Sr. Cybersecurity Analyst, Data Privacy & Compliance


Grounded in versatility and powered by a styling community, Express is a modern, multichannel apparel and accessories brand whose purpose is to Create Confidence & Inspire Self-Expression. Launched in 1980 with the idea that style, quality and value should all be found in one place, Express has been a part of some of the most important and culture-defining fashion trends. The Express Edit design philosophy ensures that the brand is always 'of the now' so people can get dressed for every day and any occasion knowing that Express can help them look the way they want to look and feel the way they want to feel.

The Company operates over 500 retail and outlet stores in the United States and Puerto Rico, the online store and the Express mobile app. Express, Inc. is comprised of the brands Express and UpWest, and is traded on the NYSE under the symbol EXPR. For more information, please visit .


We are looking for a Senior Cybersecurity Analyst, Data Privacy & Compliance to join our retail organization headquartered in Columbus, OH. The candidate will assess and lead the organization in understanding the current risk exposure and identify actions that would be required to remain compliant with programs such as CCPA, CPRA, GDPR, PIPEDA, PCI-DSS, and SOX. This position can be a remote opportunity with occasional travel to the headquarters as needed. Ideal candidates will have experience with interviewing different system owners, creating standardized data mapping and data flows, reporting findings, and recommending process improvements. This is a critical initiative for the entire company and we are looking for someone who takes intitiative, builds processes, successfully engages with business stakeholders, and can get up to speed quickly!

Key Responsibilities

• Develop and implement personal data governance enterprise-wide to ensure that the personal data lifecycle is identified, data flows are visualized, and data mapping inventory is maintained. Engage with business stakeholders to ensure controls are in place to mitigate privacy risks
• Create privacy and compliance frameworks that include personal information asset inventory management, data subject rights process, training and awareness, and incident response
• Extensive knowledge of privacy and compliance requirements (CCPA, CPRA, GDPR, PIPEDA, PCI-DSS, SOX) and new laws/privacy trends, risk assessment and mitigation practices, auditing procedures, and incident response resolution
• Proficient in data analysis, documentation, reporting and project management
• Strong understanding of data elements, data sources, data storage/inventory, data flows/lineage, and data processes
• Experience in data strategy definition, data governance, data privacy, query languages/coding and workflows
• Collaborate with Business Directors, System Owners, Managers, and Stakeholders to define expectations including needed security requirements
• Provide accurate and thorough estimates of time and resources necessary to complete security efforts
• Ability to translate compliance, privacy, audit technical issues into actionable guidance to inform senior technology leadership
• Take part in the full software development lifecycle (SDLC): design, development, testing, deployment, and maintaining
• In all phases of the SDLC, able to engage and provide recommendations to experts of cross functional disciplines
• Coach and mentor junior analysts

• 5+ years of experience as a privacy analyst overseeing programs like CCPA, PCI-DSS, and SOX
• 5+ years of experience in data privacy working with teams in a dynamic environment to promote/implement data requirements throughout the organization
• Strong understanding of retail domain
• Experience working in cloud environments and understanding of cloud infrastructure (Google Cloud or Amazon)
• Experience with privacy technologies
• Experience working with on-site and off-site development teams, coordinating work, expectations, and delivery
• Four-year degree in Computer Science or an equivalent combination of course work and job experience

• Possesses and demonstrates curiosity
• Ability to proactively identify opportunities for process and efficiency improvements
• Demonstrates excellent communication skills to both technical and non-technical personnel
• Possess the art of negotiation to drive to end state needs
• Ability to clearly articulate and drive alignment across mutliple teams and departments
• Ability to create and describe project estimations with assumptions and risks
• Ability to work in a fast-paced environment while managing multiple responsibilities
• Executes with limited to no supervision; self-motivated and self-directed


As an equal opportunity employer, Express does not discriminate in hiring or terms and conditions of employment on the basis of any federal, state, or locally protected class. Express only hires individuals authorized for employment in the United States.

Notification to Agencies: Please note that Express does not accept unsolicited resumes or calls from third-party recruiters or employment agencies. In the absence of a signed Master Service Agreement and approval from HR to submit resumes for a specific requisition, Express will not consider or approve payment to any third-parties for hires made.