Associate/Senior Associate - Cyber Data Privacy and Protection
Deloitte
- Jakarta
- Permanent
- Full-time
- Enable clients to understand the impact of privacy laws, regulations, and standards/trends across their organization and develop strategies to enhance their privacy program maturity.
- Assist in the development of privacy program governance components (e.g., policies, procedures, standards, frameworks, training, notices) for complex global clients across industries.
- Assist clients with understanding how privacy technologies can serve as an enabler for privacy program operations and assist with the deployment of leading privacy technologies.
- Assist clients in designing, deploying, and managing technology and process solutions to reduce the potential for data compromise.
- Assist clients with developing technical requirements, evaluating vendor solutions, developing architecture & design, and testing of data protection and data security solutions
- Advise clients in understanding the future state problems and challenges in cyber security and work collaboratively with them to enhance capabilities
- Coordinate with diverse groups of client stakeholders to meet their unique needs in fast-paced environments
- Understanding of the entire ecosystem of data protection including well-rounded understanding of the information security domains and their inter-relations across that ecosystem.
- Support the privacy practice in market expansion and revenue growth YoY
- Demonstrate a strong commitment to personal learning and development.
- Understand how our daily work contributes to the priorities of the team and business.
- Understand the set expectations and demonstrate accountability in keeping personal performance on track.
- Actively focus on developing effective communications and relationship-building skills with stakeholders, clients and team.
- Demonstrate an appreciation for working with others.
- Understand what is fundamental to Deloitte's success as a business.
- Demonstrate integrity and an awareness of strengths, differences, and personal impact.
- Develop their understanding of Deloitte and offer a fresh perspective.
- 2 + years of experience in assessing, designing, building, and implementing privacy programs (for senior associates)
- 2+ years demonstrated ability to translate business, risk and regulatory requirements into data protection solutions and to effectively communicate those solutions to business leaders and executives (for senior associates)
- Strong knowledge and awareness of domestic and global privacy laws, regulations, and standards such as the UU ITE, PP71/2019, Perkominfo No 20/2016, GDPR, ISO 27701, NIST Privacy Framework
- Experience in facilitating privacy stakeholder interviews and working sessions
- Demonstrated ability to build stakeholder relationships and excellent communication skills
- Excellent communication skills and fluency in written and spoken English
- Demonstrated experience in designing and implementing technology and process solutions to reduce the potential risk of data compromise
- Certifications in one or more of the following: CIPP, CIPM, CIPT, FIP, CDPSE, CISM, CISSP
- Experience with Privacy Management technology, e.g., OneTrust, Security, BigID, TrustArc, etc.
- 2 + years of experience in developing, implementing, and/or operating one or more of the privacy program components such as:
- Organization and operating model
- Privacy requirements and control frameworks
- Privacy metrics and reporting procedures
- Record of processing activities/data inventory
- Privacy policies, notices, contracts and clauses
- Individual / data subject rights
- Consent, preference, and cookies management
- Third-party privacy risk management
- Cross-border data transfer mechanisms (e.g., binding corporate rules, model contracts)
- Privacy by design/default and data privacy impact assessments
- Privacy training and awareness
- Privacy incident response
- Hands-on experience working with a few of the following data protection technologies:
- Data Loss Prevention (DLP) technology (e.g. Symantec DLP, Forcepoint DLP, McAfee DLP, CoSoSys, Digital Guardian)
- Endpoint Protection and Endpoint Detection and Response technology (e.g. Crowdstrike Falcon, Cylance Protect/Optics, Microsoft Defender, VMware Carbonblack etc.)
- Cloud Access Security Broker (CASB) technology (e.g Netscope CASB,Forcepoint CASB, McAfee CASB, Microsoft MCAS etc)
- Secure Web Gateways and DNS Security technology (e.g. Zscaler Internet Access, Broadcom Web Security, Netskope Secure Web Gateway, Cisco Umbrella OpenDNS etc.)
- Data Discovery, Retention and Destruction technologies (e.g. Symantec Network Discovery, Veritas Data Insight, Varonis Suite etc)
- Data Classification and Rights Management technology (e.g. Microsoft Azure Information Protection, Boldonjames Data Classification, Titus Classification Suite etc)
- Key and Certificate Lifecycle Management technology (e.g Venafi Trust Protection, Vormetric Key Management etc.)
- Public Key Infrastructure technologies (e.g. Digicert, Entrust, Verisign, RSA Security etc)
- Data Access Governance technology (e.g. Varonis, BigID, Optiv, Netwrix, etc.)
- Database Encryption technologies (e.g. CipherTrust, Vormetric Transparent Encryption, IBM Guardium, Fortanix etc)
- Familiarity with consumer identity and access management concepts and solutions such as ForgeRock, SAP CDC, Okta, certification a plus
- Familiarity with cloud technologies such as AWS, MS Azure, and GCP; certification a plus
- Strong awareness of ongoing and recent developments across the privacy landscape