Security Governance Consulting, DPO Solutions
Security Governance Consulting, DPO Solutions

Security Governance

Consultant Service

Outsource the role of security governance consultant to us and get the immediate compliance expertise you need

What is it? Our security governance consultant service is a flexible solution for firms requiring general support for their security governance program on a short to medium term basis.

What areas can we help with? We provide expert support for the most popular frameworks and governance tasks in financial services and healthcare, these include;

    • PCI-DSS, ISO, GDPR, NIST & HIPAA Control Design & Implementation
    • Cloud security architecture (AWS & Azure) – IAM, Logging, Encryption, App security etc.
    • Security assessments and risk remediation
    • Vulnerablity management
    • Firewall & ACL reviews
    • KRI Reports
    • Security Awarness Training

How does it work? We p According to numerous data privacy industry reports including the 2020 data privacy officer priorities report and the veeam 2020 data protection trends report there is a systemic shortage of skilled staff who are fluent in data privacy and protection, particularly in cloud environments. Veeam classifies the staffing problem as chronic particularly when it comes to new data protection initiatives.

Their report further classifies problems behind staffing and budget
as firms face an inability to support DevOps or AppDev and an inability to demonstrate assurance for compliance which is seriously hampering their ability to meet regulatory obligations and business goals.
Within the staffing challenge of course their are even more nuanced issues as it typically takes firms 2-5 months before permanent data privacy roles are filled while most candidates that do take up roles have an average of 18 months direct experience in data privacy.

The Solution:
As a data privacy and cyber security professional of 25 years international experience for over 15 different financial services and healthcare firms, I know a thing or two about data privacy and protection.
I’ve worked on digital transformation projects as a privacy officer and cyber security professional in AWS and Azure cloud environments and am well versed in ISO-27001, GDPR, PCI-DSS, NIST, OWASP and CIS controls positioning me well to work with IT security, AppDev and business teams.
I work exclusively on a contract basis, giving you the flexibility to expand or contract the scope of engagement and actually save money in comparison to the overheads associated with a FTE.
Read more about specific service offerings in the next section.

What I Provide: I provide data privacy consultant services on a short to medium term basis for firms needing a qualified privacy technologist.
An example of recent projects as a contract DPO / Privacy Technologist that I have worked on include,

  • A data privacy program implementation based on ISO27701:2019 to support a multi CSP environment migration
  • An enterprise data de-identification project using several P.E.T. technologies
  • A DLP system implementation leveraging data mapping, a privacy safeguards policy base and SIEM alerting functionality
  • A RBAC review of systems in the transmission path of PII data in a financial services company
  • A multi-modal privacy awareness program development and tracking system for 2500+ user base.

The Privacy Resource Challenge: According to numerous data privacy industry reports including the 2020 data privacy officer priorities report and the veeam 2020 data protection trends report there is a systemic shortage of skilled staff who are fluent in data privacy and protection, particularly in cloud environments. Veeam classifies the staffing problem as chronic particularly when it comes to new data protection initiatives.

Their report further classifies problems behind staffing and budget
as firms face an inability to support DevOps or AppDev and an inability to demonstrate assurance for compliance which is seriously hampering their ability to meet regulatory obligations and business goals.
Within the staffing challenge of course their are even more nuanced issues as it typically takes firms 2-5 months before permanent data privacy roles are filled while most candidates that do take up roles have an average of 18 months direct experience in data privacy.

The Solution:
As a data privacy and cyber security professional of 25 years international experience for over 15 different financial services and healthcare firms, I know a thing or two about data privacy and protection.
I’ve worked on digital transformation projects as a privacy officer and cyber security professional in AWS and Azure cloud environments and am well versed in ISO-27001, GDPR, PCI-DSS, NIST, OWASP and CIS controls positioning me well to work with IT security, AppDev and business teams.
I work exclusively on a contract basis, giving you the flexibility to expand or contract the scope of engagement and actually save money in comparison to the overheads associated with a FTE.
Read more about specific service offerings in the next section.

Data Privacy Services

These are key service areas I can offer help with.

  • Act as Your Registered DPO

  • ISO 27701 Implementation

  • Data De-Identification

  • Privacy Risk Awareness Training

  • Impact Assessment Programs
  • Enterprise DLP Projects
  • Cloud RBAC Reviews

  • Legal / HR / DPC Liaison

an image of Paul Rogers - Data Privacy and Protection Consultant - data-privacy.io

I’ve worked on major data privacy projects for Wall st firms, New York HHC hospitals,  UK banks and multi-national insurers, bio-tech and other market segments over the last 20 years.

