What are the responsibilities and job description for the Privacy & IT Compliance Analyst position at Post Holdings and Careers?
The Post Holdings Cybersecurity team is seeking an enthusiastic and detail-oriented individual to join our team as a Privacy and IT Compliance Analyst. In this role, you will support data privacy, regulatory compliance, and risk management initiatives across a dynamic, consumer-focused organization in the Consumer Packaged Goods (CPG) sector. This position is ideal for professionals passionate about protecting data, navigating global compliance landscapes, and contributing to ethical data practices in a fast-paced industry. Opportunities for professional development, including support for privacy certifications such as CIPP/US or CIPM.
Responsibilities:
As a Privacy and IT Compliance Analyst you will contribute to a variety of projects and operations support activities within the IT cybersecurity department, including:
Privacy Operations
- Vendor Risk Management: Perform initial screening of vendor privacy practices and Data Processing Agreements.
- Security Assessment Review: Collaborate with cybersecurity and IT teams to review security assessments from a privacy perspective, validating appropriate data classification has been performed to documented standards.
- Privacy Impact Assessments (PIAs): Assist with conducting and documenting privacy impact assessments for new projects, technologies, or data processing activities to identify and mitigate privacy risks.
- Data Inventory Management: Maintain and analyze the organization’s data inventory, ensuring accurate documentation of personal data processing activities across systems and departments.
- Data Subject Requests: Assist in managing and responding to data subject requests and other privacy-related inquiries in compliance with global regulations (e.g., GDPR, CPRA).
- Compliance Monitoring: Monitor and track compliance with privacy and data protection regulations
- Policy Review/Development: Support in the development, review, and maintenance of privacy and compliance policies, procedures, and guidelines.
- Reporting: Prepare reports on privacy metrics and compliance status.
- Audit Support: Support internal and external audits by preparing documentation and coordinating responses to audit findings.
- Training and Awareness: Help develop and deliver engaging training materials and awareness for privacy and compliance to ensure organizational awareness for employees.
- Cross functional collaboration: Participate in collaboration activities with legal, marketing, cybersecurity and product teams to ensure privacy considerations are embedded in consumer-facing initiatives.
Digital & Marketing Privacy
- Website Compliance Review: Review company websites for the presence, accuracy and compliance of privacy related elements such as cookie consent banner, privacy notices, cookie policies and terms of use.
- Website Tracker Scanning & Analysis: Review scans of company websites to identify newly added cookies, pixels, and tracking technologies. Evaluate their purpose, data collection behavior, and compliance with consent requirements.
- Third-, Fourth, and Fifth-Party Tracker Research: Investigate the origin and data-sharing practices of third-party trackers and their downstream partners (fourth and fifth parties). Document associated privacy risks and propose mitigation strategies or vendor management actions.
Compliance Operations
- Internal Controls: Assist in daily reviews of Oracle Risk Management Cloud for alerts, violations, and control exceptions.
- User Access Review (UAR): Assist in the performance of UAR process to gather and report the results of the review for Post’s financial applications.
-
Audit Support: Support internal and external audits by preparing documentation and coordinating responses to audit findings.
Qualifications:
Education and Certificates
- Bachelor’s degree in information security, Cybersecurity, Privacy, Legal Studies, Business, or a related field from an accredited university.
Experience
- 2 years of experience in a Professional Business Environment
Technical and Analytical Skills
- Comfortable using technology and software tools for data analysis, documentation, and reporting.
- Excellent research and analytical skills with attention to detail.
- Ability to identify and evaluate tactical methods to achieve objectives, identify deviations from the plan, and facilitate resolution.
- Experience with website scanning tools (e.g., OneTrust, TrustArc, or similar) is a plus.
- Experience with SOX and control testing (Sensitive Access, Segregation of Duties) is a plus.
- Conceptual knowledge of user provisioning, role based access, and least privilege models.
- Excellent written and verbal communication skills, with the ability to convey complex information clearly to non-technical audiences.
- Collaboration, adaptability and problem solving are especially important in the role of a cross functional privacy role.
- Ability to handle confidential information and use discretion within and outside of the organization.
- Strong interest in data protection, digital marketing compliance, and/or risk management.
- The ideal candidate is a self-starter who takes the initiative to identify areas of opportunity and recommend improvements.
This is a hybrid role based in St. Louis. In-office days are Tuesdays, Wednesdays and Thursdays. Work from home days are Mondays and Fridays. #LI-hybrid