true Data Privacy Senior Consultant
CDW Company, is one that delivers a unified approach to addressing data risk through a unique combination of consulting service offerings. CDW has brought together industry-leading expertise in cyber security, identity governance, and access management, data privacy and analytics, internal audit, and hands-on training services, giving companies all that is needed to plan and develop effective risk and security programs. By integrating these services, we provide our clients with the flexible support they need to protect and leverage data across any part of their organization. Simply put, CDW is the next generation of risk management.
Our Privacy team has developed and implemented data privacy and information security programs for some of the nation's largest and most complex organizations. Our clients represent industries in both the public and private sectors, including state and local government agencies, domestic and global technology firms, global retail chains, financial services firms, and healthcare organizations.
The Data Privacy Senior Consultant is responsible for providing services related to a broad range of privacy disciplines, including compliance assessments, program design, and policy development. He/She provides high-quality content deliverables, ensuring solutions are implemented as designed to the customer’s satisfaction and approval. Gain a clear understanding of the client's environment, identify client needs, and effectively communicate solutions. The Data Privacy Senior Consultant should have an expert level of knowledge of data protection laws, industry-standard practices, and privacy-enhancing technologies.
Integrate and deliver a wide range of technology solutions, providing high-quality content deliverables, and ensuring solution is implemented as designed to the client’s satisfaction and approval.
Beyond the requirements for a Data Privacy Consultant, also recognizes the opportunities for cross-sales across the CDW organization, reporting them back to the Data Privacy Leadership and the Business development teams. The Data Privacy Senior consultant also conducts advanced and complex privacy-related studies researching current and emerging technologies and changes in Privacy laws and regulations, performs data-backed forecasts, makes recommendations, and presents reports to management.
The Senior Consultant regularly interfaces with customers' technical and business staff, including the project sponsor and stakeholders of projects in more complex engagements. Mentors other consultants to apply consulting, engineering, and legal background knowledge for project design, analysis, and project coordination of services or products.
Work with Professional Services Managers, ATAEs, Project Managers, and customers to manage expectations and timelines for Data Privacy engagements to ensure meeting expectations and commitments.
Maintains client relationships as a trusted Technical Advisor. Serves as a collaborative support across internal teams and clients when necessary, using experience and judgment to communicate effectively to all parties. Serve as technical point of contact on customer engagements. Participates in a variety of sales activities.
- Conducts client project-related privacy (and, where necessary, cybersecurity) risk assessments and privacy audits.
- Reviews privacy and cybersecurity practices and conducts periodic compliance assessments.
- Provides privacy and data protection training and awareness as requested in client engagements or internal workshops.
- Reviews client's potential or actual privacy incidents and coordinates or leads the incident or breach management process.
- Prepares reports and other deliverables that contain strategy, project or technical analysis, and findings in connection with our consulting engagements and communicates those results to the team and client management.
- Assist clients in creating or updating data maps, inventories, and Records of Processing Activities.
- Performs Data Protection Impact Assessments, Privacy Impact Assessments, and Transfer Impact Assessments.
- Operates as a subject matter expert on privacy risks and audits when interfacing with clients or peers, including internal sales and pre-sales resources
- Interacts effectively with co-workers and clients at all levels to foster and maintain strong working relationships.
- Prioritize assigned tasks and workloads as necessary.
- Creates or updates assessment documents when new laws or regulations are promulgated.
- Performs other duties as assigned by management.
Qualifications - Internal
Education and Experience
· Five+ years of experience delivering complex technical Data Privacy assessments and solutions, including planning, development, implementation, and support, or practice of Data Privacy Law.
· Experience interpreting international, federal, and state privacy and security regulations.
· At least five years working with cross-functional teams, technical privacy, and security controls, and operational risk tolerance.
· Experience performing privacy and/or security gap assessments, data maps and inventories, and Impact Assessments.
· Professional knowledge of the international, federal, and state rules, regulations, and guidance related to security and privacy, including but not limited to HIPAA, GLBA, GDPR, and NIST
· Working knowledge of cybersecurity controls as they relate to international, federal, and state rules, regulations, and guidance related to security and privacy, including but not limited to HIPAA, GLBA, GDPR, and CMMC
· Bachelor's degree in business, computer science, a related technical degree,
· Ability to qualify or possess an IAPP CIPP; Ability to qualify or possess an ISC2 CC Certification.
· Intermediate skills in Microsoft Office Applications.
· With minimal supervision of senior Data Privacy team members, performs the following:
· Conduct client project-related privacy ( and, where necessary, cybersecurity) risk analyses and audits;
· Reviews privacy and cybersecurity practices and conducts periodic compliance assessments;
· Provides privacy and data protection training and awareness as requested in client engagements or internal workshops;
· PIAs, DPIAs, TIAs, or other assessments;
· Performs technical and legal research;
· Assists clients in creating or updating data maps, data inventories, and records of processing activities.
· Assists in preparing reports and other deliverables that contain strategy, project or technical analysis, and findings in connection with our consulting engagements and communicates those results to the team and client management;
· With the assistance of others, creates or updates assessment documents when new laws or regulations are promulgated; and
· Performs other duties as assigned by management.
· Possess a fundamental understanding of privacy engineering principles.
· Proven ability to maintain and create technical documentation for assigned project work
· Demonstrated attention to detail and a penchant for accuracy
· History of balancing competing priorities with the ability to adapt to the changing needs of the business while meeting deadlines.
· Aptitude for learning new technology and legal requirements related to Data Privacy and quickly putting them into practical use.
· Juris Doctor from an American Bar Association-accredited law school
· Obtained or working toward the following certifications:
o Certified Information Privacy Technologist (CIPT)
o Certified Information Privacy Manager (CIPM)
o Certified Information Security Auditor (CISM)
o Certified Information Security Manager (CISM)
o HITRUST Certified CSF Practitioner (CCSFP)
o Cyber AB Registered Practitioner Advanced
Valid U.S. driver’s license
Ability and willingness to travel as needed to other CDW locations or client sites, not more than 10%.