As a highly qualified and experienced privacy and cybersecurity consultant I help firms navigate the complexities of HIPAA, GDPR, CCPA and other privacy focused regulations in an international context and in context of their overall compliance strategy.

Using my extensive experience in privacy and security supports stakeholders decision making efforts over what controls to implement, risk management and efforts to comply with evolving regulations.

I believe my background in data privacy & governance, cybersecurity, forensics and engineering offers clients a hard to find blend of skills in a competitive jobs market.
In addition to privacy focused frameworks I have an extensive track record in developing security processes and procedures including ISO-27000, NIST, Cloud CSM, OWASP, PCI-DSS and regularly work with Agile development teams, business analysts, IT, Legal and HR to implement data privacy tasks.

I offer fixed price rates tailored to suit your organisation. There are no hidden costs ensuring there is no uncertainty with price when it comes to data privacy.

You can preview my CVHere- and use the enclosed form at the bottom of the screen to request a full version be emailed to you. We can setup a call to discuss your needs at your convenience.

Why a privacy consultant maybe the right fit!

When time pressure is a factor and shortage of in-house skillset is also a challenge, particularly when it comes to international regulations, then getting immediate help from a qualified consultant is the answer.
Most hiring managers have reported on average 2-5 months before full time compliance positions are filled. The average number of candidates being interviewed is between 2 and 4 per week.
When you factor in the interview time, CV review time, overheads with having a full time staff member and time taken away from other tasks, it makes the recruitment and retention process costly in terms of money and onboarding effort.

Fixed Term Contract

A fixed term contract from 3 months to 1 year is probably a good option while you wait to hire a FTE or up-skill an internal resource. It may also be a case that you only need part-time support for example 80 hours per month, we can discuss that too.
In any instance, I can act as your point person on all things privacy related and take on any necessary tasks such as;

  • Records management
  • Policy development
  • Dealing with EU data privacy authorities, State AG offices etc.
  • privacy and security assessments and remediation
  • Incident handling
  • Implementation of privacy enhancing technologies (PET’s)
  • Training and more.

Which are all required under data privacy rules

an image of Paul Rogers - Data Privacy and Protection Consultant - data-privacy.io

I’ve worked on major data privacy and cyber security projects and roles for highly regulated firms including the New York Stock Exchange, Wall st investment banks, Irish & UK banks and insurers and other market segments over the last 25 years.

As a highly qualified and experienced privacy and cybersecurity consultant I help firms navigate the complexities of privacy regulations in an international context and in context of their overall compliance strategy.

Using my extensive international experience in privacy and security, I help stakeholders in their decision making efforts over what controls to implement, risks to priortise and efforts to comply with evolving regulations.

I offer fixed price rates tailored to suit your organisation. There are no hidden costs ensuring there is no uncertainty with price when it comes to data privacy.

You can preview my CVHere- and use the enclosed form at the bottom to request a full version be emailed to you. We can setup a call to discuss your needs at your convenience.

When a privacy consultant maybe the right fit!

When time pressure is a factor and shortage of in-house skills is also a challenge, particularly when it comes to international regulations, then getting immediate help from a qualified consultant is the answer.

Most hiring managers have reported on average 2-5 months before full time compliance positions are filled. The average number of candidates being interviewed is between 2 and 4 per week.
When you factor in multiple rounds of interview time, overheads with having a full time staff member and time taken away from other tasks, it makes the recruitment and retention process costly in terms of money and onboarding effort.

Benefits of a Contract

A fixed term contract from 3 months to 1 year is a good option while you wait to hire a FTE or up-skill an internal resource. It may also be a case that you only need part-time support for example 80 hours per month, we can discuss that too.
In any instance, I can act as your point person on all things privacy related and take on any necessary tasks such as;

  • International data transfers
  • Control mapping to various regs
  • Records management
  • Policy development
  • Dealing with EU data privacy authorities, State AG offices etc.
  • privacy and security assessments and remediation
  • Incident handling
  • Implementation of privacy enhancing technologies (PET’s)
  • Training and more.

