Privacy & IT Compliance Analyst

Business Unit Overview

Feeding the world is what we do - how we do it is unique. We are not your textbook consumer packaged goods company. While others may be slow to make change happen, Post continuously drives both inorganic and organic growth. Our history is evidence of that fact with over 100 years of heritage and growth from brands that transcend generations like Honey Bunches of Oats, Fruity Pebbles, Malt-O-Meal, Bob Evans, Kibbles 'n Bits, Egg Beaters, Peter Pan peanut butter and more. Our foodservice and ingredient businesses supply other products you love for brands, restaurants and stores.

We have more than 55 offices and manufacturing sites and approximately 13,000 employees. Over the past 13 years, Post has made 28 acquisitions and innovative financial transactions and reached $8.2 billion in net sales in fiscal 2025. During turbulent times of market uncertainty, the food industry has provided a level of stability unlike other industries

Post Holdings, Inc. is a Fortune 500® company headquartered in Brentwood, a suburb of St. Louis, Missouri. Our casual professional atmosphere encourages team members to collaborate, innovate and support our operating companies. Our passion and drive advance the reputation of our operating companies and brands—together, we make a difference.

Responsibilities

The Post Holdings Cybersecurity team is seeking an enthusiastic and detail-oriented individual to join our team as a Privacy and IT Compliance Analyst. In this role, you will support data privacy, regulatory compliance, and risk management initiatives across a dynamic, consumer-focused organization in the Consumer Packaged Goods (CPG) sector. This position is ideal for professionals passionate about protecting data, navigating global compliance landscapes, and contributing to ethical data practices in a fast-paced industry. Opportunities for professional development, including support for privacy certifications such as CIPP/US or CIPM.

Responsibilities:

As a Privacy and IT Compliance Analyst you will contribute to a variety of projects and operations support activities within the IT cybersecurity department, including: 

Privacy Operations

• Vendor Risk Management: Perform initial screening of vendor privacy practices and Data Processing Agreements.
• Security Assessment Review: Collaborate with cybersecurity and IT teams to review security assessments from a privacy perspective, validating appropriate data classification has been performed to documented standards.
• Privacy Impact Assessments (PIAs): Assist with conducting and documenting privacy impact assessments for new projects, technologies, or data processing activities to identify and mitigate privacy risks.
• Data Inventory Management: Maintain and analyze the organization’s data inventory, ensuring accurate documentation of personal data processing activities across systems and departments.
• Data Subject Requests: Assist in managing and responding to data subject requests and other privacy-related inquiries in compliance with global regulations (e.g., GDPR, CPRA).
• Compliance Monitoring: Monitor and track compliance with privacy and data protection regulations
• Policy Review/Development: Support in the development, review, and maintenance of privacy and compliance policies, procedures, and guidelines.
• Reporting: Prepare reports on privacy metrics and compliance status.
• Audit Support: Support internal and external audits by preparing documentation and coordinating responses to audit findings.
• Training and Awareness: Help develop and deliver engaging training materials and awareness for privacy and compliance to ensure organizational awareness for employees.
• Cross functional collaboration: Participate in collaboration activities with legal, marketing, cybersecurity and product teams to ensure privacy considerations are embedded in consumer-facing initiatives.
  
  

Digital & Marketing Privacy

• Website Compliance Review: Review company websites for the presence, accuracy and compliance of privacy related elements such as cookie consent banner, privacy notices, cookie policies and terms of use.
• Website Tracker Scanning & Analysis: Review scans of company websites to identify newly added cookies, pixels, and tracking technologies. Evaluate their purpose, data collection behavior, and compliance with consent requirements.
• Third-, Fourth, and Fifth-Party Tracker Research: Investigate the origin and data-sharing practices of third-party trackers and their downstream partners (fourth and fifth parties). Document associated privacy risks and propose mitigation strategies or vendor management actions.
  
  

Compliance Operations

• Internal Controls: Assist in daily reviews of Oracle Risk Management Cloud for alerts, violations, and control exceptions.
• User Access Review (UAR): Assist in the performance of UAR process to gather and report the results of the review for Post’s financial applications.
• Audit Support: Support internal and external audits by preparing documentation and coordinating responses to audit findings.
  
  

Qualifications

Qualifications:

Education and Certificates

• Bachelor’s degree in information security, Cybersecurity, Privacy, Legal Studies, Business, or a related field from an accredited university.
  
  

Experience

• 2 years of experience in a Professional Business Environment
  
  

Technical And Analytical Skills

• Comfortable using technology and software tools for data analysis, documentation, and reporting.
• Excellent research and analytical skills with attention to detail.
• Ability to identify and evaluate tactical methods to achieve objectives, identify deviations from the plan, and facilitate resolution.
• Experience with website scanning tools (e.g., OneTrust, TrustArc, or similar) is a plus.
• Experience with SOX and control testing (Sensitive Access, Segregation of Duties) is a plus.
• Conceptual knowledge of user provisioning, role based access, and least privilege models.
• Excellent written and verbal communication skills, with the ability to convey complex information clearly to non-technical audiences.
• Collaboration, adaptability and problem solving are especially important in the role of a cross functional privacy role.
• Ability to handle confidential information and use discretion within and outside of the organization.
• Strong interest in data protection, digital marketing compliance, and/or risk management.
• The ideal candidate is a self-starter who takes the initiative to identify areas of opportunity and recommend improvements.
  
  

This is a hybrid role based in St. Louis. In-office days are Tuesdays, Wednesdays and Thursdays. Work from home days are Mondays and Fridays.