About the Role:
We work with corporations, governments, and law firms to meet legal, regulatory, and investigative demands by leveraging our skills to enable our clients to more confidently govern, secure, find, examine, and rapidly understand their data in the context of compliance and risk.
- Review and negotiate both client and vendor agreements accounting for; security, risk, privacy, technical operations, data governance and compliance in order to enable projects and client engagements.
- Monitor and evaluate changes to applicable privacy, data protections laws and other applicable industry standards rationalizing requirements, making recommendations and evangelizing change when appropriate.
- Partner with teams and data stewards to coordinate and perform various audits and assessment (PIA, DPIA, Data Inventories, etc.) as needed to ensure ongoing compliance and appropriate risk management ( internal and external).
- Serve as the primary point of contact and conduit for the internal business in EMEA regarding data privacy operations, technical operations, best practices and service enablement.
- Work with US team to transform, optimize and further strengthen current processes, technology, posture and scale in order to support future state.
- Lead applicable programs and projects from initial concept through the full project lifecycle embedding key principles such as privacy and security by design.
- Partner with teams to further expand our privacy operations and governance framework.
- Collaborate with the Information Security team to provide guidance and raise employee awareness regarding data privacy and security risks and provide relevant training.
- This role requires travel to clients and FTI offices.
- Bachelor’s degree required. Additional relevant advanced degree(s) (e.g. Solicitor, Juris Doctor, master’s in legal studies) highly preferred.
- 8+ or more years of applicable work experience with at least 5 of those years in information technology, information security and/or operational risk management in the context of enterprise IT systems and specifically, SaaS, IaaS or hybrid cloud environments.
- 1+ years’ experience procuring, navigating, and reviewing commercial agreements involving complex data protection schedules, cross border data transfers and operational service levels.
- Expert knowledge of EU/ US data privacy and data protection regulation and hands on experience applying these to enterprise information assets and operational approaches related to data protection.
- Knowledge and continued interest in major regulatory and compliance frameworks NIST, ISO 27001, ISO 27018, PCI DSS, HIPAA, etc.
- Ability to develop and maintain strong partnerships and influence across organizations at all levels without direct reporting relationships.
- Confidence and demonstrated experience to make complex decisions at pace in a rapidly evolving environment; ability to diplomatically identify noncompliance even if unpopular.
- Ability and desire to take initiative, work with autonomy, quickly risk-assess and prioritize based on business value.
- At least one CIPP (US or E), CIPT, CIPM, CRISC, and/or other relevant privacy, information governance, security or data governance certification highly desired
- PMP or other demonstrated project management expertise
- Familiarity and ideally, previous experience with at least one major data governance enterprise platform and a CLM