Title: Data Privacy Compliance Consultant
Company: Loyola Marymount University
Duration: approved for 2 months, likely to extend past 2025.
Location: REMOTE
Start date: week of 4/14
Interviews: 1 round
Pay: $40-$68/HR, depends on experience
Required Skills & Experience
-5+ years of experience working with data governance or data compliance
-Knowledgeable about regulatory standards such as FERPA, GLBA, HIPAA, GDPR, and general principles of U.S. and international privacy law
-Skilled in data discovery and assessment reporting as well as providing guidance on best practices regarding data governance and policy
Nice to Have Skills & Experience
-Prior experience in a higher education environment is highly desirable
-GRC - Governors Risk Compliance tools
Job Description
A distinguished University in Los Angeles is looking for a Data Compliance Consultant to join the Information Security Office to support its ongoing efforts in (1) assessing and enhancing compliance with data protection regulations and (2) strengthening its Disaster Recovery readiness. This role will work under the direction of the Director of Information Security and Compliance and in collaboration with the ITS department to evaluate the University's adherence to privacy laws, identify sensitive data assets, and develop a strategic roadmap for risk reduction. The consultant will lead a cross-departmental data discovery initiative and assess current control effectiveness for sensitive and regulated data in alignment with FERPA, GLBA, HIPAA, GDPR, and, optionally, PCI DSS. The Contractor will also assess data regulation capabilities, identify gaps and organize tabletop exercises and a full recovery test.
Working closely with ITS, Legal, Risk Management, and departmental stakeholders to gather requirements and validate findings, this person will lead the data discovery process to identify and map sensitive and regulated data across all departments and data systems. As they meet with departmental stakeholders this person will create an inventory that categorizes data types and classifies them according to sensitivity, regulatory scope, and business criticality. During this process they will evaluate current alignment with FERPA, GLBA, HIPAA, GDPR, and optionally PCI DSS and assess identify gaps in compliance or control maturity and develop a remediation roadmap with prioritized actions. Within the first phase of this role they will deliver an assessment report with detailed gap analysis and prioritized recommendations to remediate gaps.
Lastly, they will support the following responsivities regarding disaster recovery and policy updates:
o Disaster Recovery
○ Facilitate updates to Disaster Recovery (DR) plans and procedures
○ Develop a prioritized action plan based on tabletop exercise findings
○ Plan and facilitate a full recovery of DR Data and Systems (Summer 2025)
o Policy Update - Propose updates to Privacy policies and security policies.
Exact compensation may vary based on several factors, including skills, experience, and education.
Benefit packages for this role will start on the 31st day of employment and include medical, dental, and vision insurance, as well as HSA, FSA, and DCFSA account options, and 401k retirement account access with employer matching. Employees in this role are also entitled to paid sick leave and/or other paid time off as provided by applicable law.
