The Analyst of Data Risk Audit is responsible for maintenance of an enterprise-wide Data Governance framework to support company strategy related to identification, protection, retention, privacy, and ongoing control of Affinion sensitive data. This position will act as the primary point for hands-on risk-based assessment, improvement/remediation planning and governance of sensitive data within our business and technical processes and provide direction for implementation and oversight of company data governance policies, standards, and practices.

Duties and Responsibilities:

· Analyse and develop data element usage view across the enterprise processes and systems

· Create and document data risk models to identify need to rationalize data controls

· Establish standardized protocols for business/operational data use, privacy, and protection

· Develop actionable and timely remediation planning

· Monitor and report progress within developed project planning

· Validate security architecture design within compliance environment to ensure appropriate controls to protect Affinion sensitive data

· Provide consultive expertise, including evaluation of processes to validate risk

· Maintain archives of process narratives, control descriptions, testing methods and materials

· Identify and recommend areas for process improvement

· Track and report function metrics

· Meet or exceed published service levels

· Assist with Client Audit questionnaires and other risk-based disciplines within Information Protection as assigned

· Support consumer privacy from an operational and regulatory view.

Required Experience and Skills:

· BA/BS or equivalent experience

· Experience in audit and risk management

· Process and quality orientation with attention to detail

· Understanding technology for a variety of hardware and software platforms (desktop, server, and networking equipment)

· Comfortable with change and quick to adapt and learn new requirements

· Strong communication skills both verbal and written across all levels of the organization

· Understanding of information security management risk / ISO 27000 standards

· Strong organizational skills with attention to detail