Risk Analyst

The incumbent will support Risk Department business operations, special projects, investigations, legal litigation, mitigation development, non-employee access and end user awareness/education.

Job Duties and Responsibilities: 

Supports Risk Department initiatives through workgroup participation. 

Responsible for enterprise business operations, including operational growth and development. 

Works collaboratively on multi-disciplinary workgroups and projects to synthesize, articulate, and document business objectives and requirements. 

Builds credibility, rapport and partners with key stakeholders to provide exceptional customer service and support. 

Maintains effective correspondence and in-person communication. 

Assists with implementation of policies and procedures to support the organization’s risk tolerance. Identify, monitor, and examine activities involving theft, fraud, or official misconduct/policy violations. 

Gathers and organizes information from a cross-functional investigative team. 

Work with Legal and Human Resources on internal and external investigations and on litigation matters using eDiscovery protocols. 

Completes documentation to support findings including legal reports, SBARs, and executive summaries. 

Familiarity with chain of custody protocols, including ability to follow proper computer forensic evidence handling, best practice procedures.

Possesses knowledge of data preservation, acquisition of computing and storage devices either fixed or mobile and more technical forensic investigations. 

Must have technical and nontechnical communication skills (verbal and written), analytical aptitude and project management skills. 

Demonstrates high level integrity and ability to use discretion and maintain confidential information. Other functions and projects as assigned.

• Conduct privacy risk assessments for third‑party vendors by reviewing vendor questionnaires and supporting documentation to evaluate use, storage, and transmission of sensitive organizational data.
• Analyze data characteristics—including data type, volume, sensitivity, and geographic processing locations—to identify regulatory and compliance impacts.
• Identify, document and track privacy risks within Third-Party Risk Management (TPRM) platform to ensure clear articulation of risk, ownership and required remediation.
• Provide privacy subject-matter expertise by interpreting privacy requirements, answering general privacy questions and guiding stakeholders through privacy-related decision-making.

This position is 50% remote, must live within driving distance to a Mayo Clinic Campus

**This vacancy is not eligible for sponsorship / we will not sponsor or transfer visas for this position.

During the selection process, you may participate in an OnDemand (pre-recorded) interview that you can complete at your convenience. During the OnDemand interview, a question will appear on your screen, and you will have time to consider each question before responding. You will have the opportunity to re-record your answer to each question - Mayo Clinic will only see the final recording. The complete interview will be reviewed by a Mayo Clinic staff member and you will be notified of next steps.