EY - Consultant - Data Privacy & Information Governance

Consultant Data Privacy & Information Governance, Mumbai

- Whether facing acts of fraud, government investigations or regulatory inquiries, major litigation or transactional disputes, clients turn to EY Forensics for assistance.

- Our forensic accountants and technologists, certified fraud examiners, anti-corruption and anti-money laundering specialists work with our clients- legal counsel, internal audit and compliance departments investigating complex issues and developing practical solutions that address operational challenges.

- We apply the collective knowledge and insight gleaned from working across industries and geographies to help our clients conduct fraud risk assessments and institute proactive anti-corruption programs. Furthermore, we utilize forensic data analytics that enable corporations to manage risk and regulatory compliance.

- With the boom in the amount of information that is all around us, emanating from various sources such as our smart phones, IoT devices to name a few, there is a new sense that is coming into realization to all of us now, one that of boundaries!!.

- In Europe with the enforcement of the General Data Protection Regulation (GDPR) adopted by the Council of the European Union and the European Parliament in April 2016 and the data protection bill coming soon in India the need for privacy professionals is growing at a fast pace.

The opportunity :

- Our Forensic Technology Consulting Services are meant to help organizations with such new data privacy regulations. This could be done in a systematic way by ensuring certain frameworks and compliance models to govern the handling of personal data, the businesses possibly handles, are followed.

- As a part of this team of information governance and data privacy and protection professionals.

Your key responsibilities would be :

- Understanding existing privacy gaps at our clients business which they may need to focus on

- Tailor-make and implement privacy programs to help client with their business

- Help in conducting Privacy Impact Assessments for the clients

- Help the clients be prepared to deal with the new data privacy regulations such as GDPR, India Personal Data Protection Bill etc.

- Help implement policies and procedures to help client protect their data (eg. PII, personal sensitive data etc)

- Creating an incident response and forensic plan to tackle with data breaches that could make clients susceptible to privacy regulation penalties

- Wherever needed render services on behalf of clients to help them with privacy regulations

- From an information governance perspective, help clients identify and classify their information using various frameworks. Helping them creating data maps and giving them advice on the redundancy of data within their organizations.

- From a records and information management perspective, having sound knowledge of various frameworks such as such as ARMA (GARP), ISO 15489 etc

- Define technical and business requirements for data privacy and information governance solutions.

- Define information security processes and policies which secure and enable the business.

- Enforce business, privacy and security policies.

- Implement data privacy, information governance, IT and information security related technology products.

- Perform basic supervisory duties to mentor and coach junior staff. Develop people through effectively delegating tasks and providing guidance to staff. 

- Assign and review the work of more junior employees and assist in the preparation of the final work products in order to confirm the work is performed with the highest quality standards.

- Provide performance feedback and training, and conduct performance reviews. Foster an efficient, innovative, and team-oriented work environment.

- Forensically analyze end user systems and servers found to have possible indicators of a data breach from a data privacy regulation perspective.

- Analysis of artifacts collected during a security incident/forensic analysis

- Interface and communicate with server owners, system custodians, and IT contacts to pursue security incident response activities, including: obtaining access to systems, digital artifact collection, and containment and/or remediation actions

- Regularly provide reporting and metrics on case work

- Complete the draft and final reports and any other deliverables as specified in planning documentation. Ensure project documentation is complete and archived appropriately.

- Collaborate with the engagement team to plan the engagement and develop work programs, timelines, and planning documentation. Work with the team to document the business processes dependent on IT. 

- Ensure high- quality client service by directing daily progress of fieldwork, informing supervisors of engagement status, and managing staff performance.

- Ability to travel at least 75% of time.

- Good written and verbal communications skills

Capability and experience :

- Depending on your experience and skillset levels, your role in a given privacy engagement would be decided and you will be accordingly placed within the team of our data privacy professionals.

- You may be involved in business development area to identify potential opportunities to grow the business further.

- Great working knowledge of data protection and privacy laws and regulations (e.g. EU GDPR, etc.) and industry standards and frameworks, such as GAPP and BCR.

- Certifications such as CIPM, CIPT, CIPP/E, CISM, CISSP, and/or HCISSP, as well as involvement in industry related organizations (e.g. IAPP, ISACA, (ISC) ) are added advantages

- Experience in developing, implementing or architecting data privacy and information governance based policies, frameworks.

- Able to efficiently understand client organizations and their business model and to tailor-make relevant processes to data privacy requirements

- Communicate with different stakeholders (e.g. business, legal, IT, security) about data protection and data privacy related matters

- Strong understanding of information security regulatory requirements and compliance issues

- Knowledge of general security concepts and methods such as vulnerability assessments, privacy assessments, intrusion detection, incident response, security policy creation, enterprise security strategies, architectures and governance

- Understanding of networking (TCP/IP, OSI model), operating system fundamentals (Windows, UNIX, mainframe), security technologies (firewalls, IDS/IPS, etc.) and application programming/scripting languages (Python, C, Java, Perl, Shell)

- Experience in Cyber Strategy & Programme Assessment, Attack & Penetration Testing / Ethical Hacking, Threat Intelligence, Security Monitoring, Cyber Incident Response

Qualification : 

- Bachelors (BE) / Master's Degree (M.Sc OR M.E/M.TECH OR MBA) in IT, Computer Science, Information Systems, Engineering or a related field

To qualify for the role you must have :

- 3+ years of post- qualification experience in Data Privacy, Information Governance, Compliance and Incident response. 

- Experience with large consulting firms / or large Corporate Internal would be an added advantage