

Security Governance
Consultant Service
Outsource the role of security governance consultant to us and get the immediate compliance expertise you need
What is it? Our security governance consultant service is a flexible solution for firms requiring general support for their security governance program on a short to medium term basis.
What areas can we help with? We provide expert support for the most popular frameworks and governance tasks in financial services and healthcare, these include;
-
- PCI-DSS, ISO, GDPR, NIST & HIPAA Control Design & Implementation
- Cloud security architecture (AWS & Azure) – IAM, Logging, Encryption, App security etc.
- Security assessments and risk remediation
- Vulnerablity management
- Firewall & ACL reviews
- KRI Reports
- Security Awarness Training
How does it work? We p According to numerous data privacy industry reports including the 2020 data privacy officer priorities report and the veeam 2020 data protection trends report there is a systemic shortage of skilled staff who are fluent in data privacy and protection, particularly in cloud environments. Veeam classifies the staffing problem as chronic particularly when it comes to new data protection initiatives.
What I Provide: I provide data privacy consultant services on a short to medium term basis for firms needing a qualified privacy technologist.
An example of recent projects as a contract DPO / Privacy Technologist that I have worked on include,
- A data privacy program implementation based on ISO27701:2019 to support a multi CSP environment migration
- An enterprise data de-identification project using several P.E.T. technologies
- A DLP system implementation leveraging data mapping, a privacy safeguards policy base and SIEM alerting functionality
- A RBAC review of systems in the transmission path of PII data in a financial services company
- A multi-modal privacy awareness program development and tracking system for 2500+ user base.
The Privacy Resource Challenge: According to numerous data privacy industry reports including the 2020 data privacy officer priorities report and the veeam 2020 data protection trends report there is a systemic shortage of skilled staff who are fluent in data privacy and protection, particularly in cloud environments. Veeam classifies the staffing problem as chronic particularly when it comes to new data protection initiatives.
Data Privacy Services
These are key service areas I can offer help with.
I’ve worked on major data privacy projects for Wall st firms, New York HHC hospitals, UK banks and multi-national insurers, bio-tech and other market segments over the last 20 years.
As a highly qualified and experienced privacy and cybersecurity consultant I help firms navigate the complexities of HIPAA, GDPR, CCPA and other privacy focused regulations in an international context and in context of their overall compliance strategy.
Using my extensive experience in privacy and security supports stakeholders decision making efforts over what controls to implement, risk management and efforts to comply with evolving regulations.
I’ve worked on major data privacy and cyber security projects and roles for highly regulated firms including the New York Stock Exchange, Wall st investment banks, Irish & UK banks and insurers and other market segments over the last 25 years.
As a highly qualified and experienced privacy and cybersecurity consultant I help firms navigate the complexities of privacy regulations in an international context and in context of their overall compliance strategy.
Using my extensive international experience in privacy and security, I help stakeholders in their decision making efforts over what controls to implement, risks to priortise and efforts to comply with evolving regulations.
You can preview my CV–Here- and use the enclosed form at the bottom to request a full version be emailed to you. We can setup a call to discuss your needs at your convenience.
When a privacy consultant maybe the right fit!
When time pressure is a factor and shortage of in-house skills is also a challenge, particularly when it comes to international regulations, then getting immediate help from a qualified consultant is the answer.
Most hiring managers have reported on average 2-5 months before full time compliance positions are filled. The average number of candidates being interviewed is between 2 and 4 per week.
When you factor in multiple rounds of interview time, overheads with having a full time staff member and time taken away from other tasks, it makes the recruitment and retention process costly in terms of money and onboarding effort.
Benefits of a Contract
A fixed term contract from 3 months to 1 year is a good option while you wait to hire a FTE or up-skill an internal resource. It may also be a case that you only need part-time support for example 80 hours per month, we can discuss that too.
In any instance, I can act as your point person on all things privacy related and take on any necessary tasks such as;
- International data transfers
- Control mapping to various regs
- Records management
- Policy development
- Dealing with EU data privacy authorities, State AG offices etc.
- privacy and security assessments and remediation
- Incident handling
- Implementation of privacy enhancing technologies (PET’s)
- Training and more.
Which are all required under data privacy rules
Why Work With Me
Experience : Data protection work requires an ability to interpret often complex legal regulatory text and apply them to specific ISMS controls in different business units. This ability must be complimented with direct experience in conducting data privacy impact assessments in a structured method along with keeping on top of remediation activities, data subject access requests, communications with the DPC /ICO, record keeping and staff training etc.
Combine all these requirements with a need for deep technical understanding and application of privacy controls such as data minimisation techniques..
COMMUNICATION SKILLS
INTEGRITY
EXPERIENCE
“Paul effectively applied his data privacy skills to assist the team. He handled specific objectives within a collaborative team atmosphere while simultaneously working on a variety of projects. Paul maintained a good working relationship with clients and worked effectively with client management and staff at all levels to gather information and perform services. He is truly a pleasure to work with and his passion for his profession is very refreshing.”
“Paul has outstanding communication skills and works well with people at all levlels. He has the intellect to grasp complex problems quickly and experience to identify vulnerabilities and weaknesses in existing controls, to understand related risks and to design controls that need to be in place to mitigate those risks. I look forward to the opportunity to work with Paul again in the future.”
“Paul’s work was always extremely diligent and thorough, and Paul was a very conscientious and dedicated worker. I highly recommend Paul and would gladly work with him again in the future.”
I highly recommend Paul as an asset to any group. He demonstrated an appreciable work ethic with deep knowledge of his area of expertise. This was coupled with a complementary understanding of the interactions of his responsibilities with the rest of the organziation. I am eager to enjoy the opportunity to work with him again.
My Objective
My objective is to increase your capability maturity model so stakeholders become more security and GDPR regulation aware in their decision making processes
Blog Section
Generative AI Privacy and What You Need to Know
98% of businesses plan to use generative AI technology by 2025 but there are serious privacy concerns. We discuss what they are.
What should be in your data privacy awareness training?
Data privacy training requires coverage of several key topics to be compliant with GDPR. In this article we look at these core areas.
Tips on running a successful security awareness program
Companies face difficult challenges when training their staff on security. Find out how to build a successful security awareness training program.
GET IN TOUCH
If you’d like to to talk us about your data privacy needs, please use the form below and I’ll get back to you shortly.