Confidentiality and Privacy Manager (Technology Assessment)

Regulatory & Risk Management | Strategic Risk
Same job available in 105 locations

Albuquerque, New Mexico, United States

Alexandria, Virginia, United States

Ann Arbor, Michigan, United States

Arlington, Virginia, United States

Atlanta, Georgia, United States

Austin, Texas, United States

Baltimore, Maryland, United States

Bentonville, Arkansas, United States

Bethesda, Maryland, United States

Birmingham, Alabama, United States

Boca Raton, Florida, United States

Boise, Idaho, United States

Boston, Massachusetts, United States

Bowie, Maryland, United States

Bristol, Tennessee, United States

Camp Hill, Pennsylvania, United States

Carson City, Nevada, United States

Charleston, West Virginia, United States

Charlotte, North Carolina, United States

Chicago, Illinois, United States

Cincinnati, Ohio, United States

Cleveland, Ohio, United States

Colorado Springs, Colorado, United States

Columbia, South Carolina, United States

Columbus, Ohio, United States

Concord, New Hampshire, United States

Costa Mesa, California, United States

Dallas, Texas, United States

Darien, Connecticut, United States

Davenport, Iowa, United States

Dayton, Ohio, United States

Denver, Colorado, United States

Des Moines, Iowa, United States

Detroit, Michigan, United States

Falls Church, Virginia, United States

Fort Meade, Maryland, United States

Foster City, California, United States

Frankfort, Kentucky, United States

Frederick, Maryland, United States

Fresno, California, United States

Ft. Lauderdale, Florida, United States

Ft. Worth, Texas, United States

Gilbert, Arizona, United States

Glen Mills, Pennsylvania, United States

Grand Rapids, Michigan, United States

Greensboro, North Carolina, United States

Greenville, South Carolina, United States

Harrisburg, Pennsylvania, United States

Hartford, Connecticut, United States

Hattiesburg, Mississippi, United States

Helena, Montana, United States

Hermitage, Tennessee, United States

Horsham, Pennsylvania, United States

Houston, Texas, United States

Huntsville, Alabama, United States

Indianapolis, Indiana, United States

Irving, Texas, United States

Jacksonville, Florida, United States

Jersey City, New Jersey, United States

Kansas City, Missouri, United States

Lake Mary, Florida, United States

Lansing, Michigan, United States

Las Vegas, Nevada, United States

Lexington Park, Maryland, United States

Little Rock, Arkansas, United States

Los Angeles, California, United States

Louisville, Kentucky, United States

Madison, Wisconsin, United States

Manhattan Beach, California, United States

McLean, Virginia, United States

Mechanicsburg, Pennsylvania, United States

Memphis, Tennessee, United States

Miami, Florida, United States

Midland, Michigan, United States

Milwaukee, Wisconsin, United States

Minneapolis, Minnesota, United States

Monterey, California, United States

Morrisville, North Carolina, United States

Nashville, Tennessee, United States

New Carrollton, Maryland, United States

New Orleans, Louisiana, United States

Newton, Massachusetts, United States

Newtown Square, Pennsylvania, United States

Norfolk, Virginia, United States

O'Fallon, Illinois, United States

Oklahoma City, Oklahoma, United States

Omaha, Nebraska, United States

Orlando, Florida, United States

Panama City, Florida, United States

Parsippany, New Jersey, United States

Philadelphia, Pennsylvania, United States

Phoenix, Arizona, United States

Pittsburgh, Pennsylvania, United States

Pleasanton, California, United States

Portland, Oregon, United States

Princeton, New Jersey, United States

Providence, Rhode Island, United States

Quantico, Virginia, United States

Radford, Virginia, United States

Raleigh, North Carolina, United States

Reno, Nevada, United States

Reston, Virginia, United States

Seattle, Washington, United States

St. Louis, Missouri, United States

Suitland, Maryland, United States

Position Summary

Manager, Confidentiality & Privacy - Technology Assessments – Risk & Brand Protection

Confidentiality & Privacy is seeking an experienced Manager to contribute to strategic priorities and mitigation of confidentiality and privacy risks across the Deloitte US Firms. This role will primarily support the operational processes in evaluating technologies for confidentiality and privacy risks, as well as participate in key strategic priorities of C&P. The successful candidate will be expected to quickly build subject matter expertise in the US Firms’ confidentiality and privacy policies while providing impactful contributions to technology risk management. He or she will be expected to participate and manage confidentiality and privacy initiatives designed to safeguard confidential information (CI) and protect Deloitte’s brand and reputation.

