Manager - Privacy Specialist - Security Services

Deloitte & Touche USA LLP is the U.S. member firm of Deloitte Touche Tohmatsu and services are provided by its subsidiaries, including Deloitte & Touche LLP, Deloitte Consulting LLP, Deloitte Financial Advisory Services LLP and Deloitte Tax LLP. Deloitte & Touche USA LLP’s subsidiaries are among the nation’s leading professional services firms, providing audit, tax, consulting, and financial advisory services through nearly 30,000 people in more than 80 cities. Known as employers of choice for innovative human resources programs, they are dedicated to helping their clients and people excel.Deloitte Touche Tohmatsu is one of the world's leading professional services organizations. The member firms of Deloitte Touche Tohmatsu deliver world-class assurance and advisory, tax and consulting services. With more than 119,000 people in over 140 countries, the member firms serve over one-half of the world's largest companies, as well as large national enterprises, public institutions and successful,
fast-growing global growth companies.  Known as an employer of choice for innovative human resources programs, Deloitte has been recognized as one of the "100 Best Companies to Work For in America" by Fortune magazine for six consecutive years. Our mission is to help our clients and our people excel.


 
Our Enterprise Risk Services (ERS) practice is a global leader in helping clients manage risk from the boardroom to the network. As the largest risk management consulting practice of its kind, we offer a comprehensive array of services designed to help our clients understand business risks, determine acceptable levels of exposure, implement controls, and provide ongoing measurement and monitoring of the risk environment and compliance.
 
Within ERS, the Security Services group was specifically created to address our clients' needs around information protection. We have conducted technical assessments of client networks; security risk
assessments including reviews of administrative, organizational, and physical controls; and security policy and strategy to help build the technology and business risk control architecture for major corporations.  Our practitioners have hands-on experience not only in assessing complex networks and systems, but also in the design and configuration of complex security and privacy controls.  Every professional utilizes our Firm-wide methodology to ensure seamless global engagements.  Deloitte has invested heavily in developing our security  and privacy services capabilities.  We have developed, tested, and refined our methodologies to efficiently provide high-quality and cost-effective services.
A thorough understanding of technologies used to collect personal data.
 
Understanding of security methods and technical elements to protect customer data: i.e. access controls in the operating system, application and network environment, Firewall, IDS, VPN, DMZ, encryption tools, digital certificates,
biometrics, monitoring tools, and experience implementing these solutions.
 
Experience in and understanding of application security (e.g. enterprise HR portals and systems used to support employees in multinational organizations and experience providing adequate protection of that data to support privacy requirements; SAP security,  Peoplesoft security, Siebel security, etc. is a plus).
 
A thorough understanding of database technologies used to store enterprise information. Experience designing, creating, auditing an "opt out" / "customer choice" database is a plus.
 
Experience with directory services in order to support the management of employee or customer privacy preferences. Experience designing, creating or auditing is a plus.
 
Understanding of how software companies can implement programs to support the development of secure code to protect against code development practices that violate customer's privacy.
 
Business Skills:
 
Experience implementing privacy
and security programs. Understanding of how strategic business requirements align with privacy/security requirements. Understanding of organizational requirements and how they drive a compliance program.
 
Strong project management skills, understanding of how privacy relates to business drivers, technical implications, legal, marketing as well as security function in an organization. (Experience with projects that impact policies, processes, stakeholders and systems across the enterprise a plus; e.g. Y2K compliance, BCP, user provisioning, access management or ERP/CRM applications.)
 
Experience in both information systems auditing and consulting.  (Experience in healthcare industries, financial services industries or multinational organizations is a plus.)
 
Experience implementing data classification schemas and assigning assurance levels to information assets.
 
Experience performing risk assessments, using risk assessment software or developing risk assessment tools at the
enterprise level.
 
Experience performing surveys and inventories across globally distributed organizations; including application, database and policy inventories.
 
Direct experience with privacy legislation such as HIPAA, COPPA, FCRA, GLB and EU Data Protection Directive. Experience complying with international privacy regulations in EU.
 
Development of policies or procedures to support an organization's privacy compliance program.
 
Experience performing security gap assessments or privacy gap assessments and producing executive management reports on current practices that expose an organization to privacy or security risks.
 
Experience with an organization's privacy/security due diligence efforts when entering into third party relationships orM &A activities.
 
Experience preparing for and conducting security and privacy audits/reviews (Web Trust for privacy, TRUSTe, BBBOnline)
 
Marketing experience understanding how organizations use customer information
to cross sell products, develop mailing lists etc.
 
Understanding of how General Council Office, Compliance Organization relate to other functions in an enterprise.
 
To be considered for this position the following are essential:
- BA/BS in information technology, business administration, or related field, MS preferred
- Minimum of  five years privacy and information management experience
- Prior Big 5 or other consulting experience desirable
- Prior business development, marketing, or sales experience
- Excellent verbal and written communicationDeloitte & Touche USA LLP and its subsidiaries ("the Deloitte US Firms") are equal opportunity employers.Deloitte refers to one or more of Deloitte Touche Tohmatsu, a Swiss Verein, its member firms and their respective subsidiaries and affiliates. As a Swiss Verein (association), neither Deloitte Touche Tohmatsu nor any of its member firms has any liability for each other’s acts or omissions.
Each of the member firms is a separate and independent legal entity operating under the names “Deloitte,” “Deloitte & Touche,” “Deloitte Touche Tohmatsu,” or other related names. Services are provided by the member firms or their subsidiaries or affiliates and not by the Deloitte Touche Tohmatsu Verein.
Deloitte & Touche USA LLP is the U.S. member firm of Deloitte Touche Tohmatsu. In the U.S., services are provided by the subsidiaries of Deloitte & Touche USA LLP (Deloitte & Touche LLP, Deloitte Consulting LLP, Deloitte Financial Advisory Services LLP, Deloitte Tax LLP and their subsidiaries), and not by Deloitte & Touche USA LLP.
REQUIREMENTS
Please see Job Description