Which are all required under data privacy rules

Why Work With Me

EXPERIENCE
•
COMMUNICATION
•
INTEGRITY

Experience : Data protection work requires an ability to interpret often complex legal regulatory text and apply them to specific ISMS controls in different business units.  This ability must be complimented with direct experience in conducting data privacy impact assessments in a structured method along with keeping on top of remediation activities, data subject access requests, communications with the DPC /ICO, record keeping and staff training etc.

Combine all these requirements with a need for deep technical understanding and application of privacy controls such as data minimisation techniques..

 

read more…

Data protection work requires an ability to interpret often complex legal regulatory text and apply them to specific ISMS controls in different business units.  This ability must be complimented with direct experience in conducting data privacy impact assessments in a structured method along with keeping on top of remediation activities, data subject access requests, communications with the DPC /ICO, record keeping and staff training etc.

Combine all these requirements with a need for deep technical understanding and application of privacy controls such as data minimisation techniques, cryptography, data loss prevention (DLP) policies, identity and access management (IAM), multi factor authentication (MFA) and other vendor specific methods to deliver it all effectively.

In short, in order to win stakeholder confidence, the voice of experience will always be top of the list and will make the difference in project outcomes every time. Settling for something less will risk financial and personal reputational loss which is avoidable by engaging with us.

Experience must be accompanied by effective communication to all stakeholders in the data privacy sphere. Stakeholders such as CIO’s, compliance officers, data processors, security staff, HR, legal, marketing, parent/subsidiary offices, data protection authorities and so on. Effective communication is contingent on recognising who the audience is, explaining risk in plain english and in the context of the standard model of threats, likelihood and impact.

Communication like this is built on the experience of using effective reporting metrics, well structured slide decks and information sessions in the context of first hand experience. Underpinning all of this of course is the ability to listen to stakeholder needs and setting and delivery of expectations.

Holding a high ethical standard and maintaining independent judgment within sight of the best interest of the client and clients they serve is always of paramount importance. Never more so when it comes to data protection activities. GDPR regulations of all the regulatory standards singles out independence and integrity as essential characteristics for this type of role.

With this in mind, telling the truth on a factual basis, being fair to all parties and accurate representation in reporting as all of the utmost importance. Integrity is synonymous with being fair and balanced at every decision point. This, along with experience and communication is what we believe to be the difference in our service approach.

COMMUNICATION SKILLS
INTEGRITY
EXPERIENCE

“Paul effectively applied his data privacy skills to assist the team. He handled specific objectives within a collaborative team atmosphere while simultaneously working on a variety of projects. Paul maintained a good working relationship with clients and worked effectively with client management and staff at all levels to gather information and perform services. He is truly a pleasure to work with and his passion for his profession is very refreshing.”

Sabara Heath , Philadelphia Insurance

“Paul has outstanding communication skills and works well with people at all levlels. He has the intellect to grasp complex problems quickly and experience to identify vulnerabilities and weaknesses in existing controls, to understand related risks and to design controls that need to be in place to mitigate those risks. I look forward to the opportunity to work with Paul again in the future.”

Danko Panchich, Barclays

“Paul’s work was always extremely diligent and thorough, and Paul was a very conscientious and dedicated worker. I highly recommend Paul and would gladly work with him again in the future.”

Vas Rajan, Philadelphia Insurance

I highly recommend Paul as an asset to any group. He demonstrated an appreciable work ethic with deep knowledge of his area of expertise. This was coupled with a complementary understanding of the interactions of his responsibilities with the rest of the organziation. I am eager to enjoy the opportunity to work with him again.

Paul Kipping, Elan Pharmaceuticals
TRUSTED BY GLOBAL BRANDS

Visit my Profile on Linkedin or Partner Company on Facebook

My Objective

My objective is to increase your capability maturity model so stakeholders become more security and GDPR regulation aware in their decision making processes

Blog Section

– NEW-

Paul Rogers, Presenting at the Dublin Convention Centre on GDPR
Paul Rogers, Speaking at Trinity College on GDPR Regulatory Readiness
Paul Rogers with Computer Futures at GDPR talk in TCD, Paul Rogers Data Privacy Consultant, Paul Rogers pictured with John Petherbridge at GDPR speech in TCD
GET IN TOUCH

If you’d like to to talk us about your data privacy needs, please use the form below and I’ll get back to you shortly.