-
Job Description
We're looking for a candidate to fill this position in an exciting company.
- Review and negotiate both client and vendor agreements accounting for; security, risk, privacy, technical operations, data governance and compliance in order to enable projects and client engagements.
- Monitor and evaluate changes to applicable privacy, data protections laws and other applicable industry standards rationalizing requirements, making recommendations and evangelizing change when appropriate.
- Partner with teams and data stewards to coordinate and perform various audits and assessment (PIA, DPIA, Data Inventories, etc.) as needed to ensure ongoing compliance and appropriate risk management ( internal and external).
- Serve as the primary point of contact and conduit for the internal business in EMEA regarding data privacy operations, technical operations, best practices and service enablement.
- Work with US team to transform, optimize and further strengthen current processes, technology, posture and scale in order to support future state.
- Lead applicable programs and projects from initial concept through the full project lifecycle embedding key principles such as privacy and security by design.
- Partner with teams to further expand our privacy operations and governance framework.
- Collaborate with the Information Security team to provide guidance and raise employee awareness regarding data privacy and security risks and provide relevant training.
- This role requires travel to clients and FTI offices.
- Bachelor's degree required. Additional relevant advanced degree(s) (e.g. Solicitor, Juris Doctor, master’s in legal studies) highly preferred.
- 8+ or more years of applicable work experience with at least 5 of those years in information technology, information security and/or operational risk management in the context of enterprise IT systems and specifically, SaaS, IaaS or hybrid cloud environments.
- 1+ years’ experience procuring, navigating, and reviewing commercial agreements involving complex data protection schedules, cross border data transfers and operational service levels.
- Expert knowledge of EU/ US data privacy and data protection regulation and hands on experience applying these to enterprise information assets and operational approaches related to data protection.
- Knowledge and continued interest in major regulatory and compliance frameworks NIST, ISO 27001, ISO 27018, PCI DSS, HIPAA, etc.
- Ability to develop and maintain strong partnerships and influence across organizations at all levels without direct reporting relationships.
- Confidence and demonstrated experience to make complex decisions at pace in a rapidly evolving environment; ability to diplomatically identify noncompliance even if unpopular.
- Ability and desire to take initiative, work with autonomy, quickly risk-assess and prioritize based on business value.