Sr. Analyst, Digital Risk

Location: Remote

Note: Must be able to support EST or CST timezone.

Department: Legal / Privacy & Data Compliance

Summary of Role:

This position plays a critical role in Hershey's enterprise risk management and privacy programs by managing digital risk assessments driving risk intelligence. The Hershey Company's Legal department leads these critical initiatives in order to support the business in driving growth and consumer engagement while complying with regulatory and ethical standards.

Role Responsibilities:

• Manage digital risk assessment process including Privacy and AI, working collaboratively with internal and external stakeholders to ensure accurate risk identification and assessment
• Primary advisor to the business on Privacy risk and compliance for specific use cases, helping to develop proposed solutions to achieve desired business outcomes while upholding compliance
• Support digital risk tracking and remediation planning processes, including proper controls and accountability
• Maintain accurate documentation to meet regulatory requirements (i.e. Record of Processing Activities [ROPAs], Data Protection Impact Assessment [DPIAs], Transfer Impact Assessment [TIAs], High risk AI use cases)
• Partner with data governance and InfoSec teams to establish enterprise data mapping to enable accurate risk management
• Review systems and processes for proper adherence to Hershey data retention, usage, and privacy/AI policies
• Support the development of Privacy awareness & training materials for the enterprise
• Develop privacy related reports for leadership and operational use

• Other duties as assigned

Desired knowledge, skills, and abilities:

• Effectively communicate and collaborate with all departments and job levels across the enterprise
• Ability to facilitate timely collaboration with risk domain owners and proper escalation on high-risk use cases
• Lead staff augmentation resources effectively and efficiently
• Experience managing risk assessment processes (i.e. Privacy Impact Assessments [PIA], AI Assessments)
• Working knowledge of privacy and AI regulations including technology trends to enable the business on risk mitigation
• Experience working in an enterprise Privacy SaaS tool (i.e. OneTrust or equivalent) specifically for PIAs, Risk Management, or Risk Intelligence
• Strong problem-solving and analytical skills, able to manage multiple projects under strict timelines, work well in a demanding dynamic environment and meet overall objectives
• Demonstrates collaborative skills and ability to work well within a team while completing tasks and projects autonomously
• Close attention to detail and able to demonstrate task management prowess. Experience leveraging task management systems is a plus (i.e., Asana, Jira, Wrike, Rally or Microsoft Planner)
• Poise and ability to act calmly and competently in high-pressure, high-stress situations
• Possess a high level of personal integrity and the ability to handle confidential matters professionally and show appropriate judgment and maturity
• High degree of initiative, dependability, and ability to work with little supervision
• Proficiency with Microsoft Office Suite, especially Teams, PowerPoint, Excel, Word, and Outlook
• Experience with flowcharting tools, such as Microsoft Visio is a plus

• Strong verbal and communication skills

• Ability to self-organize, prioritize work effectively
• Strong analytical, interpersonal, problem-solving, organizational, and presentation skills
• Self-motivated with critical attention to detail and deadlines

Minimum Education and Experience Requirements:

• Education -




• Bachelor's degree in related field




• Experience -




• At least 3+ years in privacy and/or risk management required
• Privacy certifications (i.e. CIPP, CIPM, or CIPT) and/or risk management certifications strongly preferred
• OneTrust application or equivalent tool certifications strongly preferred
• Experience in CPG preferred

#LI-TL1

#LI-Remote