Senior Consultant - Data Privacy and Protection - Technology Risk - Risk Advisory
About Deloitte China
Our professionals at Deloitte China provide a full range of audit & assurance, consulting, financial advisory, risk management and tax services, and work closely within Greater China, across Asia-Pacific and around the world to provide clients of every size with local experience and international expertise. We have considerable experience in China and are one of the leading professional services providers in this marketplace.
The Deloitte purpose
is about making an impact that matters to our clients. Our extensive service spectrum enables us to help clients become leaders wherever they choose to compete. Deloitte is committed to investing in our people and empowers them to achieve more than they could elsewhere. Our work combines advice with action and integrity. We believe that when our clients and society are stronger, so are we.
To learn more about how Deloitte makes an impact that matters in the China marketplace, please connect with our Deloitte China social media platforms via www2.deloitte.com/cn/en/social-media. About Risk Advisory
Risk management covers many areas including security and privacy, reputation and control. Our professionals help clients across many industries flag, analyze, evaluate and manage strategic, technology, operational and fraud risks while discovering opportunities to create value. If you want to make an impact by helping clients to prevent and manage risk-related issues while creating significant value to their businesses this may be your chance to start a remarkable career.
Technology Risk team helps our clients to improve business confidence, manage and address technology risks, and to ensure that early warning mechanisms are in place through providing comprehensive technology risk consulting services to a broad range of businesses.
Our team in Hong Kong is rapidly growing. Due to client demand, we are looking for talents to join our high performing team. At Deloitte we view technology risk as primarily a business challenge. It take not only advanced technologies to mitigate technology risk, but also strong threat awareness, sound analytics capabilities, and solid preparedness to mount an effective response to crises; on the other hand, dependable governance processes are required to support strong leadership keeping organizations focused on what really matters.
In view of this, we deliver to our clients the full range of capabilities needed to build comprehensive technology risk programs, catering to all levels, from C-suite to technology operations. This broad reach enables us to offer the most informed, innovative advisory services. By joining us, you can be part of the forces developing next-gen technology risk solutions. Work you'll do:
You are also expected to:
- Conduct assessment and benchmarking with industry best practices pertaining to data privacy and protection, information security and cyber security
- Identify and assess risks in the areas of People, Process and Technology, using recognised sources of privacy and data protection frameworks
- Perform business / privacy impact assessments
- Advise on and establish governance framework for our clients including strategies, organisations, policies, processes, standards and guidelines, etc. around data privacy and protection, and information security
- Advise and support our global clients in privacy by design and technology, cyber security projects
- Advise on and implement performance management and assessment frameworks for privacy compliance
- Develop and manage relationships with security stakeholders within our clients
- Meet with clients to understand their needs and produce proposals to address them
- Contribute to our research and thought leadership to improve the eminence of our data privacy and protection practice
- Collaborate with third party vendors to leverage their tools and solutions implementation for our clients
- Show interest in the subject matter and able to perform research / understand data privacy and protection requirements for various jurisdictions
- Identifies and embraces our purpose and values and puts these into practice in their professional life
- Develops self by actively seeking opportunities for growth, shares knowledge and experiences with others, and acts as a strong brand ambassador
- Seeks opportunities to challenge self; teams with others across businesses and borders to deliver and takes accountability for own and team results
- Builds relationships and communicates effectively in order to positively influence peers and other stakeholders
- Understands objectives for clients and Deloitte, aligns own work to objectives and sets personal priorities
- University degree majoring in accounting, business administration, information systems, computer science, engineering, statistics, accounting, and / or business administration or related areas
- At least 3 years' experience preferably from consulting firms/large enterprises' project teams
- Strong knowledge of the Hong Kong privacy regime. Knowledge of China privacy regime, and APAC and international privacy regulations (e.g. General Data Protection Regulation) would be an advantage
- Knowledge of current privacy and cyber issues, cyber and privacy security frameworks, privacy engineering technologies, emerging trends, and best practices related to data privacy
- Experience of implementing privacy and information security programs including, privacy risk assessment, personal data inventory, data flow mapping and analysis, privacy access rules and strategy development such as policies and procedures, business process controls, system / technology understanding, incident response plans, monitoring, reporting of breach and escalation, and privacy training and awareness programs
- Professional qualification holder will be an advantage: CIPP, CIPT, CIPM, CISA, ISO27K, PMP, etc.
- Strong consultation and communication skills with highly proficiency in both spoken and written English and Chinese (Cantonese); Mandarin would be an advantage
Deloitte China refers to Deloitte Touche Tohmatsu in Hong Kong, Deloitte Touche Tohmatsu in Macau, Deloitte Touche Tohmatsu Certified Public Accountants LLP in the Chinese Mainland and their respective affiliates practising in Hong Kong, Macau and the Chinese Mainland.
Requisition code: CN174705