Employment:
Full Time
Identify and implement data protection controls and technologies to ensure the protection of the Company information. The consultant is responsible for ensuring the protection of confidential information to authorized personnel by implementing cryptographic controls. He/she evaluates the current cryptographic algorithms and encryption systems and develops new algorithms if required.
Role:
• Assess the effectiveness of the current data protection controls
• Identify and implement mitigation controls / plans for the identified gaps
• Assess the practices regarding data collection and data sharing .
• Identify, design and implement data protection technologies such as DLP and DRM.
• Implement data classification tools and data discovery tools.
• Analyze and evaluate the data privacy incidents and report to the concerned team for response and remediation
• Ensure the Company compliance with the data protection laws and regulations. Provide recommendations to improve the data protection compliance.
• Create security systems / mechanisms that protect against any potential information disclosure or attacks.
• Implement security controls to ensure the protection of data from any modification or deletion due to unauthorized access.
• Implement new cryptographic algorithms.
• Analyze existing encryption systems and cryptographic algorithms to identify weaknesses and vulnerabilities.
• Suggest security solutions to eliminate the weaknesses.
• Manage, and monitor the implementation of the recommended improvements.
• Assist in solving any security issues that may emerge.
• Review and analyze all the security incidents to identify the need for cryptographic controls.
• Keep up to date with current research and trends for cryptography.
• Develop policies, procedures and processes related to privacy and data protection.
• Conduct a risk assessment to ensure that appropriate controls are in place to mitigate risk effectively.
• Identify and implement technical measures for data protection in line with relevant laws and regulations.
• Conduct Privacy Impact Assessments.
• Ensure that all third-party services are compliant with data privacy and security requirements.
• Liaise with the legal team to ensure the right contractual clauses are defined and embedded into all data processor contracts.
• Monitor compliance with GDPR or other applicable data protection laws.
• Identify and evaluate the Company data processing activities.
• Maintain the records of data processing activities.
• Stay updated about the changes in laws and provide recommendations to ensure data privacy compliance.
• Act as point of contact with legal and regulatory authorities, and internal teams.
• Develop training materials and conducts trainings for employees on best data privacy practices, privacy compliance and the consequences in case of non-compliance
Knowledge:
• Network components, their operation and appropriate network security controls and methods.
• Understanding of risk assessment, mitigation and management methods.
• Relevant cybersecurity aspects of legislative and regulatory requirements, relating to ethics and privacy.
• Computer algorithms.
• Cybersecurity considerations for database systems.
• Installation, integration and optimization of system components.
• Human-computer interaction principles.
• IT security principles and methods.
• Network access, identity and access management.
• Operating systems.
• Network traffic protocols, methods and management.
• Telecommunications concepts relevant to role.
• Network security architecture concepts including topology, protocols, components, and principles.
• Network systems management principles, models, methods and tools.
• Systems security testing and evaluation methods.
• How threat intelligence sources collect intelligence.
• Network protocols and directory services.
• How to use network analysis tools to identify vulnerabilities.
• Intrusion detection and prevention system tools and applications.
• Network protocols and directory services
• Knowledge and understanding of new technologies and solutions from a cybersecurity perspective.
• Network components, their operation and appropriate network security controls and methods.
• Cybersecurity authentication, authorization and access control methods.
• Encryption algorithms, their relative strengths and weaknesses and appropriate selection criteria.
• Cryptography and cryptographic key management concepts.
• Cybersecurity assessment and authorization processes.
• Cybersecurity controls and privacy requirements for the management of risks relating to data.
• Low-level computer languages required for role.
• Mathematics required for role.
• Programming language structures and logic.
• Key security management concepts.
• National cybersecurity regulations and requirements relevant to the Company.
• Encryption methodologies.
• Industry standard security models and their effective application.
• Confidentiality, integrity and availability requirements.
• Knowledge of current and emerging data encryption security features in databases.
• Complex data structures.
• Implementing enterprise key escrow systems to support data-at-rest encryption.
• Confidentiality, integrity and availability principles.
• Asset availability, capabilities and limitations.
• NCA ECC Standard.
• NIST CSF Framework.
• The principles of cybersecurity and data privacy.
• Data classification standards and methodologies.
• Operational impact on an organization due to cybersecurity breaches.
• Relevant cybersecurity, ethics and privacy laws, regulations and standards.
• Conducting privacy impact assessments.
• Privacy enhancing technologies.
• Digital evidence seizes and preservation.
Qualifications:
• Bachelor’s degree in computer science, information technology, or any other related field.
• 7-15 years of experience in information security.
• A minimum of 5 years of Data Protection or Data Privacy.
• Experience conducting audits to ISO 27701, GDPR and HIPAA
• CISA, CISM, IAPP, CIPP, or equivalent certifications.
• ECES, CISSP, SANS Suite, or equal certifications
We are a national group formed on the foundations of social responsibility and building the acquired value with hard work and quality of outputs that contribute to creating a fertile production environment for our esteemed customers so that they can present their work in accordance with standards of balanced performance that ensures continuity and reduces the expected risk.
Source: Job Posting - gulftalent.com