Define and implement data protection controls and techniques to ensure the protection of company information. The consultant is responsible for ensuring that confidential information of authorized individuals is protected by implementing encryption controls. It evaluates existing encryption algorithms and cryptographic systems and develops new ones if necessary.
Role:
• Evaluate the effectiveness of existing data protection controls
• Identification and implementation of controls/mitigation plans for identified gaps
• Evaluate practices related to data collection and data exchange.
• Define, design and implement data protection technologies such as DLP and DRM.
• Implementation of data classification tools and data discovery tools.
• Analyze and evaluate data privacy incidents and report to the relevant team for response and remediation
• Ensuring the company’s compliance with data protection laws and regulations. Make recommendations to improve data protection compliance.
• Establishing security systems/mechanisms that protect against any possible disclosure or attack on information.
• Implement security controls to ensure that data is protected from any modification or deletion due to unauthorized access.
• Implementation of new encryption algorithms.
• Analyze current encryption systems and encryption algorithms to identify weaknesses and vulnerabilities.
• Proposing security solutions to remove weaknesses.
• Manage and monitor the implementation of recommended improvements.
• Assistance in resolving any security issues that may arise.
• Review and analyze all security incidents to determine the need for cryptographic controls.
• Keeping abreast of the latest cryptographic research and trends.
• Develop policies, procedures and processes related to privacy and data protection.
• Perform a risk assessment to ensure that appropriate controls are in place to effectively reduce risks.
• Define and implement technical data protection measures in line with relevant laws and regulations.
• Conduct privacy impact assessments.
• Ensure that all third party services are compliant with data privacy and security requirements.
• Liaise with the legal team to ensure correct contractual clauses are defined and included in all data processor contracts.
• Monitor compliance with the General Data Protection Regulation or other applicable data protection laws.
• Identifying and evaluating the company’s data processing activities.
• Maintain records of data processing activities.
• Stay informed of changes in laws and make recommendations to ensure data privacy compliance.
• Act as a point of contact with legal and regulatory authorities and internal teams.
• Develop training materials and conduct employee trainings on data privacy best practices, privacy compliance, and consequences in the event of non-compliance
Knowledge:
• Network components, their operation, and appropriate controls and methods for network security.
• Understand methods of risk assessment, mitigation and management.
• Aspects of cyber security related to legislative and regulatory requirements related to ethics and privacy.
• Computer algorithms.
• Cybersecurity considerations for database systems.
• Installation, integration and improvement of system components.
• Principles of human-computer interaction.
• Principles and methods of information technology security.
• Network access, identity and access management.
• Operating systems.
• Protocols, methods and network traffic management.
• Communication concepts relevant to the role.
• Network security engineering concepts including architecture, protocols, components, and principles.
• Network systems management principles, models, methods and tools.
• Methods for testing and evaluating the security of systems.
• How threat information sources gather intelligence.
• Network protocols and directory services.
• How to use network analysis tools to identify vulnerabilities.
• Intrusion detection and prevention system tools and applications.
• Network protocols and directory services
• Knowledge and understanding of new technologies and solutions from a cybersecurity perspective.
• Network components, their operation, and appropriate controls and methods for network security.
• Cybersecurity authentication, authorization and access control methods.
• Encryption algorithms, their relative strengths and weaknesses, and appropriate selection criteria.
• Concepts of encryption and management of encryption keys.
• Assessing cyber security and licensing processes.
• Cyber security controls and privacy requirements to manage data related risks.
• Low-level computer languages required for the role.
• Math required for the role.
• Programming linguistic structures and logic.
• Key security management concepts.
• National cyber security regulations and requirements relevant to the company.
• Coding methodologies.
• Industry standard security models and their effective application.
• Requirements for confidentiality, integrity and availability.
• Knowledge of current and emerging data encryption security features in databases.
• Complex data structures.
• Implement enterprise key assurance systems to support data encryption at rest.
• Principles of confidentiality, integrity and availability.
• Availability of assets, capabilities and limitations.
• NCA ECC Standard.
• The NIST CSF Framework.
• Principles of cyber security and data privacy.
• Standards and methodologies for data classification.
• Operational impact on the organization due to cyber security breaches.
• Related cyber security laws, regulations, standards, ethics and privacy.
• Conduct privacy impact assessments.
• Privacy Improvement Techniques.
• Setting and preserving digital evidence.
qualifications:
• Bachelor’s degree in Computer Science, Information Technology or any other related field.
• 7-15 years of experience in information security.
• At least 5 years of data protection or data privacy.
• Experience in conducting ISO 27701, GDPR and HIPAA audits
• CISA, CISM, IAPP, CIPP or equivalent certificates.
• ECES, CISSP, SANS Suite or equivalent certifications
We are a national group formed on the foundations of social responsibility and building the value gained with hard work and the quality of outputs that contribute to creating a fertile production environment for our valued customers so that they can present their work according to balanced performance standards that ensure continuity and reduce expected risks.