FIRM OVERVIEW

Promontory Financial Group, an IBM Company, is accepting applications from candidates who are confident, hardworking, and reliable, and having a strong interest in privacy, information technology and regulatory compliance. Promontory is a leading privacy, strategy, risk management and regulatory compliance consulting firm focused primarily on the regulated industries, including financial services.

We are involved in some of the most urgent and pressing data protection and privacy issues of the day, including cross-border conflicts, international data transfers and data breach disclosures. From nineteen offices worldwide, our professionals assist clients in more than fifty countries.  The Promontory team is diverse, talented and passionate about its work. We would like to attract applicants who are equally passionate and enthusiastic about gaining experience in privacy and data protection. As part of the privacy practice, you will work within a team of senior industry figures and experienced professionals. You will learn from the best in the industry and be intellectually challenged from the day you start work.

SUMMARY

As an Associate, you will have a unique hands-on experience in business development, client work, and other projects. You will be challenged to develop your knowledge in our areas of expertise and our client’s business issues while building your skills in communications, problem solving, and consulting. Associates are responsible for providing advice and counsel to clients, including with respect to governance, regulatory requirements, and strategic decisions.

PRIMARY DUTIES AND RESPONSIBILITIES

• Work with teams addressing complex compliance and risk management challenges relating to data privacy, information/cyber security and information risk.
• Analyze legal or regulatory requirements, including as developed through administrative or judicial proceedings.
• Review and analyze client written materials, such as policies, procedures, and governance artifacts. Assist in drafting and revising client deliverables—including reports, correspondence, presentations, and written tools such as policies and templates.

• Conduct onsite privacy and security risk assessments which include reviewing all aspects of an information security program (policies, procedures, administrative and technical controls, security tools and software)

• Play a hands-on role in business development, such as by helping to draft proposals and participating in meetings with current or potential clients.
• Participate in client meetings, such as interviews or presentations, which often include senior executives or directors of the client.
• Monitor and prepare reports on global regulatory developments.
• Travel as required to client sites in the United States and internationally. Time spent traveling ranges from 10% to 75%, depending upon the project.
• Performs additional duties as assigned

KNOWLEDGE, SKILLS AND ABILITIES:

• Superior writing and editing skills with the ability to construct well-founded, clear, and concise analyses and recommendations.
• Strong attention to detail.
• Strong analytical skills.

• Experience performing information security compliance reviews and/or audits
• Proficient in information security control frameworks like FFIEC, NIST, and ISO 27000
• Certifications (prefer one of the following): CISA, CISSP, CISM, CIPP

• Ability to handle complex information, solve problems, and manage multiple tasks.
• Ability to communicate effectively with clients and within all levels of the organization.
• Ability to establish and maintain positive relationships and build teams.

• Ability to work independently

• Strong reputation for integrity and ethics.

EDUCATION:

• Bachelor’s degree.

EXPERIENCE:

• At least 3 years of experience relating to data privacy, information/cyber security and information risk matters.