IT Risk - Data Privacy Manager

  • Negotiable
  • Manhattan, NY, USA
  • Permanent, Full time
  • Michael Page International - US
  • 24 Sep 16

The Information Risk Management team is responsible globally for ensuring all key security risks pertaining to business delivery are managed and reported to executive management. The team is business facing (2nd Line) and engages on a frequent basis with business and technology leaders to identify, analyze and mitigate security risks. The team is also the primary touch point between the company and various regulators and auditors in response to security risk and control requests.

Through acquisitions and organic growth, this Financial Services firm has since grown to become a multinational property and casualty insurer specializing in coverage for small to mid-sized businesses.


  • Lead the firm's commitment to preserve the confidentiality, integrity and availability of all the physical and electronic information assets
  • Proactively work with the business analysts, developers and database administrators to inventory the data that requires additional controls to ensure proper data security
  • Help implement a risked based data security and classification program based on the Company's policy and procedures
  • Ensure the policy and procedures continuously address the relevant legislation, regulations, standards or technical guidance
  • Advise the development teams on data security requirements and make recommendations to strengthen controls as required within the development process
  • Perform a risk assessment of confidential data, report gaps in data security to senior management and the Board of Directors and recommend actionable solutions to bring the controls in compliance with Company policies
  • Monitor the implementation of data security solutions to ensure data is continuously protected
  • Assist in the compilation of data for the requests from external auditors and examiners
  • Keep abreast of the latest regulatory changes and implement changes to our program as needed
  • Provide training to all levels of staff within the organization on data and security requirements


  • Bachelor's degree in computer science or a related discipline
  • 10-12 years of experience in IT audit, information security or related technology experience required
  • 3-5 years of risk management, security strategy assessment and design, and data security and privacy
  • Working knowledge of various related security frameworks and regulations such as CobIT, NIST, ISO, PCI, global data privacy laws and regulations
  • Demonstrate hands-on expertise in large scale security programs for data security, confidentiality and availability
  • Ability to articulate verbally and in writing, complex/technical security terms to non-technical audiences
  • Ability to work on multiple tasks with competing priorities in a rapidly growing, fast-paced environment
  • Strong conceptual, analytical and organizational abilities

Job Offer

Competitive base + bonus