American Cyber Security Management (ACSM) is in the business of providing Data Protection Consulting Services to a wide variety of businesses. Our goal is to provide top virtual and contract privacy, Governance, Risk, and Compliance (GRC) talent to businesses who can not afford nor necessarily need a full-time privacy or GRC expert.
American Cyber Security Management is interested in speaking with prior GRC and Privacy Officers who can help us deliver our vision.
Our Data Protection Officer’s (DPO) are involved in all issues relating to the protection of personal data and oversee many data protection and privacy compliance programs that ensure compliance with applicable laws and regulations. They are the primary point of contact for our customers’ employees, suppliers, customers, partners, regulators, and the public at large. They map data flows, conduct risk assessments, product development reviews, vendor monitoring and assessments, and lead training. They are responsible for the daily operations of our customers’ privacy program which includes the development, implementation, and maintenance of policies and procedures, monitoring remediation and program compliance, investigation and tracking of incidents and breaches in compliance with federal, state, and international laws as well as contractual obligations. The following is a list of responsibilities that we deliver to.
Duties and Responsibilities
- Serve in a leadership role for Privacy Program compliance
- Assess global privacy, governance, risk, and compliance needs
- Respond to communications from customers and employees regarding the processing of their personal data and the exercise of their individual data protection rights under privacy programs
- Develop risk-based analysis, taking into account the nature, scope, context, and purpose of the processing. Participate in relevant working groups dealing with data processing activities, including participating regularly in meetings of middle and senior management
- Facilitate Data Protection Impact Assessments (DPIA) activities
- Monitor and report on compliance with the General Data Protection Regulation (GDPR), with other European and national data protection legislation, and the data protection policies and procedures related to the same
- Conduct related audits and assign monitoring responsibilities
- Serve as the point of contact with the relevant Data Protection Authorities
- Coordinate with HR in the development of policies, procedures, and practices for job applicants and staff
- Conduct awareness-raising activities and training the employees on data protection and privacy
- Prepare annual reports of DPO activities
- Create inventories and maintain up-to-date records of processing operations
- Understand liability obligations
Experience
- Bachelor’s degree or equivalent business qualifications. MBA is a plus
- 5+ years relevant working experience and proven record working with privacy and data protection issues for multinational organizations
- At least 20 years management experience with a minimum 10 years specifically in technology protecting, securing, or auditing assets
- Ability to work autonomously and have the integrity and fortitude to defend your decisions
- Proven experience of proactive management of global compliance frameworks and of providing training on compliance frameworks
- Expert knowledge of data protection law and privacy practices, including familiarity with national and European data protection laws and practices as well as in-depth knowledge of the GDPR
- Proven record of successfully engaging with Data Protection Authorities and other regulators on matters concerning data protection compliance
- Excellent written and interpersonal communication skills
- Demonstrated ability to work in a fast-paced environment, prioritizing conflicting demands from multiple business clients, and to make sound decisions on tight deadlines
- Demonstrated ability to find practical, creative, and cost-effective solutions to data protection and privacy issues
- Project management skills working with both internal and external stakeholders
- Ability to understand data security, information technology, development, incident response, and cloud-based architectures
- Experience with customer-facing systems
- Strong background in drafting and negotiating appropriate privacy and security provisions in vendor contracts
- CISA, PMP, CIPP, CIPM, CIPT certificates a plus