Manager - Cyber Security, Privacy and Data Protection

We are looking for a talented Privacy Manager to join our San Francisco office. We need someone that is comfortable with complex, multi-work stream projects and managing teams of two or more to deliver quality work products on time and within budget. Someone that has an ability to develop creative solutions to complex problems and manage execution. And can also manage multiple and often competing deadlines and client needs.

This position requires an advanced degree and/or significant experience in the privacy and data risk management consulting field.  You will interact with clients on a day-to-day basis and take the lead role in managing the client relationship and the engagement delivery team. You will be required to lead projects with multiple work streams and priorities, oversee a team to deliver quality work products, assist clients in identifying risks and developing strategic solutions for managing them.  Additionally, it is expected that you will work closely with the internal team to build and implement pragmatic and integrated solutions to privacy and data risk issues.


Possess a broad range of consultative risk management skills in the areas of evaluating and identifying privacy legal and regulatory requirements and operational controls across a variety of industries to manage and mitigate privacy and data protection risk, specifically 

  • Understanding the strategic project objectives and tactical tasks and activities to be completed to achieve project goals

  • Identifying privacy and data protection risks, requirements and controls

  • Assisting clients with designing and implementing privacy and data governance programs, requirements, processes and controls

  • Overseeing projects and teams to ensure that work products are delivered according to the project plan milestones and budget

  • Performing quality reviews for all client deliverables developed by the project team, course correcting, where needed

Core competencies should include the planning, execution, and delivery of engagements across the broad disciplines of requirements identification, conducting risk assessments, policy, standards, and procedures development, Privacy by Design (PbD) evaluation, cloud and shared control environment assessments, operating model design, and metrics and reporting dashboards.

 You should be familiar with laws, regulations, and industry standards such as: The California Consumer Protection Act (CCPA), General Data Protection Regulation (GDPR), PCI DSS (Payment Card Industry Data Security Standard), Health Information Portability and Accountability Act (HIPAA), Gramm-Leach-Bliley Act (GLBA) National Institute of Standards & Technology (NIST) SP800-53 and Cybersecurity Framework, and International Organization for Standardization (ISO) series 27001/2, 27005, 31000.

 Prior Big 4 or external consulting experience strongly preferred with excellent verbal and written communication skills.

 Experience with Microsoft Office Suite including Visio with emphasis on PowerPoint to storyboard client engagements and Excel for analysis.

 Relevant certifications:


 Prior Experience:

5-7 years

 Travel required, 30-40% (max)