Privacy Program Analyst
EPITEC
Job Description
Role: Privacy Program Analyst. Work Type: W-2 Long Term Contract. Pay Rate: 70-80$ Hourly with Benefits and PTO.
Start Date: August 2026. Location: Los Angeles, CA. The Privacy Program Analyst works under the direction of the Chief Privacy Officer or user agency personnel and supports the Countywide Privacy Program and data protection initiatives, with a particular focus on the Countyâs access to and use of Personally Identifiable Information (PII) within the organization.
The Privacy Program Analyst will perform assigned privacy compliance auditing and monitoring functions, assist with the development and enhancement of privacy policies and procedures, perform tasks associated with Privacy Impact Assessments and thirdâparty vendor privacy risk assessments, participate in the review and update of Privacy Awareness training and educational activities, and perform tasks associated with the investigation of privacy incidents, breach notification actions, and/or privacy policy violations. The Privacy Program Analyst is responsible for having knowledge of federal and state privacy laws and regulations (strong focus on California); will evaluate situations against those laws and regulations; determine key business issues and execute appropriate plans from multidisciplinary perspectives; perform tasks associated with incident management programs; understand internal auditing standards; review organizationâs existing privacy policies and procedures for compliance and update draft policies and procedures as necessary; and perform and evaluate Privacy Impact Assessments (PIAs), privacy risk assessments, and thirdâparty vendor privacy risk assessments. The Privacy Program Analyst will work with and maintain confidential information, be organized to analyze and synthesize information quickly, and be able to work independently in a fastâpaced environment; conduct and interpret qualitative/quantitative analysis.
Skills Required Knowledge and experience in customer service. Decision making. Flexibility.
Interpersonal skills. Organizational awareness. Written and oral communication.
Planning and evaluating. Analysis and risk management. Independence.
Proficiency in Microsoft Office and Adobe Acrobat software. Additional Skills Required Ability to analyze and map PHI/PII data flows, intake points, and operational workflows. Strong understanding of technical safeguards including MFA, encryption, logging, leastâprivilege access, and workstation security fundamentals.
Ability to interpret system access control lists, audit logs, and basic security configurations. Skilled in developing SOPs, operational checklists, and implementation tools to translate policies into actionable workflows. Knowledge of HIPAA governance structures, escalation frameworks, and privacy decisionâmaking workflows.
Ability to support vendor dueâdiligence processes, including review of SOC 2 reports, dataâprotection documentation, and BAA requirements. Strong communication and trainingâdevelopment skills (creating modules, job aids, and scenarioâbased learning materials). Project management skills, including tracking milestones, managing dependencies, and supporting large multiâphase compliance projects.
Proficiency in privacy audit methods, monitoring dashboards, and continuousâimprovement tracking. Ability to work crossâfunctionally with IT, HR, Contracts, Legal, Operations, and Executive leadership. Experience Required Minimum of two (2) years of experience with a focus on privacy program functions, including privacy policies and procedures development, privacy governance, performance of PIAs, thirdâparty vendor risk assessments, incident response investigations and breach notification laws/regulations, privacy compliance audits, and programmatic and operational privacy experience. 2 years of experience conducting full PHI/PII workflow mapping across multiple divisions or departments. 2 years of experience supporting technical safeguard implementation projects (e.g., access controls, endpoint protections, encryption, system logging). 1 year of experience contributing to or supporting a HIPAA or privacy governance committee, including drafting charters and escalation procedures. 2 years of experience converting policy requirements into operational procedures, staff instructions, and roleâbased workflows. 2 years of experience conducting handsâon breach investigation including HIPAA and governing breach notification requirements. 2 years of experience conducting vendor privacy/security risk assessments, including reviewing cybersecurity certifications and contracting documents. 1 year of experience developing or maintaining workforce privacy/HIPAA training programs. 2 years of experience supporting or coordinating largeâscale compliance implementations or operational transformation initiatives. 2 years of experience conducting internal privacy audits, monitoring activities, or designing metrics for compliance tracking. 2 years of experience collaborating across highâcomplexity environments involving IT, HR, program operations, contracting, and compliance staff.
Education Required This classification requires the possession of a bachelorâs degree or higher. An advanced degree, such as a Masterâs in Business or Healthcare Administration, Juris Doctor, Master of Laws (LL.M), or a Certified Information Privacy Professional/United States (CIPP/US) or Certified Information Privacy Manager (CIPM) certification, may be substituted for one (1) year towards the minimum years of qualifying experience. #J-18808-Ljbffr