Privacy Program Analyst

Job Role: Privacy Program Analyst

Location: Los Angeles, CA

Duration: 12 Months Contract

Is this role located on-site, hybrid, or remote?: Hybrid

Is a Livescan Required for Position?: Yes

Position Description:

The Privacy Program Analyst works under the direction of the Chief Privacy officer or user agency personnel and supports the Countywide Privacy Program and data protection initiatives, with a particular focus on the County’s access to and use of Personally Identifiable Information (PII) within the organization. The Privacy Program Analyst will perform assigned privacy compliance auditing and monitoring functions, assists with the development and enhancement of privacy policies and procedures, perform tasks associated with Privacy Impact Assessments and third-party vendor privacy risk assessments, participate in the review and update of Privacy Awareness training and educational activities., and perform tasks associated with the investigation of privacy incidents, breach notification actions, and/or privacy policy violations. The Privacy Program Analyst is responsible for having knowledge of federal and state privacy laws and regulations (strong focus on California); will evaluate situations against those laws and regulations; determine key business issues and execute appropriate plans from multidisciplinary perspectives; perform tasks associated with incident management programs; understand internal auditing standards; review organizations existing privacy policies and procedures for compliance and update draft polices and procedures as necessary; and perform and evaluate Privacy Impact Assessments (PIAs), privacy risk assessments, and third-party vendor privacy risk assessments. The Privacy Program Analyst will work with and maintain confidential information; be organized to analyze and synthesize information quickly; and be able to work independently in a fast-paced environment; conduct and interpret qualitative/quantitative analysis.

Skills Required:

The Privacy Program Analyst will possess knowledge and experience in customer service; decision making; flexibility; interpersonal skills; organizational awareness; written and oral communication; planning and evaluating; analysis and risk management; independence; and be proficient in Microsoft Office and Adobe Acrobat software.       

Additional Skills Required:

Ability to analyze and map PHI/PII data flows, intake points, and operational workflows. Strong understanding of technical safeguards including MFA, encryption, logging, least-privilege access, and workstation security fundamentals. Ability to interpret system access control lists, audit logs, and basic security configurations. Skilled in developing SOPs, operational checklists, and implementation tools to translate policies into actionable workflows. Knowledge of HIPAA governance structures, escalation frameworks, and privacy decision-making workflows. Ability to support vendor due-diligence processes, including review of SOC 2 reports, data-protection documentation, and BAA requirements. Strong communication and training-development skills (creating modules, job aids, and scenario-based learning materials). Project management skills, including tracking milestones, managing dependencies, and supporting large multi-phase compliance projects. Proficiency in privacy audit methods, monitoring dashboards, and continuous-improvement tracking. Ability to work cross-functionally with IT, HR, Contracts, Legal, Operations, and Executive leadership.

Experience Required:

This classification requires a minimum of two (2) years of experience with a focus on privacy program functions, including: privacy policies and procedures development, privacy governance, performance of PIAs, third-party vendor risk assessments, incident response investigations and breach notification laws/ regulations, privacy compliance audits, and programmatic and operational privacy experience.  

Additional Experience Required:

• 2 years of experience conducting full PHI/PII workflow mapping across multiple divisions or departments.
• 2 years of experience supporting technical safeguard implementation projects (e.g., access controls, endpoint protections, encryption, system logging).
• 1 year of experience contributing to or supporting a HIPAA or privacy governance committee, including drafting charters and escalation procedures.
• 2 years of experience converting policy requirements into operational procedures, staff instructions, and role-based workflows.
• 2 years of experience conducting hands-on breach investigation including HIPAA and governing breach notification requirements.
• 2 years of experience conducting vendor privacy/security risk assessments, including reviewing cybersecurity certifications and contracting documents.
• 1 year of experience developing or maintaining workforce privacy/HIPAA training programs.
• 2 years of experience supporting or coordinating large-scale compliance implementations or operational transformation initiatives.
• 2 years of experience conducting internal privacy audits, monitoring activities, or designing metrics for compliance tracking.
• 2 years of experience collaborating across high-complexity environments involving IT, HR, program operations, contracting, and compliance staff.   

Salary : $70 - $75