This role requires expertise in technology audits, data security, cloud environments, process controls, regulatory compliance, and metrics evaluation. The consultant will support documentation efforts, address compliance gaps, and ensure that DLP controls and processes meet standards such as NIST, ISO 27001, and FFIEC. Additionally, the consultant will evaluate current metrics, identify any gaps, and develop a plan to enhance performance indicators and reporting.
Key Responsibilities:
Assist with developing program documentation required to demonstrate DLP and Encryption regulatory compliance, ensuring alignment with internal standards and regulatory expectations.
Identify and address documentation gaps, ensuring all processes, controls, and metrics support compliance.
Maintain organized records for DLP-related processes across on-premises and cloud environments (AWS, Azure 2. Audit, Data Security, and Compliance Mapping Utilize audit expertise to map DLP controls to relevant laws, regulations, and standards, building a comprehensive compliance framework.
Apply data security knowledge, especially within cloud environments, to ensure DLP controls meet regulatory requirements for cloud data protection.
Identify gaps within the current metrics framework, developing a plan to enhance and optimize performance indicators.
Collaborate with teams to implement new metrics, ensuring they align with regulatory standards such as FFIEC, NIST, and ISO 27001.
Leverage Excel and advanced analytics to analyze data, assess trends, and create insightful reporting tools.
Control Objectives aligned with current policies and industry standards, ensuring consistency across all technology controls, ensure control objectives are measurable and can effectively demonstrate compliance during regulatory reviews.
Create detailed program documentation and visually engaging presentation materials outlining DLP program objectives, control effectiveness, and compliance status, which will provide an overview of the program and the associated controls.
Prepare executive summaries and strategic overviews to communicate DLP risk trends, program strengths, and 2026 priorities.
Tailor documentation and presentations for technical and non-technical stakeholders, ensuring clear and concise messaging.
Required Experience
7+ years of Information Security Governance, Risk and/or Compliance, Information Technology or Business Analysis 5-7 years of experience interacting with auditors and regulators or experience working in an auditing or risk management capacity or within a consulting firm
Deep Understanding of Data Loss Prevention and Encryption.
Strong understanding of security principles, protocols, and technologies, with expertise in areas like network security, DLP, and encryption.
Experience with managing regulatory, compliance, risk, and governance processes or functions
Familiarity with common Information Security and data protection frameworks and standards (i.e. CIS, NIST, HIPAA, GDPR, PCI DSSS, ISO 270001).
Excellent verbal and written communication skills with ability to distill key data points and effectively present information.
Proven experience creating executive-level presentations and reports that convey complex information effectively.
Strong proficiency with Excel for developing and refining metrics and reporting.
Certifications:
CISA, CISSP, AWS Certified Security, or Azure Security Engineer, are a plus.
Preferred Skills: Experience in financial institutions or consulting with a focus on data protection and regulatory compliance. Prior experience preparing for regulatory examinations. Prior experience preparing for regulatory examinations, are a plus.