Principal Data Privacy Consultant- Remote (Anywhere in the U.S.)

We are looking for a motivated and engaging Principal Data Privacy Consultant to join our growing Privacy Team! This is a fully remote, individual contributor role with occasional travel to support client consulting engagements. The successful candidate is a hard-working, self-motivated, data privacy professional who can help companies evaluate and enhance their data protection processes according to applicable regulations and best practices. You will mentor and share learnings with colleagues to foster a learning culture.

Role and Responsibilities: 

• Conduct compliance assessments against various US-based and international data privacy laws and regulations, including GDPR, CCPA/CPRA, HIPAA, GLBA, PIPEDA, PIPL, DPDPA and others.
• Develop regulatory updates to keep customers up to date on the current data security and privacy landscape.
• Research and identify applicable legal and administrative statutes/standards and other details related to customers’ Data Privacy Programs.
• Develop policies, processes, and other documentation) to comply with relevant privacy regulations and frameworks.
• Perform both gap and maturity assessments against the NIST Privacy Framework.
• Provide privacy-based advisory, remediation, and strategic services to GuidePoint customers to help build or strengthen their privacy programs.
• Develop tailor made privacy programs for customers to meet their compliance requirements, while also aligning with widely accepted best practice Privacy Program functions.
• Contribute to the growth, maturation, and socialization of the GuidePoint data privacy consulting practice.
• Establish strong relationships and trust with customers to understand customers’ business environments and requirements.
• Work with other GuidePoint Security practices as part of a cohesive cross-functional team.
• Support presales discussions with customers and contribute to the creation of Statements of Work (SOWs).
• Participate in webinars and other speaking opportunities to promote the Data Privacy practice.
• Provide mentorship to fellow data privacy staff.

Required Experience and Position Requirements:

• Minimum of 5 years of combined relevant privacy experience across private/public sector, consulting and/or relevant education.
• Minimum of 3 years of direct experience performing data privacy-related consulting services for clients of various verticals, including financial and insurance, retail, healthcare, service providers (SaaS, PaaS, etc.), manufacturing, critical infrastructure/energy, etc.
• Strong understanding and working knowledge of privacy frameworks, including NIST Privacy, ISO 27701, GAPP and other equivalent data privacy standards.
• Strong demonstrated experience in developing data privacy policies, standards, plans, procedures, and other documentation to support customer-adopted frameworks and industry standards.
• Strong understanding of all the functions within a data privacy program, the ability to assess the maturity of a data privacy program, perform gap assessments against data privacy frameworks and how to provide strategic recommendations and direction to senior leadership.
• Strong written and oral communication skills, which includes articulating thoughts and distilling complex problems into digestible information to be consumed by anyone from technical resources to the highest level of management; proven experience communicating clearly to technical levels up through C-Level and Board level.
• At least one active industry-recognized IAPP Certifications including CIPP/US, CIPP/E, CIPT, or CIPM.
• Strong written communication skills to aid in the creation of customer deliverables.
• Remain current on privacy laws, regulations, trends, and developments, and incorporate them into service delivery.
• Strong ability to work independently and multi-task on multiple projects simultaneously.
• Personal drive and passion for growing themselves and the Data Privacy Practice.
• Ability to simplify complex issues and provide pragmatic advice and practical solutions that can be operationalized.
• Team mindset, with ability to build strong relationships, and work collaboratively within a growing team and cross-functionally with members at all levels of the organization.
• Learning and growth mindset to keep up with emerging trends.
• Experience preparing reports and other deliverables that contain strategy, project, or technical analysis and findings in connection with consulting engagements and communicating those results to the team and client.
• Experience in project management and the ability to clearly communicate data privacy issues verbally on both a formal and informal basis to all levels of client staff.
• Exceptional client service and communication skills, with a demonstrated ability to develop and maintain outstanding client relationships.
• Team mindset, with ability to build strong relationships, and work collaboratively within a growing team and cross-functionally with members at all levels of the organization.

Preferred Experience and Position Requirements:

• Juris Doctorate degree from an accredited US school along with recent relevant Privacy Law experience.
• Demonstrated experience with assessing, developing, and implementing data governance and protection programs, including conducting data discovery of data flows and inventories, and evaluating the security and privacy controls that protect an organization’s sensitive data.
• Publish content and/or perform conference speaking to demonstrate thought leadership
• Conference and webinar speaking experience. 
• Expert knowledge of US and EU privacy laws.
• Experience implementing and/or developing programs leveraging OneTrust or other prominent privacy platforms.
• Solid understanding of the role of Artificial Intelligence (AI) and automated decision-making technology as it relates to Personal Information (PI).