Privacy Compliance Analyst

The Data Privacy, Protection and Governance team at S&P Global is dedicated to managing sensitive, personal, and non-personal information. We achieve this through the implementation of comprehensive policies, processes, controls, and metrics that ensure compliance with global regulations.

As the Data Privacy Compliance Analyst, you will play a critical role in supporting S&P Global’s enterprise data privacy and protection functions. You will be responsible for oversight and management of data subject access requests, annual data privacy compliance audits and reviews, website compliance, and the internal sphere site. In addition, you will lead EMEA privacy compliance projects, own the data privacy intake mailbox, act as the point person for client due diligence questions, and drive other privacy projects as assigned. Your work will help ensure S&P Global’s continued compliance with global data privacy regulations and maintain the trust of our clients and employees.

Responsibilities:

• Oversight and management of all data subject access requests, ensuring timely and compliant responses.
• Leading and coordinating yearly data privacy compliance audits and reviews for S&P Global’s business units.
• Ownership of website compliance, including monitoring, reviewing, and updating privacy notices and cookie banners.
• Ownership and management of the internal sphere site for privacy resources and communications.
• Leadership and execution of EMEA privacy compliance projects, including GDPR-related initiatives.
• Ownership and daily management of the data privacy intake mailbox, triaging and responding to privacy-related queries.
• Acting as the primary point of contact for client due diligence questions regarding data privacy and protection.
• Supporting other privacy projects and initiatives as assigned by the Data Privacy, Protection and Governance team.
• Collaborating with procurement and third-party risk teams to assess vendors’ compliance with privacy policies and regulations.
• Assisting with privacy training, data mapping, and incident response efforts.

What We’re Looking For:

• BA/BS degree in Legal, Information Technology, or a related field, or equivalent experience in privacy/compliance.
• Broad understanding of data privacy laws and regulations, including GDPR and other global frameworks.
• 3 or more years of applicable experience in data privacy compliance, audit, or related functions.
• Experience managing data subject access requests and compliance audits.
• Proficiency in privacy management tools (e.g., OneTrust) and Microsoft Office packages.
• Excellent attention to detail with strong time management and organizational skills.
• Strong cross-group collaboration skills, including conflict resolution and negotiation capabilities.
• Ability to communicate complex privacy concepts to diverse audiences.
• Experience supporting or leading privacy projects in a global, matrixed environment is preferred.

Flexible Working (optional): We pride ourselves on our agility and diversity, and we welcome requests for flexible working arrangements. For most roles, flexible hours and/or an element of remote working are usually possible. Please discuss your preferred arrangement during the interview, and we will strive to be adaptable wherever we can.

Right to Work Requirements: This role is limited to persons with indefinite right to work in the United States.

Equal Opportunity Employer: S&P Global is an equal opportunity employer and all qualified candidates will receive consideration for employment without regard to race/ethnicity, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, marital status, military veteran status, unemployment status, or any other status protected by law.