See job description for details
Spike Reply is
the cybersecurity company, specialized in
SECURITY ADVISORY,
SYSTEM INTEGRATION and
OPERATIONS, fully providing consultancy services and integrated solutions.
We support our customers to apply
pervasive security methodologies and tools on all the different stages of the
digital transformation path, while protecting the organizations from
cyber attacks through advanced and
innovative methods for identifying and analyzing risks, vulnerabilities and threats.
This approach allows the enterprises to
enhance their security posture while continuing to
operate in optimum conditions.
We are looking for an experienced Data Protection and Privacy Consultant (2 to 4 years of experience) that would like to join Spike on its innovative, challenging projects.
Specifically, the resource will be involved in the following activities:
- Design and review the privacy management framework (e.g. privacy policy, privacy processes, notices and consents)
- Complete and review impact assessments, third parties questionnaires, records of processing activities, subject access requests, and similar data privacy compliance documentation
- Assist with drafting privacy/data protection/security terms for third party agreements and, in case of extra EU data transfer, drafting of Standard Contractual Clauses (SCC) and Transfer Impact Assessment
- Manage privacy by design activities within wider projects, identifying, evaluating, and designing best in class solutions and strategies to support our Clients to mitigate risks and to be able to demonstrate full compliance with the privacy regulations (e.g. GDPR compliance, ISO 27701)
Professional skills and requirements Generally, the candidate must have a working knowledge of data protection and privacy processes, methodologies, standards and best practices. The ideal candidate will have the following requirements:
- At least 2 years of experience in privacy and data protection topics, e.g. developing, implementing and maintaining data privacy policies, procedures and infrastructure
- Deep knowledge of data protection and privacy regulation, standards and best practice, and proven experience in related application (i.e. GDPR, Provisions of the Italian Garante, EDPD guidelines, Cookies, etc.)
- Knowledge of cyber and information security regulation, standards and best practices
- Passion and curiosity for the cybersecurity industry and technology trends, innovations and frameworks with impact on data protection and privacy
- Bachelor degree in computer science, engineering or equivalent
- Solid knowledge of MS Office tools (MS Excel, MS PowerPoint, MS Word)
- Ability to work in large international contexts
- Team work attitude
- Native proficiency in Italian
- Professional proficiency in English, oral and written (at least B2 level).
Nice to have - Privacy professional certification (e.g. CIPP, CIPM, CIPT)
- Knowledge of general cyber and information security concepts and framework, such as Governance, Risk & Compliance
- Certifications on Information Security and IT Audit (e.g. ISO/IEC 27001 Lead Auditor, CISM, CISA, ITIL, etc.)
