Title: Privacy Analyst
Hub Locations: Atlanta, GA; Columbus, OH; Dallas, TX
Remote/Hybrid/Onsite: Remote Position
POSITION DESCRIPTION
The Privacy Analyst will report to and work with the Sr. Director – Privacy to support McKesson's enterprise Privacy Notice Program within the Global Privacy Office (GPO). This position serves as the primary operational owner of the Privacy Notice Program and is responsible for coordinating the drafting, review, approval, implementation, maintenance, and ongoing monitoring of privacy notices across McKesson's businesses, websites, applications, and digital platforms. This role serves as a critical role to McKesson’s enterprise privacy compliance program.
This position works closely with other members within the GPO, Legal, Business Unit Compliance teams, Cybersecurity, Digital Marketing, and other stakeholders to promote compliance with privacy requirements and evolving regulatory obligations.
This role plays a critical role in McKesson's enterprise privacy compliance program by providing oversight of privacy notice governance, monitoring regulatory developments, coordinating cross-functional stakeholders, and supporting other strategic privacy initiatives.
Duties and Responsibilities Include
- Serves as the primary administrator and operational owner of McKesson's enterprise Privacy Notice Program
- Leads the end-to-end lifecycle of privacy notices, including intake, drafting, review, approval, publication, maintenance, and retirement
- Coordinates with Business Units, legal, compliance, cybersecurity, digital marketing, and technology teams to maintain accurate and compliant privacy notices across websites, applications, portals, and other digital properties
- Monitors regulatory and industry developments affecting privacy notice requirements and works with stakeholders to implement necessary updates
- Partners with the Digital & Data Assets (DDA) Legal team to evaluate scoping decisions for U.S. privacy laws, applicability, and content requirements for privacy notices
- Tracks privacy notice inventories, renewal requirements, approvals, updates, and reporting metrics
- Leads and/or participates in Business Unit working groups related to privacy notice enhancements
- Identifies risks and escalates privacy compliance concerns to GPO Leadership and through Speak Up mechanisms, as appropriate
- Assists with privacy training initiatives, such as but not limited to Data Privacy Day
- Supports additional GPO projects and strategic privacy initiatives as assigned
Minimum Requirements
- 2+ years’ experience with work experience in health care privacy, compliance and/or the management of privacy projects and programs
Critical Skills
- Experience administering privacy notices or website compliance
- Experience drafting, reviewing, and maintaining transparent consumer disclosures
- Familiarity with U.S. privacy laws and healthcare privacy compliance
- Exceptional attention to detail and organizational skills with strong project management background
- Ability to identify and escalate privacy compliance risks
- Ability to manage large inventories of compliance-related information and track workstreams
- Experience working cross-functionally with legal, compliance, marketing, technology, and business stakeholders
- Emphasis on attention to detail to track progress in a systematic manner
- Ability to manage multiple priorities at one time
- Effective interpersonal, communication and presentation skills, both written and orally, including the ability to communicate at all organizational levels
- Responds to communication timely, proactively and positively
- Reputation for exercising the highest integrity
- Flexibility to adjust to changing priorities and tolerance for ambiguity
Education
- Bachelor's Degree required. Preference given to those with healthcare or legal background.
Certifications/Licensure
- CIPP and/or PMP certification desired
Physical requirements
- Typical office environment
- Occasional travel
Must be authorized to work in the US. Sponsorship is not available for this position.