Sr. Analyst, Digital Risk

Location: Hershey, PA Department: Legal / Privacy & Data Compliance Summary of Role: This position plays a critical role in Hershey's enterprise risk management and privacy programs by managing digital risk assessments driving risk intelligence. Role Responsibilities: • Manage digital risk assessment process including Privacy and AI, working collaboratively with internal and external stakeholders to ensure accurate risk identification and assessment • Primary advisor to the business on Privacy risk and compliance for specific use cases, helping to develop proposed solutions to achieve desired business outcomes while upholding compliance • Support digital risk tracking and remediation planning processes, including proper controls and accountability • Maintain accurate documentation to meet regulatory requirements (i.e. Record of Processing Activities [ROPAs], Data Protection Impact Assessment [DPIAs], Transfer Impact Assessment [TIAs], High risk AI use cases) • Partner with data governance and InfoSec teams to establish enterprise data mapping to enable accurate risk management • Review systems and processes for proper adherence to Hershey data retention, usage, and privacy/AI policies • Effectively communicate and collaborate with all departments and job levels across the enterprise • Ability to facilitate timely collaboration with risk domain owners and proper escalation on high-risk use cases • Lead staff augmentation resources effectively and efficiently Desired knowledge, skills, and abilities: • Experience managing risk assessment processes (i.e. Privacy Impact Assessments [PIA], AI Assessments) • Working knowledge of privacy and AI regulations including technology trends to enable the business on risk mitigation • Experience working in an enterprise Privacy SaaS tool (i.e. OneTrust or equivalent) specifically for PIAs, Risk Management, or Risk Intelligence Minimum Education and Experience Requirements: • Education – • Bachelor’s degree in related field • Experience – • At least 3+ years in privacy and/or risk management required • Privacy certifications (i.e. CIPP, CIPM, or CIPT) and/or risk management certifications strongly preferred • OneTrust application or equivalent tool certifications strongly preferred • Experience in CPG preferred #LI-TL1 #LI-Remote Apply tot his job