The Technology Services Privacy and Security Office has an opening for a Privacy Data Breach and Incident Analyst at the Analyst, Senior, or Lead level. This position provides consultative and direct support regarding the privacy components of a data incident and/or breach in a privacy-principled manner. We are looking for candidates with high privacy awareness, experience and interest, technical competency, strong collaboration skills, and an interest in learning and a willingness to partner within and across the organization to support, grow, and create a culture of privacy at Illinois. If you have a passion for privacy, consider applying to this exciting role on a growing and maturing team.
The Data Breach and Incident Analyst (Analyst, Senior, or Lead) will have a comprehensive understanding of privacy laws and regulations, privacy and data security controls and compliance obligations, especially areas of breach notification obligations, risk assessment, and incident response and handling. The role will primarily be responsible to assure the University applies consistent practices to notify individuals in scenarios where information has been breached in accordance with the law.
This position, along with the Privacy Manager of Operations will advise University leadership and /or appropriate data and incident/breach governance teams of the recommendations and potential reporting obligations based on circumstances and scenarios. The role will manage and update the policies and procedures related to breach reporting, notification, risk assessment of incidents and the definition of a breach as well as the circumstances under which notification is warranted in compliance with the law.
Duties and Responsibilities:
DATA BREACH & INCIDENT ANALYST (ANALYST, SENIOR, LEAD)
- Builds collaborative relationships with University stakeholders ahead of breach and data security/privacy incidents.
- Builds and leads incident and breach governance, policy, procedures, and handling, and co-manages Incident Response playbook.
- Supports the Manager, Privacy Operations, and University leadership in identifying likely breach notification obligations and executes operational practices and procedures to reduce them.
- Supports and drafts breach notification letters, establishes call center(s), and assures the University creates meaningful notification to affected individuals in the event of a data incident/breach requiring notification.
- Acts as liaison to the Privacy and Security Incident Response team and works closely to provide timely identification, notice and response in alignment with obligations to various notification practices and law.
- Understands existing sources of data used by the university, data classifications, appropriate controls, and can evaluate incidents in partnership with the incident response team in alignment with those scenarios and regulatory obligations.
- In partnership with University counsel, evaluates and coordinates all phases of a potential breach scenario and / or notification process.
- Advises University leadership on potential obligations and best practices, along with the ethical, moral, privacy-principled approach to notification of possible or likely data breach scenarios.
- With the Privacy Operations Manager and / or Director, identifies capabilities and improvements to the incident and breach reporting processes and advocates for the appropriate resources and capabilities to exist across the University to enable timely and accurate breach response on behalf of units.
- Establishes and matures recommended process improvements or actions departments, units must take following a data security incident or breach and creates processes to recommend and apply consistent measures to continually improve data and system security and privacy.
- Keeps relevant business leaders and units informed on evolving breach practices.
- Participates with colleagues and other units to maintain a breadth of knowledge of privacy analysis, privacy design and engineering, data security and privacy capabilities, tools, processes, controls, and technologies to stay well informed of upstream and downstream privacy and identifiable data issues and needs.
- Serves as a point of contact with Public Affairs, FOIA, and other offices related to incident and breach response, in coordination with PrivSec leadership.
- In partnership with the Privacy Program team and Privacy, Security, Identity and Digital Risk leaders, recommends and contributes to incident and breach training, education, and awareness programs for students, faculty, and staff.
- Contributes to data security and privacy best practices, new technologies, privacy complaints, and methods to reduce potential institution wide risks.
- Recommends improvements to incident & especially breach response plans in the event of an unauthorized disclosure of personal information as well as compliance plans.
- Manages and coordinates with Incident Response regarding formal administrative process for university privacy breaches or incidents. Leads data breach analyst(s) and translates findings into process and / or training programs to proactively reduce future events based on findings.
Projects, Program & Governance
- In partnership with Privacy and Security leadership, works with incident and breach teams and counsel to improve playbooks, processes and capabilities for incident and breach management.
- Coordinates and facilitates University’s Data, Privacy, Security, and Identity Governance activities
- Manages intake improvement projects.
- Oversees the advocacy for and improvement of processes and capabilities related to incident reporting and management.
- Participates with Privacy and Security analysts, TechServices colleagues on unit, university, or external committees.
- Networks with university and industry partners.
SENIOR DATA BREACH & INCIDENT ANALYST - Additional Responsibilities
- Leads and provides supervisory and secondary review for incident and breach governance, policy, procedures, and handling, and co-manages Incident Response playbook.
- Provides direct support to the Lead, Breach Analyst and Manager, Privacy Operations, and University leadership in identifying likely breach notification obligations and recommends updates to operational practices and procedures to reduce them.
- Reviews draft breach notification letters, establishes call center(s), and assures the University creates meaningful notification to affected individuals in the event of a data incident/breach requiring notification.
- Liaise and guide Breach analysts and Privacy and Security Incident Response team and works closely to provide timely identification, notice and response in alignment with obligations to various notification practices and law.
- With data breach analyst(s), translates findings into recommended process improvements and / or training programs to proactively reduce future events based on findings.
- Identifies possible new tools, services, and capabilities to support improved playbooks, processes and capabilities for incident and breach management.
- Advocates for appropriate resources, staff, and funds to support obligations around breach response services, call center services, and plans and prepares appropriate capabilities to rapidly and readily scale support for large incident/breach response needs.
- Selects and recommends “retainer” services necessary for University to rapidly meet capacity for large scale incident/breach response. Partners with breach teams, public affairs, counsel, to select and identify resources.
- Leads and participates in disaster and continuity plans and tabletop tests aligned with possible continuity loss or breach of data.
LEAD DATA BREACH & INCIDENT ANALYST - Additional Responsibilities
- Provides direct support to the Manager, Privacy Operations, and University leadership in identifying likely breach notification obligations and approves updates to operational practices and procedures to reduce them.
- With the manager, leads incident and breach governance, policy, procedures, and handling, and co-manages Incident Response playbook.
- Develops policy and practices related to data handling practices to reduce likelihood and impact of breach related matters.
- Identifies clear patterns where breaches commonly occur in the environment and develops training and awareness efforts to educate and reduce the risk profile related to data incidents and breaches.
- Develops and implements incident intake improvement projects, in coordination with multiple units.
- Leads breach prevention, remediation, and education efforts and committees, under the direction of the manger, with Privacy and Security analysts, TechServices colleagues on unit, university, or external committees.
Salary and Appointment Information:
This is a full-time, year-round Civil Service Program Coordinator position. The expected start date is as soon as possible after May 15, 2023. Salary is commensurate with experience.
Application Submission Information:
Applications must be received by 6:00PM (CST) March 28, 2023. Go to jobs.illinois.edu to apply.