IBM Data Security & Privacy Security Expert in HERNDON, Virginia
Your Role and Responsibilities
IBM Services is a team of business, strategy and technology consultants enabling enterprises to make smarter decisions and providing unparalleled client and consumer experiences in cognitive, data analytics, cloud technology and mobile app development. With global reach, outcome-focused methodologies and deep industry expertise, IBM Services empowers clients to digitally reinvent their business and get the competitive edge in the cognitive era.
Bottom line? We outthink ordinary. Discover what you can do at IBM.
In this exciting role, you will be assigned to various projects and will be required to design, implement and execute data security and privacy controls in accordance with the GBS NA DS&P Framework.
You will have required reading and attestation of security policies and DS&P Framework and will be required to pass an internal DS&P Exam to test the knowledge of the framework.
You will be required to read all contract documentation and apply all data security requirements
Includes planning and execution of applicable controls based on contracts.
Will be required to effectively communicate and defend control posture to project executive/project manager and project management team, as well as work with the project team’s technical lead and team to understand and document access profiles for project resources.
You will be responsible for authoring and updating data security plan and all process documents - on/off board process, access management process, workplace inspection processes and work with the project team to obtain and maintain an audit ready posture and respond to internal risk reassessments with the required control documentation and evidence.
You will bring expertise in security to the project to assure controls are well designed and executed to reduce the overall risk to IBM.
Review contract documentation, then design, implement and execute data security controls. (40%)
Identify, document and manage project risks and security control gaps. (20%)
Schedule and facilitate monthly data security management meetings; obtain project manager approval. (15%)
Create, manage (validate/audit) application inventory, workforce list, SOD Matrix and access control list. (10%)
Research applicable control requirements and industry standards and apply to project requirements. (5%)
Respond to internal and client audit requests and provide control execution evidence as required. (5%)
Other duties as assigned (education/training, contributions to the practice, etc.(5%)
Some remote work possible but should be located in the VA/MD/DC area
The Public Service Sector consulting practice is a trusted advisor to federal, state and local governments, partnering to meet challenges and responding quickly to citizen demands, business needs, new economic conditions, and changing legislative priorities and policies.
Health Insurance. Paid time off. Corporate Holidays. Sick leave. Family planning. Financial Mentorship. 401K. Training and Learning. We continue to expand our benefits and programs, offering some of the best support, mentorship and coverage for a diverse employee population.
Our goal is to be essential to the world, which starts with our people. Company wide we kicked off an internal talent strategy program called Go Organic. At our core, we are committed to believing and investing in you, our workforce, through:
Skill development: helping our employees grow their foundational skills
Finding your dream job at IBM: navigating our company with the potential for many careers by channeling an employee’s strengths and career dreams
Diversity of people: Diversity of thought driving collective innovation
In 2015, Go Organic filled approximately 50% of our open positions with internal talent that were promoted into the role.
With an employee population of 375,000 in over 170 countries, amazingly we connect, collaborate, and care. IBMers drive a corporate culture of shared responsibility. We love grand challenges and everyday improvements for our company and for the world. We care about each other, our clients, and the communities we live, work, and play in.
Required Professional and Technical Expertise
Knowledge of industry data security and privacy practices.
Exposure to data security planning and data security control design
Ability to review contracts and determine applicable controls, then design, implement and execute against those controls.
Working knowledge of data classification (PI, SPI, BSI), risk and protection of specific data types.
Excellent organizational, communication and analytical skills.
Ability to identify, document and manage applicable data security and privacy risks.
Fundamental knowledge of regulatory control requirements (i.e. HIPAA, PCI, FERPA, GDPR etc.)
Familiarity with segregation/separation of duties, ability to identify and manage conflicting tasks and apply secondary controls.
Familiarity with identifying and documenting user ID access management for project resources.
Certs: One or more preferred. CISA, CISM, CRISC, CGEIT) or (ISC)2 i.e. CISSP, SSCP, CCSP, CAP, CSSLP.
Ability to obtain and maintain DoD Secret Security Clearance as needed
Preferred Professional and Technical Expertise
Control execution for regulatory compliance.
Authoring data security plans and process documents and defending for approval of project manager.
Working knowledge of internal and client audit processes and successfully defending controls in an audit.
About Business Unit
Your Life @ IBM
Being You @ IBM
IBM is committed to creating a diverse environment and is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status. IBM is also committed to compliance with all fair employment practices regarding citizenship and immigration status.
- IBM Jobs