The Security & Privacy Specialist provides internal consulting on Security & Privacy (S&P) considerations for business solutions by performing risk assessments and providing recommendationsfor compliance and operational effectiveness. Additionally, the S&P Specialist is a key contributor to the development of the S&P program and manages S&P inquiries and incidents as assigned.
Manager – Security & Privacy
- Problem Solving & Analysis
- Attention to Detail
- Presentation skills
S&P Consulting (40%)
S&P Program Development (30%)
- Provide S&P guidance, expertise and knowledge in support of organizational initiatives and projects.
- Partner with business owners and IT project teams to ensure S&P best practices are integrated at the application design stage.
- Perform S&P review of projects following quarterly risk assessments.
- Interface and communicate with S&P committee members.
- Monitor, evaluate and assess S&P internal controls to ensure compliance and effectiveness.
- Ensure monitoring, detection and response to S&P incidents, breaches and alerts and coordinate any required corrective actions including legal and senior management involvement with IT Project Management.
- Act as key S&P liaison by working with business groups, outside consultants, vendors, auditors, and others to assist with related S&P inquiries (internal or external), reviews or audits.
- Contribute and advise IT and other departments on the overall S&P risks related to various platforms for delivery of IT solutions and technology.
- Track to ensure deadlines set are being met.
- Escalate issues to S&P Manager as appropriate.
S&P Incident and Inquiry Analysis (20%)
- Assist with annual risk assessments by interviewing and gathering information from stakeholders, IT and others as needed.
- Contribute to the development and writing of risk management policies and procedures by researching, gathering information and validating content.
- Contribute to the development of operational guidelines to promote effective and efficient S&P processes.
- Communicate and educate business owners, stakeholders and others on risk management and S&P processes and procedures.
- Develop project plans, and manage S&P project tasks as appropriate.
- Monitor risks, prepare reports and provide early warning of changing and emerging S&P risks.
- Create S&P materials and presentations.
- Stay abreast of internal and external trendsCommunicate with S&P committee members and make recommendations.
- Communicate with S&P committee members and make recommendations.
S&P Finding Follow-up and Reporting (10%)
- Assist in managing S&P incidents and inquires through coordination, administration and/or collection
of documentation to ensure timely follow-up and resolution.
- Communicate with business owners and leadership regarding status, due dates, documentation and related items for S&P findings.
- Assign due dates and follow-up to ensure timelines are met.
- Lead meetings to obtain documentation and to perform preliminary scan.
- Prepare, review, and organize work paper documentation to support conclusions and make available to third parties as appropriate.
- Track, monitor activities and status.
- Prepare status reports to submit to Management.
- Quality 30%
- Productivity 25%
- Project Management, Planning, Follow-up, and Follow-thru 25%
- Client Relationships 15%
- Teamwork 10%
- Managing/Developing Self 5%
- Bachelor’s Degree in business, IT, accounting or related field.
- Minimum of 4 years of experience in the IT Audit or S&P field(s)
- Proficiency in Microsoft Word, Excel and other business and auditing software (TeamMate) used to prepare reports, memos, summaries, and analyses.
- Ability to organize and manage to deadlines.
- Firm foundation in S&P risk and control principles and the ability to include privacy principles in the framework.
- Motivated to learn information systems, audit processes, and S&P concepts.
- Able to make sense of ambiguity and devise innovative solutions.
- Attention to detail and ability to learn new operations quickly.
- Ability to work independently.