CrossCountry Consulting is currently seeking an Information Security, Data Protection & Privacy Lead located in McLean, Virginia.
The Information Security, Data Protection & Privacy Lead is a critical position within the organization responsible for managing the firm's Technology, Cybersecurity & Privacy book of work and driving high priority initiatives to completion. You will also be responsible for managing the day to day relationship with the firm's third-party IT Provider serving as the main point of contact for IT and Security related matters.
In this role, you will enable and transform the risk management, compliance and security capabilities of the organization. CrossCountry is investing in these areas to address the evolving cybersecurity threat landscape, as well as regulatory compliance requirements as the company continues to grow. Working closely with the stakeholders across the organization, this position will be responsible for building and enhancing the Technology, Cybersecurity and Privacy infrastructure to raise the overall security and compliance posture for the firm. This individual will be directly responsible for implementing, maintaining and improving policies, procedures and internal controls to assure compliance with applicable regulatory and legal requirements as well as best practices. Please reach out to Oonagh Clarke, Talent Acquisition Manager on email@example.com if you have any questions
Manage the organization's Technology, Cyber & Privacy book of work , partnering with the firm CISO, COO, and CFO to set priorities and deliver high priority initiatives on time and in budget
Complete client security questionnaires ; identify and prioritize gaps in corporate infrastructure upon reviewing client questionnaires
Review and redline client data security agreements
Ensure appropriate and accurate responses to audit queries are satisfied in a timely fashion
Maintain CrossCounty's Information Security Policies and Information Security Standards
Document required risk and compliance policies and procedures as indicated in the book of work
Manage the Incident Response program, responsible for managing technology and security incident response and mitigation efforts through to completion
Operate Technology and Vendor Risk Management program , including conducting technology and vendor security and risk assessments;
Manage the relationship with the firm's third-party IT provider , ensuring strategic IT project initiatives are delivered on time and in budget
Manage the IT Approvals inbox, responsible for approving or declining employee technology requests
Maintain relationships with third-party technology vendors including annual contract reviews and negotiations
Continue to raise awareness of the firm's Information Security obligations and legal requirements by developing and conducting firm-wide training, including Phishing Campaigns and the Annual Mandatory Security Awareness training
Drive the implementation and ongoing management of new data privacy regulations that have an impact on CrossCountry including GDPR and CCPA
Must stay current with industry, regulatory, and legal requirements relevant to security, compliance, and privacy.
Desired skills,experience and qualifications
Minimum of 8+ years of related experience in data-driven and security-focused business. Relevant experience within a consulting organization is preferred.
Understanding of security functions including: Incident Management, Change Management, Identity and Access Management, and Vendor Security Risk Management.
Knowledge of data privacy regulations including CCPA and GDPR is a must; hands-on experience with GDPR or CCPA analysis and implementation is preferred
Solid understanding and experience with Information Security practices, principles, and techniques
Experience writing policies and procedures
Experience with contract administration
Ability to demonstrate excellent Project Management skills
Understanding of the components of a comprehensive security and /or privacy program, including governance, policy, organizational design, awareness and training, architecture, technologies, processes, and controls
Working knowledge of security and internal controls, risk management
Professionalism and discretion in interacting with executives and clients
Polished verbal and written communication skills
Excellent organization and time management skills
Enthusiasm, entrepreneurialism, and a great sense of humor!
CrossCountry Consulting is a trusted business advisory firm that provides customized finance, accounting, human capital management, risk, operations and technology consulting services to leading organizations facing complex change. We partner with our clients to help them navigate pressing business challenges and achieve goals related to improving operations, minimizing risks and enabling future growth.
Our people are our most valuable asset and our individual differences are our greatest strength. Join our team where Excellence is a priority, Collaboration and teamwork are the norm, Energy is contagious, and the opportunity to make an Impact is endless.
CrossCountry Consulting provides equal employment opportunities (EEO) to all employees and applicants and believes that respect and fair treatment are critical to creating a productive, diverse, and inclusive workplace. As an equal opportunity employer, CrossCountry is fully committed to comply with all federal, state, and local laws. All qualified applicants will receive consideration for employment without regard torace, color, religion, age, sex, national origin, disability status, pregnancy, genetics, sexual orientation, protected veteran status, gender identity or expression or any other characteristic protected by federal, state or local laws.
CrossCountry Consulting is a trusted business advisory firm that provides customized finance, accounting, human capital management, risk, operations, and technology consulting services to leading organizations facing complex change. We partner with our clients to help them navigate pressing business challenges and achieve goals related to improving operations, minimizing risks, and enabling future growth. Our people are our most valuable asset and our individual differences are our greatest strength. At CrossCountry, we embrace and value our individual experiences, capabilities, talents, and perspectives by fostering and promoting a culture of diversity and inclusion. Join our team where Excellence is a priority, Collaboration and teamwork are the norm, Energy is contagious, and the opportunity to make an Impact is endless.