Security consultant - data privacy and protection at DXC Technology

Job Description:

The job holder is primarily responsible for ensuring data protection by design and by default and that there are appropriate control frameworks and processes in place for Data Protection and Privacy within each client business environment to enhance maturity and aid compliance with legal, regulatory and commercial obligations.

Role Description:

We are looking for an experienced, highly competent and motivated Privacy and Data Loss Prevention (DLP) consultant to join the Data Protection & Privacy Practice.
The role is focused on providing consultancy and delivery of analysis and advisory services to clients in all Data Protection and Privacy related matters and aligning business processes and projects with associated laws, regulations and commercial obligations. This includes the use of DLP solutions to provide appropriate security as our clients increasingly use cloud-based solutions.
The position is to orchestrate and assess the privacy maturity (data protection by design) of client offerings, solutions and/or services and provide independent oversight, support risk remediation in relation to regulatory and commercial privacy requirements through:
  • Advising on and enhancing the data protection and privacy maturity of enterprise-wide client environments.
  • Advising on the use and maturity of cloud-based solutions such as Microsoft Information Protection (O365) as part of the privacy roadmap.
  • Defining and advising privacy vision, locating gaps, develop security architecture and creating prioritized roadmap for privacy maturity.
  • Providing expert guidance on the selection, design, implementation and operation of Privacy controls and Privacy enhancing Technologies. This will include reviews of any existing DLP technologies currently (or proposed) deployed and their integrated governance into the data protection model.
  • Provide guidance in relation to privacy enhancing technologies and solutions including encryption, DLP, Data Classification and data discovery.
  • Where appropriate, advise clients on the use of data classification as part of their privacy architecture.
  • Advising clients on the development and implementation of Privacy policies, processes & support infrastructure
  • Assessing where required that Privacy assurances to regulatory bodies are accurate, up to date and regularly reviewed.
  • Supporting the creation of governance structures for Data Protection and Privacy maturity within client environments.
  • Supporting a management control structure to support client business compliance with country specific data protection and privacy legislation.
  • Working with clients to ensure correct submissions are made to regulatory bodies where required.
  • Working with the client to run inventory audits of personal data held within a client in order to support Data Protection & Privacy processing activity assurance;
  • Facilitating the delivery of Data Protection and Privacy Threshold and Data Protection Impact Assessment and risk analysis and develop appropriate mitigation processes and control framework
  • Supporting the closure of preventative and corrective actions identified in Data Protection and Privacy Impact Assessments
  • Work with clients to develop and implement Data Protection and Privacy governance plans.
  • Supporting reviews of 3rd party contracts for and assurance of Data Protection and Privacy clauses in contracts and privacy notices/statements.
  • Working with client in reviewing systems, procedures, processes and provide expert guidance to ensure on-going alignment with Data Protection and Privacy obligations.

Key skills and experience Required:

  • At least 2 years in a Data Protection and Privacy related role
  • Detailed knowledge of privacy and associated data protection laws and regulations including, but not limited to the EU General Data Protection Regulation (GDPR) and associated legislation, UK Data Protection Act 2018
  • Experience in cloud-based environments and in particular Microsoft Information Protection (MIP O365)
  • The ability to provide platform specific guidance in relation to data protection as it relates to MIP O365 and associated supporting platforms
  • Demonstrable knowledge of Data Classification and DLP.
  • The ability to perform audits, assessments and analysis and a working knowledge and understanding of regulatory risk, particularly with regards to data governance and privacy.
  • Knowledge of sector specific privacy obligations such as healthcare, finance etc.
  • Detailed knowledge of global data transfer mechanisms and controls.
  • Knowledge of Cyber and Information Security principles, methodologies and frameworks.
  • Knowledge in information security, ISO 27001, Risk Management;
  • Fluency in both verbal and written English

Certification requirements:

The ideal candidate must possess at least one of the following certifications:

IAPP or BSI

Certified Information Privacy Manager - CIPM
  • Certified Information Privacy Professional Europe – CIPP/E
  • Certified Information Privacy Professional US – CIPP/US
  • Certified Information Privacy Technologist - CIPT

BCS/ISEB

  • Certificate in Data Protection
  • Data Protection Practitioner

Advantage:

  • Certified Information Systems Security Professional - CISSP
  • Certified Information Security Manager - CISM
  • Certified Information Systems Auditor - CISA
  • Certified in Risk and Information Systems Control - CRISC

In return, we offer:

  • Continuous learning and technical training opportunities
  • Great opportunity for professional development in the IT field
  • Part in a team that has established itself as a preferred partner for Hi-tech Services & Support throughout EMEA
  • Competitive remuneration package
  • Medical insurance
  • 4 days additional paid leave (total:24 days)
  • Food vouchers
  • Life insurance
  • Corporate Badge Program
  • Wellness Program

Remember to mention that you found this position on SDU Jobbank