Cyber Risk - Privacy
REMOTE | direct hire
Job description: Cyber Risk – Privacy
Our client, a national consulting firm in the cybersecurity space is looking for an experienced risk and privacy professional to join their practice. This position is a work-from-home role, aside from 30% travel to client sites.
· Work with the client to plan an engagement strategy, define objectives, and address technology-related controls risks and issues.
· Assist clients in planning and executing remediation plans identified in assessment activities.
· Ability to communicate in an organized and knowledgeable manner in written and verbal means – including delivering clear requests for information, developing responses to client requests, and communicating conflicts and risks.
· Ability to manage multiple engagements and competing priorities in a rapidly growing, fast-paced, interactive, results-based team environment.
· Collaborate with team members at all levels in the development and marketing of the privacy service offering.
· Additional duties as assigned.
· Bachelor's degree in Cybersecurity, Information Technology, Computer Science or a related field is required
· 5 + years of related work experience in a similar cybersecurity consulting practice
· Common cybersecurity, privacy or technology industry standards/ regulations (e.g. ISO 27001/27002, NIST 800 series, COBIT, PCI-DSS, ITIL, HIPAA / HITECH, Privacy Shield, GDPR, CANSPAM) especially as it relates to building a program and/or managing internal controls, risk assessments, business process and internal IT control testing or operational auditing.
· Experience working with technical, security controls and operational risk tolerance, conducting privacy and security risk and/or gap assessments and internal privacy audits, reviewing privacy practices, and preparing reports and other deliverables that contain strategy, project, or technical analysis and findings in connection with consulting engagements and communicating those results to the team and client.
· Experience in project management and the ability to clearly communicate data protection and privacy issues verbally on both a formal and informal basis to all levels of client staff.