CDM Smith provides lasting and integrated solutions in water, environment, transportation, energy and facilities to public and private clients worldwide. As a full-service consulting, engineering, construction, and operations firm, we deliver exceptional client service, quality results and enduring value across the entire project life cycle.
Under light supervision, the Lead IT Security Compliance and Data Privacy Specialist develops and implements enterprise information security and data privacy solutions. Serves as a security and data privacy subject matter expert in helping project teams comply with security and data privacy policies, industry regulations, and best practices. Researches, designs, and advocates new technologies, architectures, and security/data privacy products that will support requirements for the enterprise and its customers, business partners, and vendors. Contributes to the development and maintenance of information security and data privacy strategy and frameworks. Analyzes business impact and exposure based on emerging security threats, vulnerabilities, and risks. Leads teams in complex procedures (e.g., logical and physical access management, deployment and support of security tools, risk and vulnerability assessments, security auditing and monitoring, incident response, etc) necessary to ensure the safety of information systems assets and to protect systems from intentional or inadvertent access or destruction. Provides feedback on team members performance and provides mentoring as necessary. Provides management with tracking and status reports, analysis, and metrics on security and data privacy actions, events, trends, and concerns. Communicates risks and solutions to business partners and IT staff as needed. Must be able to weigh business needs against security and data privacy concerns and articulate issues to management. Manage company’s activity relating to the data protection and making sure we are compliant with all legislation. Promote and educate employees on the importance of security awareness and data protection and advise on any new legislation in this area.
- 2 years of related work experience
- Bachelor’s degree. Applicable information security certifications a plus (e.g., CISSP, CISM, CISA, CRISC, CDP, CIPP, CIPM, etc.).
- Requires familiarity with security and data privacy standards and frameworks, applicable laws and regulations, policies, procedures, and tools. Conducts accurate evaluation of actions needed and the level of risk required.
Limited travel is required.
Expert level knowledge in various industry standards and best practices such as SOC 2 Type II, ISO 27001 Certification, GDPR, MA201CMR17, NIST 800-53 and 800-171.
Application Submission Information: