Regulatory and Privacy Compliance Analyst

This is a fully remote position, open to applicants in India.

📋 Description

• Oversee the entire lifecycle of essential security, privacy, and compliance policies while coordinating training and attestations.

• Assist in transforming regulatory and contractual obligations into clear policies and mapped controls, including support for privacy impact assessments (DPIAs/PIAs) and governance specific to AI.

• Maintain the comprehensive inventory of policies, standards, and procedures; manage the drafting, review, approval, publication, and version control processes.

• Ensure that policies are aligned with relevant regulations and frameworks and are connected to controls within the GRC platform.

• Organize and oversee mandatory training programs (e.g., security awareness, privacy, AI governance, compliance), including scheduling, reminders, and tracking completion.

• Direct attestation campaigns (e.g., policy acknowledgments, code of conduct sign-offs) and ensure that completion records are kept.

• Collaborate with Legal/Privacy teams to interpret new or updated regulations and incorporate them into policies and controls.

• Assist in privacy and regulatory assessments (DPIAs/PIAs, AI use-case evaluations) by documenting scope, risks, mitigations, and approvals.

• Contribute to compliance materials intended for customers (security overview presentations, standard responses, policy summaries).

• Offer guidance and quick reference resources that aid staff in understanding and adhering to policies.

• Identify and propose enhancements to policy structure, training content, and communication strategies.

⛳️ Requirements

• 3–5+ years of experience in compliance, GRC, privacy, or related areas.

• Proven experience in writing, editing, or maintaining policies and procedures.

• Comprehensive understanding of fundamental security and privacy principles, as well as common regulations/frameworks (e.g., HIPAA, GDPR/CCPA, SOC 2, ISO 27001).

• Excellent communication skills with the capacity to articulate requirements in clear, non-technical terms.

• Experience in planning and monitoring training or attestation initiatives.

• Experience collaborating with legal, HR, or privacy teams on regulatory interpretation.

• Familiarity with DPIAs/PIAs or AI governance processes.

• Relevant certifications such as CIPM, CIPT, CIPP, or similar are preferred.

🏝️ Benefits

• ELLKAY is dedicated to nurturing a collaborative and high-performance work environment that encourages innovation, teamwork, and professional development.