GRC and Privacy Analyst

Propelled Brands

GRC and Privacy Analyst

Carrollton, TX
Full Time
Paid
  • Responsibilities

    Benefits:

    401(k) matching

    Dental insurance

    Employee discounts

    Health insurance

    Paid time off

    Parental leave

    Vision insurance

    Wellness resources

    Who is Propelled Brands Propelled Brands is the multi-brand platform company under which service industry franchise brands operate and grow. Our family of brands currently includes FASTSIGNS®, NerdsToGo®, and MY SALON Suite® all of which have found tremendous success in their respective industries.

    Why Propelled Brands

    We are a growing company that offers a collaborative, caring, and progressive work environment. We provide the tools and training needed to be successful. We have fun, but work hard to support each other and our growing number of franchisees. Come grow with us!

    What We Offer

    Our robust Total Rewards package includes:

    Competitive Pay

    Insurance - Medical, HRA, FSA, Dental, Vision, Life, Disability, Pet Insurance

    Retirement Savings - 401k plan with company match up to 6%

    Generous Paid Time Off - Paid parental leave, volunteer time, holidays and PTO starting at 3 weeks

    Engagement and Wellness Programs

    And much more!

    About the Position We are seeking a skilled and detail-oriented GRC (Governance, Risk, and Compliance) and Privacy Analyst to join our team. The ideal candidate will focus on data privacy compliance and cybersecurity regulations, supporting our organization in maintaining compliance with relevant standards and frameworks. The GRC Analyst will manage our GRC platform, TrustArc, and oversee components including Cookie Consent, Individual Rights Management, Data Mapping, and conduct assessments against frameworks such as NIST, GDPR, and CCPA.

    Essential Functions

    Data Privacy Compliance:

    Ensure ongoing compliance with global privacy laws and data protection regulations including GDPR, CCPA, TCPA (TCR) and others as applicable.

    Oversee Cookie Consent management, ensuring compliance with regulations and maintaining updated consent records.

    Manage Individual Rights Management processes, including responding to data subject access requests and ensuring the organization's procedures support variable jurisdictional requirements.

    Ensure website forms terms of use and privacy notices are reviewed and updated annually or as necessary.

    GRC Platform Administration:

    Administer and maintain the GRC platform (TrustArc or equivalent) to support data privacy and cybersecurity compliance.

    Ensure accurate and timely configuration of the platform, including Data Mapping to track data flows and assets across the organization.

    Conduct regular assessments and audits to ensure compliance with regulatory frameworks.

    Develop and update documentation, policies, and procedures to support compliance activities and audit requirements.

    Cybersecurity Compliance:

    Assist with cybersecurity policy development and implementation, ensuring alignment with frameworks such as NIST.

    Collaborate with the IT security team to identify and mitigate cybersecurity risks, ensuring compliance with established security standards.

    Manages and coordinates the organization's Cyber Incident Response Team (CIRT) to detect, analyze, contain, and recover from cyber security incidents.

    Assess and recommend Cyber tools and solutions to leadership.

    Assessment and Reporting:

    Conduct gap analyses against regulatory requirements and prepare action plans to address deficiencies.

    Prepare reports for management and stakeholders, communicating compliance status and recommending improvements.

    Support audits by providing evidence and documentation to demonstrate compliance with applicable regulations.

    Education and Experience

    Bachelor’s degree in Information Technology, Information Security, Business Administration, Legal Studies, or a related field.

    At least 2-3 years of experience in GRC, data privacy, information security, or related roles.

    Thorough understanding of privacy laws and regulations, such as GDPR and CCPA.

    Knowledge of cybersecurity frameworks and standards such as NIST.

    Experience with GRC platforms, such as TrustArc, including platform configuration and management.

    Strong analytical, organizational, and problem-solving skills.

    Excellent written and verbal communication skills.

    Ability to work effectively both independently and as part of a team.

    Relevant certifications such as CIPP, CIPM, CISSP, or CISM preferred.

    Supervisory Responsibility

    This position does not have any supervisory responsibilities.

    Work Environment

    This job operates in a professional office environment. This role routinely uses standard office equipment such as computers,smartphones, video conferencing, webinars, phones, photocopiers, printers, filing cabinets, shredding and fax machines.

    Physical Demands

    The physical demands described here are representative of those that must be met by a Team Member to successfully perform the essential functions of this job. While performing the duties of this job, the Team Member is regularly required to walk, talk, see and hear. And lift up to 20 pounds.

    Position Type/Expected Hours of Work

    This is a full-time, non-exempt position of at least 40 hours a week, Monday through Friday, between the hours of 7:00 a.m. to 6:00 p.m. Occasional evening and weekend work may be required as job duties demand.

    Travel

    Travel is primarily during business days, out-of-the-area and overnight travel is expected based on individual job responsibilities. Some of the travel may occur on weekends or be international. Company events may include Summits and the Annual Conventions may also include travel. Travel is expected to be less than 10%.

    EEO Statement

    Propelled Brands. provides equal employment opportunities (EEO) to all Team Members and applicants for employment without regard to race, color, religion, sex, national origin, age,

    disability or genetics. In addition to federal law requirements, Propelled Brands complies with applicable state and local laws governing nondiscrimination in employment in every location in which the company has facilities. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training.

    Flexible work from home options available.