Thomson Reuters is seeking a HIPAA and Regulated Data Risk Analyst to join our General Counsel's Office. Reporting to the Assistant General Counsel, Privacy & Cybersecurity, this role presents an exciting opportunity to help develop and implement technology driven initiatives to help operationalize privacy compliance for Thomson Reuters globally, with a primary focus on HIPAA and other global privacy laws and global cybersecurity laws governing the handling of sensitive data.
Requirements
- Law degree preferred and/or Bachelor’s degree in Law, Information Systems, Computer Science, Cybersecurity, or a related legal and technical field.
- Relevant privacy certification, such as IAPP’s Certified Information Privacy Professional credential (CIPM, CIPP), Certified Information Systems Security Professional (CISSP).
- 3–5+ years of experience in a technical privacy, cybersecurity, or compliance role, preferably in a SaaS environment.
- Conducting privacy reviews including drafting and reviewing customer, partner, and vendor data protection agreements.
- Strong understanding of HIPAA Privacy and Security Rules and technical implications.
- Hands-on experience implementing HIPAA technical safeguards (e.g., encryption, access controls, audit logging).
- Experience with automation tools (e.g., Python, PowerAutomate) and AI/ML frameworks for compliance use cases.
- Familiarity with cloud platforms (e.g., AWS, Azure, GCP) and their native security/privacy controls.
- Experience with data governance tools, SIEM systems, and privacy-enhancing technologies (PETs).
- Proficiency in scripting and automation for compliance tasks.
- Knowledge of data classification, retention, and lifecycle management.
- Experience with privacy impact assessments (PIAs) and risk assessments from a technical perspective.
- Ability to interpret legal and regulatory requirements into system-level controls.
- Experience with FedRAMP, NIST 800-53, or other government data handling frameworks would be beneficial.
- Experience in advising product and technology teams on privacy obligations relating to the processing of sensitive data, including implementing privacy by design requirements.
Benefits
- Flexible vacation
- Two company-wide Mental Health Days off
- Access to the Headspace app
- Retirement savings
- Tuition reimbursement
- Employee incentive programs
- Resources for mental, physical, and financial wellbeing
