Privacy & Cyber Risk Consultant

Your Responsibilities

Lockton’s Privacy & Cyber Risk Team partners with clients to strengthen their data protection and cybersecurity strategies. As a Privacy & Cyber Risk Consultant, you will report into the Cyber & Technology team and collaborate with brokers to design and deliver risk improvement and loss control strategies. This role blends technical expertise with client facing advisory work, helping organizations across industries build resilience against evolving cyber threats.

Key Responsibilities

• Conduct interview based assessments of client data protection and cybersecurity postures.
• Review insurance applications to identify and prioritize risk improvement opportunities.
• Evaluate compensating controls that meet underwriting requirements and advocate on behalf of clients.
• Develop strategic roadmaps to enhance privacy and cyber resilience.
• Facilitate client discussions on IT dependencies, security investments, and cyber insurance procurement.
• Coordinate implementation of agreed data protection service models.
• Lead tabletop exercises and workshops to assess incident readiness and response.
• Facilitate incident response tabletops, cybersecurity maturity assessments, and cyber risk quantification workshops — both virtually and in person.
• Assist in developing tailored breach response plans aligned with client objectives and risk tolerance.
• Deliver training workshops on privacy, cybersecurity, and risk improvement strategies.
• Collaborate with colleagues in product, claims, and analytics to enhance client experience.
• Build and maintain relationships with insurers, cybersecurity firms, law firms, and other vendors.
• Contribute to thought leadership initiatives and support internal learning for Producers and Associates.
  
  

Qualifications

• Minimum: Bachelor’s degree in a technical field (cybersecurity, information assurance, computer science, or related discipline).
• Preferred: Master’s degree or other advanced degree in a relevant field.
• Significant experience (generally 8–10 years) managing privacy and/or cybersecurity risk, with flexibility based on depth and quality of experience.
• Strong knowledge of data protection and cybersecurity legal/regulatory frameworks.
• Excellent communication skills with the ability to explain complex risks in accessible terms.
• Experience working across multiple industries (energy, finance, technology strongly preferred).
  
  

Preferred Skills & Certifications

• Data protection certifications (CIPP, CIPM, CIPT).
• Cybersecurity certifications (CISSP, CCSP, CISM, CRISC).
• Experience in cyber insurance underwriting, claims, or broking.
  
  

Additional Details

• Travel: 25%