Work you’ll do

Technology Risk Management

  • Lead Privacy Impact Assessments. Review systems in development, identify vulnerabilities, and recommend controls to implement. Update and track activities methodically with relentless attention to quality, accuracy, and timeliness. 
  • Conduct risk assessment of emerging technologies such as artificial intelligence, machine learning, internet of things, and cloud solutions and follow-up on progress of remediation activities.
  • Work closely with IT professionals to monitor systems throughout the system development lifecycle for privacy and data protection compliance.
  • Serve as the subject matter expert who business teams can turn to and rely on for timely and impactful guidance regarding confidentiality, privacy, technology and risk.
  • Coordinate with leadership and key stakeholders to complete assessments.
  • Prepare and present analysis for leadership/management.
  • Develop in-depth understanding of the US Firms’ businesses and enabling areas to provide quick response and guidance based on potential risks to Deloitte.

Confidentiality & Privacy Strategic Priorities

  • Participate in and lead projects to implement or enhance the US Firms’ confidentiality and privacy programs. Activities may include development of training and awareness materials or support for other high impact C&P initiatives.
  • Contribute to the design, development and deployment of technology solutions to enhance confidentiality and privacy processes and mitigate risk.
  • Support confidentiality and privacy program assessments and system reviews of confidentiality & privacy risks.
  • Review and advise on technical requirements, vendor solutions, and data protection features of applications and systems utilized and/or delivered by the Deloitte US Firms.
  • Provide expertise and support to data analytics efforts to identify insights, potential risks, and mitigation strategies.

The Team

Risk & Brand Protection (R&BP)

At Deloitte, we are stewards of reputation—ours and our clients. That’s why we foster a culture that protects, preserves, and enhances our reputation. With your help, we will distinguish Deloitte as the clear leader in professional services, making us the first choice for clients and talent.

Confidentiality & Privacy

Confidentiality & Privacy (C&P), led by the Chief Confidentiality & Privacy Officer and Managing Director, Confidentiality & Privacy, is a steward for Deloitte’s reputation. In that role, C&P is responsible for the development and deployment of a comprehensive program to mitigate confidentiality and privacy risks across the Deloitte US Firms. The team is highly collaborative, and individual contributions are measured relative to team contributions. C&P is organized around key service areas, which include:

  • Policy, Privacy Regulatory & Data Governance
  • Insider Threat
  • Incident Management
  • Strategy and CI Program Direction
  • Technology Assessments

Qualifications

Required Education & Experience

  • BA/BS in computer science, management information systems cybersecurity, or related field or significant industry experience required
  • MS Cybersecurity, MBA, or advanced degree required
  • 7-10+ years of related experience, including a minimum of 5 years in Risk Management, Privacy cyber security, or Privacy by Design
  • Demonstrated track record of adding value through a combination of deep technical expertise, professional judgment and process/program/project ownership.
  • Knowledge of technologies used to collect, share, access and use personal data such as cookies, web beacons, data warehouse, and web analytic and decision support software.
  • Experience with privacy platform software preferred
  • Familiarity with cyber threats and potential impact on business
  • Knowledge of U.S. privacy legislation such as HIPAA, CAN-SPAM, COPPA, FCRA, GLBA, stated privacy laws, state data breach laws and the capability to apply regulatory requirements within an operational context
  • Must be legally authorized to work in the United States without the need for employer sponsorship now, or at any time in the near future.
  • Ability to travel 25-30%, on average, based on the work you do and the clients and industries/sectors you serve

Required Professional and Technical Skills

  • Demonstrated track record in sound judgment, investigation, strong attention to detail, and persistence in following/driving incidents to conclusion.
  • Excellent organizational, communications (oral and written), problem solving, and interpersonal skills.
  • Strong client service orientation - our clients expect and deserve high quality work products and effective resolution of identified issues.
  • Executive presence, strong facilitation skills.
  • Remain calm while retaining your ability to influence others in high pressure situations.
  • Highly collaborative work ethic with demonstrated agility and strong teaming skills.
  • Strong project management skills while exhibiting an ability to multi-task across various initiatives and activities.
  • Quick and eager learner to apply new skills and technologies in a results-oriented manner.
  • Experience and proficiency in MS Office products to include Word, PowerPoint, Excel, and SharePoint.

