Data Security Consultant
Role: Data Security Consultant
Location: Stamford, CT
Tax Terms: 6-8 Months with possible extension
Team: Information Security
Reports to: VP of Information Security
Purpose: Seeking a strong Info Sec resource to define data processes
- assess what client does
- identify gaps
- build policies
Skills required: SELF STARTER, Knowledge of Information/Data/Cyber security policy and procedures, somewhat technical -- how Active Directory works, Microsoft server file permission, Security folders and file permissions, NIST standards, ISO 27001 frameworks. Incredible documentation skills. Data Management experience in Varonis or sky-high. Understands data mapping/data flows. Experience doing Information Security Audits and/or CISA certification is a huge plus.
Our client is seeking a Data Security Consultant to support the company’s General Data Protection Regulation (GDPR) initiative.
The Data Security Consultant will be responsible for supporting the implementation of global data privacy initiatives which includes, activities related to development of data privacy policies and practices required to meet GDPR compliance.
The role of the Data Security Consultant is to work closely with the designated Data Privacy Program Manager, Information Security and Legal Affairs departments in the implementation of data security controls, development of new policies, processes, guidelines and standards. It is also the responsibility of the Data Security Consultant to work with internal and external stakeholders in supporting data privacy posture.
The successful candidate will have experience and knowledge in Information Security and concepts relating to data management, data security, Secure Software Design Life Cycle (S-SDLC), application and system management and security operations (SecOps).
- Work with global privacy team to develop and ensure consistent application of data privacy policies and practices.
- Provide and support GDPR compliance initiative, including short and long term goals.
- Assist in developing and maintaining privacy compliance program.
- Perform data privacy interviews with internal stakeholders on relevant data flows and mappings.
- Partner with internal clients to implement privacy and security by design, including assisting in identifying and documenting gaps associated with compliance (i.e. GDPR) risks.
- Support and assist with the global GDPR awareness and guidance training program.
- Provide administrative support for project team(s) for compliance initiatives.
- Identify and assess data compliance and data processing risks and opportunities, work collaboratively with all stakeholders to develop and implement appropriate mitigation strategies.
- Identify and communicate information security, compliance and other security issues to internal stakeholders.
- Work with the Information Security and Enterprise Technology departments to implement new policies, procedures and technologies in support of the company’s data security posture.
- Test established data security controls for effectiveness and efficiency.
- Participate and support a Privacy Impact Analysis (PIA). Qualifications:
- Four year degree in computer science or related combined work/education experience.
- Three to five years of experience in information security compliance programs.
- Certified Information System Auditor (CISA) a plus.
- Knowledge in Microsoft Windows Server file permissions and Active Directory Services (ADS).
- Knowledge in IT Infrastructure, Data Management and Data Management Technologies.
- Experience working within a global, IT organization.
- Understanding of applications, databases and data flows, including knowledge of SDLC.
- Ability to analyze complex information and identify key and relevant points, including communicating in a relevant and easy to understand manner.
- Experience with NIST and ISO/IEC 27001 frameworks and audits.
- Practical experience in implementing security policies, procedures and technologies.
- Familiarity with European Data Privacy requirements (e.g. GDPR) a plus.
- Strong verbal and written communication skills.
- Excellent interpersonal skills.
- Strong attention to detail, well-organized, and able to manage time efficiently.
- Team player with ability to deal effectively with individuals at all levels.
- High degree of initiative requiring little or no supervision, sound judgment, and the ability to prioritize assignments, solve problems, and meet deadlines.
- Ability to produce high-quality work in a timely fashion in a fast-paced environment.