M+E Technology Job Board

Security Risk and Compliance Manager

Alvarez & Marsal

We are looking for a Security Risk and Compliance Manager to join the Information Security Team at Alvarez & Marsal. If you are someone that has a passion for Information Security & Privacy as well as, process improvement, automation, and efficiency, then this is the job for you. This role is focused on developing and improving our internal risk & compliance processes at A&M primarily in the fields of information security and data privacy.

Responsibilities

GDPR Compliance

Provide advice and the information across the firm with regards to data protection obligations under the GDPR and other Privacy Regulations.
Maintain knowledge and understanding and the ongoing development of privacy compliance regulations including ePrivacy Regulation.
Ongoing development of A&M’s Data Privacy Framework, including development and implementation of policies and procedures that align with ISO 27001 standards and with data processing standards applicable to A&M’s processing of personal data under GDPR.
Monitor the performance of, and compliance with A&M’s Privacy Compliance Framework
Act as a contact point for the Supervisory Bodies across Europe.
Co-operate with the Supervisory Bodies, including during prior consultations under Article 36, and consult on any other matter
Support the implementation on adherence to the principle of Information Privacy by Design and Default for all new and existing IS systems

Oversea Data Privacy Impact Assessment (DPIA) process supporting the business in the performance of DPIA’s review and provide recommendations in response to completed DPIA’s
In collaboration with Legal Counsel review all new processing of personal data to establish the Lawful Basis of Processing
Where necessary undertake Legitimate Impact Assessments
Maintain A&M’s record of processing in accordance with Article 30 of the GDPR.
In collaboration with Legal Counsel review all external engagements to verify appropriate Data Processing Agreements are in place between A&M and external parties

Work closely with business stakeholders globally to apply heightened security procedures designed to safeguard information based upon risk. Assess and improve such procedures in coordination with cross-disciplinary stakeholders including IT, Finance, Legal, Engineering, Internal Audit, and A&M business units.
Manage audit requirements and deliverables related to various contractual and/or regulatory standards (i.e. ISO 27001, HIPAA, GDPR, etc.).
Support potential clients and customers by answering inquiries (RFP/RFI) regarding A&M’s data security and privacy practices. Coordinate responses to customer questionnaires by working with internal stakeholders.
Assist with the review of Master Service Agreements and Statements of Work for appropriate security and privacy language.
Work on third-party risk assessments and compliance requirements for A&M’s vendor risk program and manage the review cycle.
Assist with coordinating security and privacy awareness training throughout A&M.
Understand/analyze IT security threats, understand risk, articulate operational impact and work as part of a team dedicated to achieving and maintaining compliance to all applicable regulations.
Recommend, develop and implement compensating controls to remediate or mitigate known risk and vulnerabilities to an acceptable level. Work with stakeholders to coordinate remediation projects as required and report on progress to management.
As a member of the A&M’s Global Security Office, your position may include other responsibilities in the information security program such as assisting with vulnerability scan remediation and updating risk assessments.

Requirements

BA or BS or a higher degree in a technical or related field or an equivalent combination of training and progressively responsible experience in lieu of a degree
4+ years working with the one or more of following compliance & frameworks: ISO 27001, SANS Top 20, Privacy Shield, PCI, HIPAA, DPA, PECR.
4+ years of meaningful work experience across engineering and IT organizations, including security incident response, threat analytics, security operations, and security risk management
Working knowledge of common audit and compliance tools. Experience with a Governance/Risk/Compliance (GRC) platform is a plus.
Demonstrated ability to operate effectively at a dynamic company and embrace change
Technical aptitude and extreme attention to detail
Excellent spoken and written communication skills

Preferred Skills and Experience

CIPP/E (2018) or Certified GDPR Practitioner (Highly advantageous)
Certified ISO 27001:2013 Auditor or Certified Lead Implementor (Highly advantageous)
CISA, CRISC preferred certification
CISSP or similar certification is a benefit but not a necessity
Familiarity with cloud technologies (such as Azure, AWS)
ITIL Foundation
Onetrust Privacy Management Systems

Additional Information

Competitive pay and benefits
An environment in which you can balance great work with a great life
Firm with employees in over 60 offices worldwide
Some travel may be required