GRC Privacy Senior Analyst

The GRC Privacy Senior Analyst position is responsible for monitoring and communicating the requirements necessary to be compliant with global privacy regulations. This person will work with other Enterprise Risk & Resiliency service families and the business to ensure privacy requirements are understood and implemented. They will also support and mentor other GRC governance Analysts I, III or III and Co-Ops & interns.

At Sherwin-Williams, our purpose is to inspire and improve the world by coloring and protecting what matters. Our paints, coatings and innovative solutions make the places and spaces in our world brighter and stronger. Your skills, talent and passion make it possible to live this purpose, and for customers and our business to achieve great results. Sherwin-Williams is a place that takes its stability, growth and momentum and translates it to possibility for our people. Our people are behind the strength of our success, and we invest and support you in:

Life … with rewards, benefits and the flexibility to enhance your health and well-being
Career … with opportunities to learn, develop new skills and grow your contribution
Connection … with an inclusive team and commitment to our own and broader communities
It's all here for you... let's Create Your Possible

At Sherwin-Williams, part of our mission is to help our employees and their families live healthier, save smarter and feel better. This starts with a wide range of world-class benefits designed for you. From retirement to health care, from total well-being to your daily commute—it matters to us. A general description of benefits offered can be found at Click on “Candidates” to view benefit offerings that you may be eligible for if you are hired as a Sherwin-Williams employee.

Compensation decisions are dependent on the facts and circumstances of each case and will impact where actual compensation may fall within the stated wage range. The wage range listed for this role takes into account the wide range of factors considered in making compensation decisions including skill sets; experience and training; licensure and certifications; and other business and organizational needs. The disclosed range estimate has not been adjusted for the applicable geographic differential associated with the location at which the position may be filled. The wage range, other compensation, and benefits information listed is accurate as of the date of this posting. The Company reserves the right to modify this information at any time, with or without notice, subject to applicable law.

Qualified applicants with arrest or conviction records will be considered for employment in accordance with applicable federal, state, and local laws including with the Los Angeles County Fair Chance Ordinance for Employers and the California Fair Chance Act where applicable.

Sherwin-Williams is proud to be an Equal Employment Opportunity employer. All qualified candidates will receive consideration for employment and will not be discriminated against based on race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, disability, age, pregnancy, genetic information, creed, marital status or any other consideration prohibited by law or by contract.

As a VEVRAA Federal Contractor, Sherwin-Williams requests state and local employment services delivery systems to provide priority referral of Protected Veterans.

Please be aware, Sherwin-Williams recruiting team members will never request a candidate to provide a payment, ask for financial information, or sensitive personal information like national identification numbers, date of birth, or bank account numbers during the application process.

• Monitor and communicate changes to privacy regulations, translating regulations into practical guidance wherever SW conducts business
• Advise business leaders and technology teams on privacy, data protection, and riskInfluence cross-functional stakeholders to drive privacy by design principles
• Conduct gap analysis for new laws and develop and execute remediation plan
• Using strong strategic thinking skills conduct complex privacy risk assessments, anticipate regulatory trends and contribute to the GRC roadmap.
• Conduct Privacy Impact Assessments, Records of Processing and Data Mapping globally
• Conduct Regional Maturity Assessments and collect evidence
• Manage the Global Privacy Portal for privacy questions, complaints, or issues
• Manage the global Data Subject Request (DSR) process
• Provide governance on cookie categorization and cookie audits
• Provide support with internal & external legal counsels
• Manage internal audits including PCI, SWIFT and HIPAA
• Strong decision-making capabilities when handling ambiguous and evolving regulatory requirements.
• Monitor and ensure compliance requirements are being met and maintained i.e., websites, marketing campaigns and new projects or applications
• Influence outcomes through clear, persuasive communication, data driven insights, and recommendations.
• Maintain Global Business Landscape Statistics which include SW locations, functions of employees, and count of employees
• Maintain the data sensitivity Matrix
• Maintain Governance Calendar and ensure activities are completed
• Respond to emails in the [email protected] email box
• Report monthly metrics
• Complete special projects as requested

This position is not eligible for sponsorship for work authorization now or in the future, including conversion to H1-B visa. Must be legally authorized to work in the country of employment without needing sponsorship for employment work visa status now or in the future.

Job duties include contact with other employees and access confidential and proprietary information and/or other items of value, and such access may be supervised or unsupervised. The Company therefore has determined that a review of criminal history is necessary to protect the business and its operations and reputation and is necessary to protect the safety of the Company’s staff, employees, and business relationships

Must be eighteen or older.

This role is remote.

REQUIRED JOB QUALIFICATIONS

• Bachelor’s Degree (or foreign equivalent) or in lieu of a degree, at least 12 years in experience in the field of Information Technology or Business (work experience or a combination of education and work experience in the field of Information Technology or Business)
  • 5+ years of work experience in an IT or business analyst related role
  • Business knowledge includes working knowledge of SW structure, business processes, operations
  • Ability to interface with top management
  • Knowledge of data privacy and security laws
  • Working knowledge of ServiceNow application
  • Position requires strong PC skills including Microsoft Excel, Word, Power Point
  • Strong ability to multi-task and prioritize
  • Experience working both independently and in a collaborative environment
  • Skill set includes leadership, problem solving, critical thinking, decision making abilities, organizational skills, and excellent communication skills (oral and written)
  • Able to travel domestically and internationally up to 10%

PREFERRED QUALIFICATIONS

• Certified Information Privacy Professional (CIPP)
• Knowledge of global privacy regulations (GDPR, CCPA, Brazil LGPD)
• Knowledge of audits (PCI, CMMC/DFARS, SWIFT)
• Knowledge of the following frameworks:
• NIST-Privacy
• NIST-Cybersecurity