Focal Point Data Risk, a CDW Company, is one that delivers a unified approach to addressing data risk through a unique combination of consulting service offerings.  Focal Point has brought together industry-leading expertise in cyber security, identity governance and access management, data privacy and analytics, internal audit, and hands-on training services, giving companies all that is needed to plan and develop effective risk and security programs. By integrating these services, we provide our clients with the flexible support they need to protect and leverage data across any part of their organization. Simply put, CDW - Focal Point is the next generation of risk management.

Our Privacy team has developed and implemented data privacy and information security programs for some of the nation's largest and most complex organizations. Our clients represent industries in both the public and private sectors, including state and local government agencies, domestic and global technology firms, global retail chains, financial services firms, and healthcare organizations.

The Data Privacy Consultant is responsible for providing services related to a broad range of privacy and cybersecurity disciplines, including compliance assessments, program design, and policy development.  He/she works on-site and off-site to evaluate client compliance with common industry standards and regulations. The Data Privacy Consultant must have a working knowledge of international, federal, and state privacy rules and regulations, including cybersecurity and privacy frameworks.  He/she assists with drafting deliverables, frequently interacts with client personnel, and is expected to participate actively in client-focused project teams.  The Data Privacy Consultant must be able to work on and prioritize multiple concurrent tasks.

Responsibilities: 

• Conducts client project-related privacy (and, where necessary, cybersecurity) risk assessments and privacy audits.
• Reviews privacy and cybersecurity practices and conducts periodic compliance assessments.
• Provides privacy and data protection training and awareness as requested in client engagements or internal workshops.
• Reviews client's potential or actual privacy incidents and coordinates or leads the incident or breach management process.
• Prepares reports and other deliverables that contain strategy, project or technical analysis, and findings in connection with our consulting engagements and communicates those results to the team and client management.
• Assist clients in creating or updating data maps, inventories, and Records of Processing Activities.
• Performs Data Protection Impact Assessments, Privacy Impact Assessments, and Transfer Impact Assessments.
• Operates as a subject matter expert on privacy risks and audits when interfacing with clients or peers including internal sales and pre-sales resources
• Interacts effectively with co-workers and clients at all levels to foster and maintain strong working relationships.
• Prioritize assigned tasks and workloads as necessary.
• Creates or updates assessment documents when new laws or regulations are promulgated.
• Performs other duties as assigned by management.

Qualifications - Internal

Minimum Qualifications: 

• 3+ years working in a consulting role as a Data Privacy consultant or related field experience.
• Experience interpreting international, federal, and state privacy and security regulations.
• At least three years working with cross-functional teams, technical privacy and security controls, and operational risk tolerance.
• Experience performing privacy and/or security gap assessments, data maps and inventories, and Impact Assessments.
• Professional knowledge of the international, federal, and state rules, regulations, and guidance related to security and privacy, including but not limited to HIPAA, GLBA, GDPR, and NIST
• Working knowledge of cybersecurity controls as they relate to international, federal, and state rules, regulations, and guidance related to security and privacy, including but not limited to HIPAA, GLBA, GDPR, and CMMC
• Intermediate to Advanced Microsoft Office Suite (i.e., Word, Excel, PowerPoint).
• A Bachelor's Degree in information systems, computer science, or a related field.
• Possess a fundamental understanding of privacy engineering principles.
• Obtained or working toward the following certifications:
  • Certified Information Privacy Professional (CIPP)
  • Certified Information Systems Security Professional (CISSP)
  • OneTrust

Preferred Qualifications:

• Juris Doctor from an American Bar Association-accredited law school
• Obtained or working toward the following certifications:
  • Certified Information Privacy Technologist (CIPT)
  • Certified Information Privacy Manager (CIPM)
  • Certified Information Security Auditor (CISM)
  • Certified Information Security Manager (CISM)
  • HITRUST Certified CSF Practitioner (CCSFP)
  • Cyber AB Registered Practitioner Advanced

Travel Required: Regional and international travel, as needed, up to 35%

COVID-19 Update:
CDW is committed to maintaining a workplace that is free of known hazards and to ensuring the safety, health, and well-being of coworkers and candidates for employment and their families, as well as the community.

CDW requires all coworkers be fully vaccinated against COVID-19, with the only exceptions being a documented, legally required medical or religious accommodation.  Prior to starting with CDW, successful candidates will be required to: (i) be fully vaccinated against COVID-19 and provide CDW with proof of full vaccination; or (ii) apply for and receive a medical or religious-based accommodation to be exempt from the mandatory vaccination policy.