Data Protection Governance and Risk Manager, ICF, Fairfax, VA

Key Responsibilities:

  • Develop Data Protection and related governance models, methodologies and best practices for existing and new project, proposal, contract, product, approval, and technology initiatives.
  • Assess Data Protection capabilities and proactively interact with various business and IT teams to gather information and requirements, resolve problems and make recommendations for improvements.
  • Support Data Protection program planning, policies and procedures development, data classification, risk assessments, and implementation of programs and solutions.
  • Conduct data privacy and data security risk and/or gap assessments and internal privacy audits, review privacy practices, and prepare reports and other deliverables that contain strategy, project, or technical analysis and findings in connection with engagements and communicate those results to stakeholders.
  • Conduct quarterly deep dive assessments against the riskiest controls and tracks remediation plans to closure.
  • Identify and maintain a register of business processes and IT systems where personal data is processed.
  • Ensure appropriate related risk-based control systems are in place.
  • Assist with advising business as well as IT teams regarding Data Protection and E-Privacy issues and requirements.
  • Ensure employees are fully informed of their respective Data Protection and E-Privacy responsibilities for complying with such laws.
  • Ensure data subjects, including employees, are informed of their related rights.
  • Manage Data Protection, E-Privacy, and related communications.
  • Define and validate business and technical compliance requirements for regulatory requirements regarding Data Protection controls.
  • Monitor compliance with applicable Data Protection requirements.
  • Assess and establish Data Protection controls and standards on client engagements to reduce risk to ICF, our clients and our clients' clients.
  • Help client-facing business teams identify and evaluate Data Protection gaps, and create appropriate remediation action plans to minimize Data Protection risk.
  • Partner with business and IT teams to build project-specific Data Protection and E-Privacy standards and guidelines.
  • Assess, and apprise stakeholders regarding, client Data Protection controls and activities being performed across all client engagements.
  • Assess and apprise stakeholders regarding vendor Data Protection controls and activities.
  • Help business teams and other stakeholders enhance their Data Protection risk management skills.
  • Oversee and continuously improve data subject rights compliance programs, and ensure prompt and professional responses to data subject requests.
  • Support data hygiene operations, and review and analyze Data Protection events and alerts.
  • Establish and maintain measures to ensure Data Protection incidents, data breaches, and risk events are properly reported, logged, escalated and appropriately handled.
  • Coordinate incident response with Information Security Office, Risk Management, Office of General Counsel and other stakeholders.
  • Measure and report Data Protection metrics within the Office of General Counsel and to the Information Security Office and other business stakeholders to reduce compliance risks.
  • Manage the introduction of, and transition to, new Data Protection and E-Privacy requirements as they arise.
  • Stay current on Data Protection and E-Privacy industry trends, new threats, attack techniques, mitigation techniques, and emerging Data Protection technologies; Keep abreast of the latest Data Protection standards, laws, and regulations to ensure compliance with internal data protection policies.


Essential Skills/Experience:

  • Bachelor's or Master’s degree in Computer Science, Information Security and Information Privacy, Information Management, Organizational Management, law or equivalent education with 8+ years related experience.
  • Obtained or demonstrates an active pursuit of three or more of the following certifications: CIPP/US/E/C, Governance Risk Compliance (GRC); Project Management Professional (PMP); Business Relationship Management Professional (BRMP); Lean Six Sigma; ISO 27001 Lead Auditor.
  • Technology generalist with substantive knowledge and experience advising on global Data Protection and E-Privacy standards/regulations at least in the following areas: U.S. privacy laws, U.S. data breach laws, Privacy Shield, NIST 800 series, FISMA, GDPR, PIPA, PIPEDA, HIPAA/HITECH, COPPA, FCRA, GLBA, CASL, CAN-SPAM, E-Privacy Directive, etc., especially as it relates to building a program and/or managing corporate-wide Data Protection policies, procedures, internal controls, risk assessments, business process and internal IT control testing or operational auditing.
  • Demonstrative experience in the design, support and implementation of holistic and targeted solutions required to meet the requirements of Data Protection best practice, ethical operations, and regulation.
  • Proven experience partnering with the cross-functional teams on Data Protection and E-Privacy requests, as well as with vendors, consultants and multiple global counterparts to launch and maintain projects on track.
  • Support vendor management program, including audit and contract drafting and negotiations regarding Data Protection matters.
  • Experience in information systems auditing, attestation audits and the assessment and mitigation of risk.
  • Production and delivery of Data Protection training and awareness sessions.
  • Knowledge of current Data Protection management tools and systems.
  • Knowledge of Data Protection in the contracts, procurement, etc. phase.
  • Experience in working successfully within fast-paced business cultures and technology industries.
  • Self-starter with ability to gain required knowledge in dynamic environments.
  • Exceptional communication skills to speak with a wide-ranging audience, from executives to data subjects, from managers to IT staff and lawyers.
  • Proven client and business relationship skills to continuously coordinate with controllers and processors while maintaining independence.
  • Demonstrative leadership skills achieving stated objectives involving a diverse set of stakeholders and managing varied projects.
  • Knowledge of emerging technologies, such as cloud computing, Internet of Things (IoT) and advanced analytics.
  • Experience partnering with analytics and IT to drive data management.
  • Demonstrates strategic, creative thinking and problem-solving skills, and advanced knowledge of SharePoint, MS Office Word, Excel, Visio, and PowerPoint.
  • Experience interacting with remote and virtual business teams and staff.
  • Able to translate complex technical concepts into clear communication for non-technical business teams and executives.
  • Experience in analyzing security and technical requirements and mapping to relevant security controls.
  • Technical knowledge of mainstream operating systems, and a wide range of security technologies, and security tools.

Professional Skills:

  • Outstanding level of professionalism, including ability to exercise good judgement, discretion, tact, diplomacy, and attention to detail.
  • Ability to effectively drive decisions through outstanding verbal, interpersonal and written communication skills and to communicate with all levels of management, internal staff, as well as outside clients and vendors.
  • Excellent management and leadership skills.
  • Ability to work independently, and as part of a group, with the ability to multi-task and meet strict deadlines while managing multiple priorities in a demanding fast-paced, interactive, results-based environment.
  • Sound business ethics, including the protection of proprietary and confidential information.
  • Reliable and dependable with a willingness to occasionally work outside of standard business hours as needed to meet client deadlines and/or participate in corporate initiatives and professional development programs.
  • Ability to research, interpret, communicate, and apply correct applications with internal business units.
  • Proven track record in the project management field and developing PMO processes, including ensuring governance framework and project documentation.
  • Strong PMO experience in SDLC, information technology and information systems, and business process.

Application Submission Information:

Please apply online: