The EU Data Privacy Officer, reporting directly to the CIO in the Zeta Office of the CIO (OCIO), has the primary responsibility for setting the overall direction, policies, standards, and guidelines for the OCIO’s technology environment including lifecycle and asset management and technology governance. This position is directly responsible for maintaining the security and integrity of all electronic assets at Zeta, and is responsible for setting the security policies for Zeta’s Information Technology. The EU Data Privacy Officer is responsible for driving the implementation of technologies, processes, and methods to measure and monitor compliance, and serves as the subject matter expert on security risks and mitigation alternatives.
ESSENTIAL JOB FUNCTIONS AND BASIC DUTIES:
Develop a holistic security architecture which identifies potential threats and provides a framework for building resilience to effectively safeguard Zeta’s electronic assets.
Responsible for designing, engineering and administering the full range of IT security systems including designing, approving, reviewing and auditing information and physical security solutions.
Proactively protect the integrity, confidentiality, and availability of information technology resources.
Ensure systems and procedures comply with federal, state, local, and Payment Card Industry (PCI) regulations.
Perform security risk assessments by analyzing computing environments to determine vulnerabilities and recommending safeguards to mitigate risk.
Perform compliance reviews to ensure applications and servers are operating in accordance with established policies and procedures.
Respond in a timely manner to a loss / breach or misuse on information technology assets.
Work with infrastructure operations and other groups to manage connection security for LAN, WAN, web sites, and email communications.
Plan, design, and implement security systems and software, including firewalls, VPNs, intrusion detection / prevention systems, cryptographic systems, biometrics, anti-malware vulnerability management and patch management software.
Design and implement disaster recovery plans.
Conduct research on emerging products, services, protocols, and standards.
Serve as the IT Information Security subject matter expert (SME) on legal compliance, industry compliance, and internal audit issues.
The above statements are intended to describe the general nature and level of work being performed by people assigned to this job. They are not intended to be an exhaustive list of all responsibilities, duties and skills required.
EDUCATION AND EXPERIENCE:
Bachelor’s degree in Information Technology, Computer Science or related field, plus eight (8) years of experience in Technology and/or Information Systems management, including IT security, or an equivalent combination of education and experience. Five (5) years of project/program management experience, business analysis, and strategic planning skills is preferred. Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP) or Certified Information Security Manager (CISM) credentials are required.
Extensive IT security industry experience, including design and implementation experience related to privacy, data classification, records management, data flow analysis, electronic discovery, and information lifecycle management is strongly preferred.
Demonstrated knowledge in security management and strategies; capable of assessing the current security environment and able to bridge any obvious gaps that exist.
Knowledge of TCP / IP and other network protocols, including their vulnerabilities and solutions. Knowledge of current transport technologies (routers, switches, protocols and other technologies) for a large WAN / LAN
Advanced knowledge of current project management principles, processes, methodologies and tools for information technology projects.
Expert knowledge of compliance auditing and evaluation.
Working technical knowledge of current systems software, operating systems, and PC protocols and standards.
Excellent written and verbal communications skills. The ability to express complex technical concepts effectively in a business-oriented fashion to non-technical audiences, as well as the ability to communicate effectively with technical audiences, is critical.
Demonstrated ability to apply analytical and problem solving skills to information security and privacy issues.
Must have the ability to build high performing teams and leverage relationships across the organization.
Must be comfortable in a dynamic, fast-paced environment.
Demonstrated ability to maintain confidential with extremely sensitive situations and information.
Business Acumen - Knows how businesses work; knowledgeable in current and possible future policies, practices, trends, and information affecting his/her business and organization; knows the competition; is aware of how strategies and tactics work in the marketplace.
Customer Focus - Is dedicated to meeting expectations and requirements of both internal and external customers; acts with customer in mind; gets first-hand customer information and uses it for improvements in products and services; establishes and maintains effective relationships with customers and gains their trust and respect.
Dealing with Ambiguity - Can effectively cope with change; can shift gears comfortably; can decide and act without having the total picture; isn’t upset when things are up in the air; doesn’t have to finish things before moving on; can comfortably handle risk and uncertainty.
Delegation - Clearly and comfortably delegates both routine and important tasks and decisions; broadly shares both responsibility and accountability; tends to trust people to perform; lets direct reports finish their own work.
Directing Others - Is good at establishing clear directions; sets stretching objectives; distributes the workload appropriately; lays out work in a well-planned and organized manner; maintains two-way dialogue with others on work and results; brings out the best in people; is a clear communicator.
Integrity and Trust - Is widely trusted; is seen as a direct, truthful individual; can present the unvarnished truth in an appropriate and helpful manner; keeps confidences; admits mistakes; doesn’t misrepresent him/herself for personal gain.
Motivating Others - Creates a climate in which people want to do their best; can motivate many kinds of direct reports and team or project members; can assess each person’s hot button and use it to get the best out of him/her; pushes tasks and decisions down; empowers others; invites input from each person and shares ownership and visibility; makes each individual feel his/her work is important; is someone people like working for and with.
Planning - Accurately scopes out length and difficulty of tasks and projects; sets objectives and goals; breaks down work into the process steps; develops schedules and task/people assignments; anticipates and adjusts for problems and roadblocks; measures performance against goals; evaluates results.
Priority Setting - Spends his/her time and the time of others on what’s important; quickly zeroes in on the critical few and puts the trivial many aside; can quickly sense what will help or hinder accomplishing a goal; eliminates roadblocks; creates focus.
Problem Solving - Uses rigorous logic and methods to solve difficult problems with effective solutions; probes all fruitful sources for answers; can see hidden problems; is excellent at honest analysis; looks beyond the obvious and doesn’t stop at the first answers.
Process Management - Good at figuring out the processes necessary to get things done; knows how to organize people and activities; understands how to separate and combine tasks into efficient work flow; knows what to measure and how to measure it; can see opportunities for synergy and integration where others can’t; can simplify complex processes; gets more out of fewer resources.
Time Management - Uses his/her time effectively and efficiently; values time; concentrates his/her efforts on the more important priorities; gets more done in less time than others; can attend to a broader range of activities.