Sign In or Register an Account

Manager, Privacy & Third-Party Risk Management

December 20, 2022
Click here to apply for this job.
About the Role

The Information Technology Group (ITG) is a collection of people, processes and technology investments that are designed to achieve the business goals of FTI Consulting. The Manager, Privacy & Third-Party Risk Management in the Corporate Information Technology Group - Global Cybersecurity and Privacy (GCP) is responsible for managing the Information Privacy and Third-Party Risk Management Program, serving as the primary point of contact for security assessments involving internal and external clients, as well as outside vendors. The Manager, Privacy & Third-Party Risk Management will also be responsible for the day-to-day operations management of the Data Privacy Program compliance, helping ensure alignment and compliance with internal policies and applicable Privacy regulations.

What You'll Do
  • Manage the overall capabilities and operating framework of the Third-Party Risk Management Program (structure, people, and project delivery processes), articulating the service delivery process, and managing the measurement metrics.
  • Identification of process optimization opportunities and assisting in developing and following through on corrective action plans
  • Coordinate and perform a full cycle of the third-party security risk management activities, including risk identification, assessment, mitigation, monitoring and reporting
  • Coordinate and conduct Vendor Risk assessments, review documentation provided (including independent assessments, certifications, pen-test, etc.) and issue reports
  • Execute the Data Privacy compliance program by working with data owners to ensure that applicable internal privacy controls are followed. Coordinate DPIA and PIA processes, analysis, and reporting
  • Support inquiries into the cybersecurity program and its operations. Respond to client questionnaires and support client engagements.
  • Understand and keep abreast of emerging technologies and how they affect the business.
  • Take on responsibilities as a backup or alternate for other GCP staff as assigned. Assist with internal risk and compliance initiatives.
  • Periodic travel (limited) as necessary (possibly with short notice)

How You'll Grow

ITG uses an "IT Service Portfolio" approach to align with business priorities, and to articulate and communicate the diversification of IT investments for the business. FTI Consulting leverages the Information Technology Group (ITG) to accomplish the following goals: Improve Practitioner Productivity and grow the business with IT, Reduce Risks with IT in the business, and Manage a balanced set of IT investments that meet business objectives. We encourage our employees to become "Super Users" of all our services, take advantage of multiple opportunities to work with colleagues on the wide array of cross functional to inter department projects, and self-improve through professional development.
  • Through working at the highest level of the organization and providing expert advice and counsel to Senior Information Technology Leadership, IT Project teams, and Users, it is expected that the responsibilities and span of functional responsibilities will increase over time

Basic Qualifications
  • 5 years' experience in IT audit/Security Assessment/Certification with at least 2 years of managing/supervising a full cycle of control assessments
  • Understanding of third party risk management techniques, security IT control evaluation, and security control management lifecycle
  • 4-year degree (BS/BA)
  • Professional designations preferred: CISSP, CRISC, CISA, CTPRP; others: PMP, CDPSE, Security+, CISM, CIA, HCISPP a plus.
  • Ability to travel, if requested.
  • COVID Vaccine required*

*Individuals seeking an exemption from this requirement for medical or religious reasons should complete a request for accommodation form and submit the form to recruitingsupport@fticonsulting.com.

Preferred Skills
  • Proven experience in Information Security Third-Party Risk Management and/or compliance
  • Prior experience assessing SOC and SIG reports is preferred
  • Prior project management experience is preferred
  • Strong understanding of information security principles, architecture, and methodologies (including control design and risk assessment)
  • Solid understanding of IT audit and security control evaluation methodologies
  • Solid understanding and experience with security risk management, covering the full lifecycle of activities, including risk identification, assessment, mitigation, monitoring and reporting
  • Understanding of COBIT, ISO27000, NIST CSF, and/or HITRUST frameworks
  • Excellent written and verbal communication skills
  • Highly Organized and Self-Motivated, with Strong attention to detail
  • Excellent written and verbal communication skills
  • Highly Adaptable to changing priorities (high flexibility)
  • Possesses and evidences comprehensive knowledge of all information systems technology disciplines, with a high level of technical/functional expertise and experience.
  • Must have a solid understanding of information technology, information security and IT risk management
  • The industry expertise of Information Security and Data Privacy best practices, standards, and technology.
  • Experience in developing IT policies and procedures.
  • Bachelor's Degree in Business, Management Information Systems, or related field preferred; graduate degree a plus.

Level Requirements
  • Ability to independently create, execute, track and manage a project
  • Ability to manage the work efforts of others, create and develop work plans, and deliver solutions
  • Ability to create, manage and report on budgets and budget-actual progress.
  • Ability to, using templates, develop technical solutions, document the solution, and plan/execute the solution
  • (Ability to interface directly with clients with a high degree of professionalism and maturity)
  • (Able to identify and document a project from beginning to end. Create workplan for both direct and non-direct reports.)

Our Benefits

Apart from the well-structured career path and excellent team environment, our employees enjoy a variety of perks and benefits. Our benefits include, but are not limited to:

  • Competitive salary and bonus plans
  • Generous paid holidays, time off and parental leave
  • Full package of benefits plans
  • Company matched 401K
  • Annual paid volunteer hours
  • Corporate matching for charitable donations
  • Potential for flexible working arrangements
  • Free snacks and drinks
  • Upscale offices close to public transportation
  • Pet insurance

About FTI Consulting

What makes us unique? With more than 6,250 employees located in offices in every corner of the globe, we are the firm our clients call when their most important issues are at stake. Regardless of what level you are, you will have the opportunity to work alongside and learn from top experts in your field on high-profile engagements that impact history. Our culture is collaborative, and we value diversity, recognition, development and making a difference in our communities.

FTI Consulting is publicly traded on the New York Stock Exchange and has been recognized as a Best Firm to Work For by Consulting magazine and one of America's Best Management Consulting Firms by Forbes . For more information, visit www.fticonsulting.com and connect with us on Twitter ( @FTIConsulting ), Facebook and LinkedIn .

FTI Consulting is an equal opportunity employer and does not discriminate on the basis of race, color, national origin, ancestry, citizenship status, protected veteran status, religion, physical or mental disability, marital status, sex, sexual orientation, gender identity or expression, age, or any other basis protected by law, ordinance, or regulation.

#Li-HB1