Sr. Analyst, Digital Risk

Location: Hershey, PA

Department: Legal / Privacy & Data Compliance

Summary of Role:

This position plays a critical role in Hershey's enterprise risk management and privacy programs by managing digital risk assessments driving risk intelligence.

Role Responsibilities:

• Manage digital risk assessment process including Privacy and AI, working collaboratively with internal and external stakeholders to ensure accurate risk identification and assessment
• Primary advisor to the business on Privacy risk and compliance for specific use cases, helping to develop proposed solutions to achieve desired business outcomes while upholding compliance
• Support digital risk tracking and remediation planning processes, including proper controls and accountability
• Maintain accurate documentation to meet regulatory requirements (i.e. Record of Processing Activities [ROPAs], Data Protection Impact Assessment [DPIAs], Transfer Impact Assessment [TIAs], High risk AI use cases)
• Partner with data governance and InfoSec teams to establish enterprise data mapping to enable accurate risk management
• Review systems and processes for proper adherence to Hershey data retention, usage, and privacy/AI policies
• Effectively communicate and collaborate with all departments and job levels across the enterprise
• Ability to facilitate timely collaboration with risk domain owners and proper escalation on high-risk use cases
• Lead staff augmentation resources effectively and efficiently

Desired knowledge, skills, and abilities:

• Experience managing risk assessment processes (i.e. Privacy Impact Assessments [PIA], AI Assessments)
• Working knowledge of privacy and AI regulations including technology trends to enable the business on risk mitigation
• Experience working in an enterprise Privacy SaaS tool (i.e. OneTrust or equivalent) specifically for PIAs, Risk Management, or Risk Intelligence

Minimum Education and Experience Requirements: 

• Education –
  • Bachelor’s degree in related field
• Experience –
  • At least 3+ years in privacy and/or risk management required 
  • Privacy certifications (i.e. CIPP, CIPM, or CIPT) and/or risk management certifications strongly preferred
  • OneTrust application or equivalent tool certifications strongly preferred
  • Experience in CPG preferred

#LI-TL1

#LI-Remote