Project Background:
Loyola Marymount University (LMU) is seeking an experienced Data Privacy & Compliance Consultant to support its ongoing efforts in (1) assessing and enhancing compliance with data protection regulations and (2) strengthening its Disaster Recovery readiness.
This role will work under the direction of the Director of Information Security and Compliance and in collaboration with the ITS department to evaluate LMU’s adherence to privacy laws, identify sensitive data assets, and develop a strategic roadmap for risk reduction. The consultant will lead a cross-departmental data discovery initiative and assess current control effectiveness for sensitive and regulated data in alignment with FERPA, GLBA, HIPAA, GDPR, and, optionally, PCI DSS.
The Contractor will also assess LMU’s DR capabilities, identify gaps and organize tabletop exercises and a full recovery test.
Scope of Work:
The Contractor will work with the CIO and the ISO team and other ITS team members and campus stakeholders to mature and manage the key areas of the ISO including:
- Regulatory Compliance
- Lead the data discovery process to identify and map sensitive and regulated data across all departments and data systems.
- Categorize data types and classify them according to sensitivity, regulatory scope, and business criticality.
- Evaluate LMU’s current alignment with FERPA, GLBA, HIPAA, GDPR, and optionally PCI DSS.
- Assess current administrative, technical, and physical controls in place to protect sensitive data
- Identify gaps in compliance or control maturity and develop a remediation roadmap with prioritized actions.
- Collaborate closely with ITS, Legal, Risk Management, and departmental stakeholders to gather requirements and validate findings.
- Deliver an assessment report with detailed gap analysis and prioritized recommendations to remediate gaps
- Provide guidance on best practices for data minimization, retention, and classification.
- Support the reboot of LMU’s Data Governance and Privacy Working Groups with input and alignment recommendations.
- Document policies and procedures or recommend updates where necessary.
- Assist in preparing summary reports and presentations for senior leadership and auditors.
- Disaster Recovery
- Facilitate updates to LMU’s Disaster Recovery (DR) plans and procedures
- Perform a tabletop exercise of LMU’s BC/DR plan/procedures
- Develop a prioritized action plan based on tabletop exercise findings
- Plan and facilitate a full recovery of DR Data and Systems (Summer 2025)
- Policy Update
- Propose updates to LMU Privacy policies to be consistent with industry and regulatory requirements
- Propose updates to LMU Security policies to be consistent with industry and regulatory requirements
Experience:
- 7+ years of experience in DR, privacy, data protection, or information security compliance roles.
- Strong knowledge of FERPA, GLBA, HIPAA, GDPR, and general principles of U.S. and international privacy law.
- Hands-on experience with data discovery and classification tools or processes.
- Prior experience in a higher education environment is highly desirable.
- Skills:Ability to interpret regulations and apply them to complex institutional environments.
- Experience working cross-functionally with IT, legal, and business teams.
- Strong leadership, organization, and project management skills.
- Excellent written and verbal communication skills, especially in presenting findings to non-technical audiences.
- Highly organized, self-motivated, and results-oriented.
- Certifications:Privacy certifications such as CIPM, CIPP-US, CIPP-E, or similar.
- Preferred QualificationsFamiliarity with PCI DSS and/or experience in payment data environments.
- Experience supporting or leading data governance programs.
- Experience in policy development, risk assessment, or compliance audits.
- Understanding of cloud environments and third-party risk.
Reporting and Communication:
- The contractor will report directly to the Director of Information Security and Compliance and provide regular progress updates.
- The contractor will participate in weekly meetings with the ITS team and provide status reports as required.
Assumptions and Constraints:
- The contractor will have access to all necessary resources, including personnel, technology, and documentation, to perform their duties effectively.
- The contractor is expected to work collaboratively with LMU staff and integrate seamlessly with existing teams.
- The contractor will be required to sign a confidentiality or data protection agreement.
- This is a remote position.
