We are the leading provider of professional services to the middle market globally, our purpose is to instill confidence in a world of change, empowering our clients and people to realize their full potential. Our exceptional people are the key to our unrivaled, inclusive culture and talent experience and our ability to be compelling to our clients. You'll find an environment that inspires and empowers you to thrive both personally and professionally. There's no one like you and that's why there's nowhere like RSM.

Data protection / Privacy- Director

In order to address the most critical needs of our clients, RSM US LLP has established the Security, Privacy and Risk Consulting (SPRC) group, comprised of dedicated cybersecurity professionals dedicated exclusively to serving the cyber security and information protection needs of our clients. This group includes experienced consultants located throughout the country dedicated to helping clients with preventing, detecting, and responding to security threats that may affect their critical systems and achieving regulatory compliance related to the handling, processing and protection of sensitive information. We serve a diverse client base within a variety of industries, and we are relied upon to provide expertise within areas of information security risk management, security testing, enterprise architecture, governance, regulatory privacy compliance, and digital forensics.

We are looking to hire a Director for our Security, Privacy and Risk practice, specifically to build and oversee our Data Protection Practice (data privacy). The Director of Data Protection will be responsible for building delivery capabilities and innovating service offerings, while interpreting data protection and privacy laws and cybersecurity risks, through assisting organizations with establishing an effective data protection program designed to safeguard critical assets. This team will focus on assessing, designing and implementing data protection services including data classification, encryption, de-identification, and sensitive data monitoring solutions to enable the data protection transformation vision for data rich organizations.

Responsibilities

• Continue building our data protection practice through expansion of team size and skill sets
• Provide oversight and training to managers and staff during the delivery of data protection services to ensure quality delivery while allowing staff to learn and grow
• Use proven business development skills to acquire additional clients and expand relationships with existing clients
• Identify business opportunities and enhance go-to-market strategies targeting data rich organizations
• Be able to communicate to clients regarding the strategic and tactical risks of data protection, regulatory compliance, breach response
• Assess data protection and privacy maturity and help clients in building and implementing sustainable data protection program
• Support organizations through assessing, developing and implementing information governance frameworks.
• Support clients in designing and supporting their privacy operation processes, technology and guidelines
• Communicate complex technical issues to client senior management through the ability to transform and summarize such data into layman and executive style reports and presentations
• Ensure revenue goals are being met and client service offerings are responsive to the changing needs in the business environment
• Define risk management processes, including data protection impact assessments, and assist draft accompanying policies and procedures

Required Qualifications

• Experience or knowledgeable of practices related to delivering privacy and data protection, breach management or regulatory privacy projects or other similar work.
• Experience or knowledge of practices related to delivering NIST, ISO, Nymity or other similar framework-based privacy reviews based on the client's implementation of a privacy programs.
• Experience with or basic working knowledge of at least some typical privacy program components and common supporting workflows, including but not limited to:
  • Regulatory monitoring
  • Business requirements definition
  • Policy and procedure drafting
  • Data inventory and information flow mapping
  • Privacy risk management
  • Third party vendor management
  • Interactions with consumers / individuals (data subject requests)
  • Incident management and breach notifications
• Bachelor's degree in an information technology, business, or related discipline from an accredited college/university
• 7 years of related work experience in data privacy consulting or equivalent academic experience with a commensurate advanced degree
• Any certification from the International Association of Privacy Professionals, or willingness and ability to obtain one within 90 days of employment
• Willingness to travel up to 30%, including international destinations requiring a passport, on short notice and for potentially extended periods of time
• Technical knowledge and ability to speak to common topics in one or more of the following: network and IT infrastructure, common application and database design, IT governance and risk management, third party management, incident response, knowledge of typical network and IT security components
• Working knowledge of key privacy regulations, including but not limited to, the GDPR, CCPA, GLBA, and/or HIPAA
• Proven people skills demonstrated thorough knowledge and/or a proven track record of success with operating in a professional services firm, large consultancy or similar setting
• Proven ability to effectively collaborate, especially with cross-functional teams

Preferred Qualifications

• Demonstrated record of working with diverse organizational stakeholders, including management, business, marketing, HR, IT, Legal and others
• Advanced degree with a focus on data protection, privacy, or a related field
• Excellent written, oral, presentation skills, innovative thinker
• Certifications related to cybersecurity such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA)
• A proven record of success working seamlessly in a virtual environment to complete projects with team members based in various locations, domestically and globally
• Demonstrates creative thinking, individual initiative, and flexibility in prioritizing and completing tasks, particularly in face of a rapidly changing technology, regulatory, and cultural landscape and shifting client priorities
• Keeps up to date with the Security and Privacy Industry - following the industry's advancements, challenges, and discovery

At RSM, we offer a competitive benefits and compensation package for all our people. We support and inspire you to prioritize your wellbeing by delivering personalized, holistic programming for your physical, emotional, financial and community wellbeing. RSM has a generous time off policy with at least 14 paid holidays, wellbeing days and associate and above access to self-managed time off. We offer flexibility in your schedule, empowering you to balance life's demands, while also maintaining your ability to serve clients. Learn more about our total rewards at .

RSM is proud to be an Affirmative Action and Equal Employment Opportunity employer. We are proud to provide our employees with tools to assist them in being successful in achieving both personal and professional goals. We welcome and support all our employees to thrive in an environment free of discrimination and harassment. As an Affirmative Action and Equal Opportunity Employer all applicants will receive consideration for employment as RSM does not tolerate discrimination and/or harassment based on race; color; creed; sincerely held religious beliefs, practices or observances; sex (including pregnancy or disabilities related to nursing); gender (including gender identity and/or gender expression); sexual orientation; HIV Status; national origin; ancestry; familial or marital status; age; physical or mental disability; citizenship; political affiliation; medical condition (including family and medical leave); domestic violence victim status; past, current or prospective service in the US uniformed service; pre-disposing genetic characteristics or any other characteristic protected under applicable federal, state or local law.

Accommodation for applicants with disabilities is available upon request in connection with the recruitment process and/or employment/partnership. RSM is committed to providing equal opportunity and reasonable accommodation for people with disabilities. If you require a reasonable accommodation to complete an application, interview, or otherwise participate in the recruiting process, please call us at 800-274-3978 or send us an email at .

RSM does not intend to hire entry level candidates who will require sponsorship now OR in the future (i.e. F-1 visa holders). However, those candidates who may be recent U.S. college / university graduates possessing 1-2 years of progressive and relevant work experience, excluding internships, in the U.S. or his/her home country would be eligible for hire as an experienced candidate and thus eligible for sponsorship.