Required Licenses, Certifications, and Other Requirements

  • Certified International Privacy Professional (CIPP), Certified Information Privacy Manager (CIPM), Certified Information Privacy Technologist (CIPT), Certified Information Security Systems Professional (CISSP), or Certified Information Systems Auditor (CISA) certification required
  • Work Location: Any Deloitte US office location

For individuals assigned and/or hired to work in Colorado or Nevada, Deloitte is required by law to include a reasonable estimate of the compensation range for this role. This compensation range is specific to the State of Colorado and the State of Nevada and takes into account the wide range of factors that are considered in making compensation decisions including but not limited to skill sets; experience and training; licensure and certifications; and other business and organizational needs.  The disclosed range estimate has not been adjusted for the applicable geographic differential associated with the location at which the position may be filled.  At Deloitte, it is not typical for an individual to be hired at or near the top of the range for their role and compensation decisions are dependent on the facts and circumstances of each case.  A reasonable estimate of the current range is $85,000 to $159,000.

You may also be eligible to participate in a discretionary annual incentive program, subject to the rules governing the program, whereby an award, if any, depends on various factors, including, without limitation, individual and organizational performance.

EA_RBP_ExpHire
EA_ExpHire

Our people and culture

Our diverse, equitable, and inclusive culture empowers our people to be who they are, contribute their unique perspectives, and make a difference individually and collectively. It enables us to leverage different ideas and perspectives, and bring more creativity and innovation to help solve our client most complex challenges. This makes Deloitte one of the most rewarding places to work. Learn more about our inclusive culture.

Professional development

From entry-level employees to senior leaders, we believe there’s always room to learn. We offer opportunities to build new skills, take on leadership opportunities and connect and grow through mentorship. From on-the-job learning experiences to formal development programs, our professionals have a variety of opportunities to continue to grow throughout their career.


As used in this posting, “Deloitte” means Deloitte LLP. Please see www.deloitte.com/us/about for a detailed description of the legal structure of Deloitte LLP and its subsidiaries.

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability or protected veteran status, or any other legally protected basis, in accordance with applicable law.

Requisition code: 98243

SCAM ALERT

Caution against fraudulent job offers!

We have been informed of instances where jobseekers are led to believe of fictitious job opportunities with Deloitte US (“Deloitte”). In one or more such cases, false promises of actual or potential selection, or initiation or completion of the recruitment formalities appear to have been or are being made. Some jobseekers appear to have been asked to pay money to specified bank accounts of individuals or entities as a condition of their selection for a ‘job’ with Deloitte. These individuals or entities are in no way connected with Deloitte and do not represent or otherwise act on behalf of Deloitte.

We would like to clarify that:

  • At Deloitte, ethics and integrity are fundamental and not negotiable.
  • We are against corruption and neither offer bribes nor accept them, nor induce or permit any other party to make or receive bribes on our behalf.
  • We have not authorized any party or person to collect any money from jobseekers in any form whatsoever for promises of getting jobs in Deloitte.
  • We consider candidates on merit and that we provide an equal opportunity to eligible applicants.
  • No one other than designated Deloitte personnel (e.g., a Deloitte recruiter or Deloitte hiring partner) is permitted to extend any job offer from Deloitte.

Anyone who at any time has made or makes any payment to any party in exchange for promises of job or selection for a job with Deloitte or any matter related to this (including those for ‘registration’, ‘verification’ or ‘security deposit’) or otherwise engages with any such person who has made or makes fraudulent promises or offers, does so (or has done so) entirely at their own risk. Deloitte takes no responsibility or liability for any such unauthorized or fraudulent actions or engagements. We encourage jobseekers to exercise caution.