and technology.
- Be a privacy expert to internal teams. Guide them in defining and designing privacy requirements-respecting policies, processes, and solutions
- Present to both customers and internal teams about privacy and data protection and privacy by design/default
- Work closely with teams such as Legal, Security, and Compliance to help manage operations of the privacy program
- Partner with Relativity’s Product and Engineering teams to evaluate new products, features, and processes
- Interpret global privacy requirements, such as:(GDPR, CCPA, HIPAA). Participate in helping legal evaluate regulations and how they apply to our SaaS environment
- Guide teams toward industry best practices for privacy in a SaaS environment. Identify relevant privacy impacts to business and technology initiatives
- Participate in designing 3rd party / vendor assessment practices to better understand their privacy posture
- Create privacy control tests for ongoing evaluation of privacy compliance (internal and 3rd party)
- Review investigations correspondence and determine if they meet government/state breach notification thresholds
- Demonstrate knowledge of privacy requirements and best practices, and understand how they apply to business practices , projects and industry frameworks (27018, SOC2 )
- Develop new and improve existing metrics and reporting tools
- Facilitate related privacy training and content deliver
- Facilitate gap assessment and project charters to achieve new privacy credentials
- Facilitate requirements gathering and drive creation of integrated project plans and timelines
- Strong understanding of technology and privacy controls
- Experience with regional or country-specific privacy requirements throughout Europe, Asia, and North America (e.g. GDPR, PIPEDA, CCPA) and a working knowledge of data protection
- Can converse about the EU-US/Swiss-US Privacy Shield and the differences between a data controller and a data processor
- Experience developing processes for implementing privacy requirements like privacy impact assessment and data subject access and deletion requests. Experience with FedRAMP PIA evaluations is a plus.
- Understands compliance and/or legal frameworks, how systems work, and desires to build great programs for scale
- Ability to communicate complex topics and requirements and distill them into straightforward requirements that everyone can understand
- Thrives working in a fast-paced environment and seeing projects through to completion.
- Equally comfortable working with other team members, as well as independently on projects
- CIPP, CIPM, CIPT or other related certifications is a significant plus, but not required
- 3+ years of experience as an Analyst, or in a similar compliance role engaged in consulting (internal or external) on technology, privacy, and control risk
- 1+ year of experience performing Privacy Impact Assessments or similar business practices or with similar controls.
- Knowledge of law and trends affecting US and global privacy, policy and compliance such as: State Data Breach Notification laws, State Data Protection Laws, GLBA, HIPAA, CCPA, GDPR, etc