Important consulting firm in information technology and cybersecurity, looking for

Data Privacy/Governance

Responsibilities:

• Develop, implement, and manage data privacy and governance policies and procedures in line with global privacy laws (e.g., GDPR, CCPA, HIPAA) and cybersecurity best practices.
• Collaborate with cross-functional teams (including legal, security, and IT) to ensure compliance with data protection and privacy regulations.
• Perform risk assessments related to data privacy and security and provide actionable recommendations to mitigate potential threats.
• Oversee data classification and access control to ensure that sensitive data is properly identified, protected, and handled securely.
• Conduct regular audits and assessments to ensure that data privacy and governance practices are being followed.
• Monitor and assess the effectiveness of the organization's data protection measures and recommend improvements where needed.
• Assist in incident response planning and response related to data privacy breaches or cybersecurity incidents.
• Maintain up-to-date knowledge of evolving data privacy laws, regulations, and cybersecurity trends, advising the organization on compliance obligations.
• Provide guidance and training to employees on data privacy and governance best practices and the intersection with cybersecurity.
• Prepare reports for senior leadership and regulatory bodies on data privacy and governance issues, including compliance audits, risk assessments, and incident management.

Requirements:

• Bachelor's degree in Information Security, Cybersecurity, Law, Computer Science, or a related field.
• Proven experience in data privacy, governance, or cybersecurity, preferably within a regulatory or compliance-focused environment.
• Strong knowledge of data protection laws and regulations (GDPR, CCPA, HIPAA, etc.) and their intersection with cybersecurity practices.
• Experience with data classification, data protection mechanisms, and encryption technologies.
• Familiarity with risk management frameworks, such as NIST, ISO 27001, or similar standards.
• Ability to conduct data privacy impact assessments (DPIAs) and collaborate on cybersecurity risk assessments.
• Strong analytical skills with the ability to interpret complex data privacy and security requirements.
• Understanding of data breach response and the role of cybersecurity in mitigating risks to sensitive data.
• Relevant certifications such as CIPP/E, CISM, CISSP, or other privacy and cybersecurity certifications are highly preferred.