Privacy and Data Protection Sr. Associate

Grant Thornton 1/6/2020 8:05:49 AM
JOB ID: 044919 Specialty:
Arlington, Virginia




Grant Thornton LLP (Grant Thornton) is the U.S member firm of Grant Thornton International Ltd., one of the world’s leading organizations of independent audit, tax and advisory firms. We’ve never been a typical professional services firm. We put people first, and that is what sets us apart.

As one of the fastest-growing professional services firms in the world, Grant Thornton LLP is continuously seeking top talent. Discover a place where you’ll work with a team of professionals, dedicated to providing bold leadership and distinctive client service. Spend each day engaged in meaningful and challenging work. Be supported in your professional growth and recognized for your contributions.

Privacy and Data Protection Senior Associate

Position Summary

With the increasing complex global privacy regulatory environment, companies are working to implement privacy programs to address compliance and reduce the risk of a breach of personal information, while focusing on the customer experience. Grant Thornton's Cyber Risk practice helps companies address these issues within our Privacy and Data Protection discipline. Our practice focuses not only on helping companies assess their compliance obligations through data inventory and compliance readiness projects, but also end to end privacy program implementations. Our implementation work includes all aspects of the privacy program, including data inventory, privacy notice, individual rights management, data deletion programs, unstructured data programs, automated data discovery, privacy solution implementation, vendor management and more.

Our Privacy and Data Protection discipline offers an opportunity for you to leverage your privacy and information security knowledge, assessment and program implementation experience to broaden your business and project management skills in a rewarding and challenging environment. The Privacy and Data Protection Senior Associate will contribute to a positive and collaborative working environment through building relationships with team members, interfacing directly with clients on privacy projects, and leading the planning and day to day execution of projects. Responsibilities include engagement planning, project management, data inventory, compliance readiness assessments (GDPR, CCPA), privacy program implementations, creation of high quality deliverables, leading client meetings, building client relationships, research and developing thought leadership.

Essential Duties and Responsibilities

Adhere to the highest degree of professional standards and strict client confidentiality.
Ability to communicate in an organized and knowledgeable manner in written and verbal means – including delivering clear requests for information, developing responses to client requests, and communicating conflicts and risks.
Deep understanding of global privacy and data protection regulations, such as EU’s GDPR, CCPA, HIPAA, GLBA.
Apply current knowledge of privacy and data protection trends and to issues and other opportunities for improvement.
Work with the client to plan an engagement strategy, define objectives, and address technology- related controls risks and issues.
Assist clients in planning and executing remediation plans identified in assessment activities.
Proactively interact with key client management to gather information, resolve problems and make recommendations for improvements.
Ability to manage multiple engagements and competing priorities in a rapidly growing, fast-paced, interactive, results-based team environment.
Collaborate with team members at all levels in the development and marketing of the privacy service offering.
Develop high quality deliverables through collaboration with clients and team members to address needs, and demonstrate an understanding of clients’ business.
Additional duties as assigned.


Bachelor's degree in Cybersecurity, Information Technology, Computer Science or a related field is required. A Masters or JD degree is preferred.
3+ years of related work experience in a similar consulting practice or function, servicing cross- industry clients at a national level.
Certification(s) Preferred: Obtained or demonstrates an active pursuit of one or more of the following certifications: Certified Information Privacy Professional (CIPP), Certified Information Privacy Technologist (CIPT), Information Systems Security Professional (CISSP), or other related certifications.
Experience working with the GDPR, CCPA, HIPAA, GLBA and other relevant privacy regulations in order to perform data inventory, compliance program assessments and privacy program implementations.
Experience conducting privacy and security risk and/or gap assessments and internal privacy audits, reviewing privacy practices, and preparing reports and other deliverables that contain strategy, project, or technical analysis and findings in connection with consulting engagements and communicating those results to the team and client.
Knowledge of privacy management solutions such as OneTrust, CENTRL, BigID is a plus.
Knowledge of emerging technologies, such as cloud, Internet of Things (IoT) and advanced analytics, is a plus.
Experience in project management and the ability to clearly communicate privacy and data protection issues verbally on both a formal and informal basis to all levels of client staff.
Exceptional client service and communication skills, with a demonstrated ability to develop and maintain outstanding client relationships.
Demonstrates creative thinking and problem solving skills, and advanced knowledge of MS Office Word, Excel, Visio, and PowerPoint.
Ability to work additional hours as needed and travel on a regular basis to clients as required.
Travel for this position can go as high as 60%.


Grant Thornton LLP promotes a nationally recognized culture of health and offers an extensive array of benefits to meet individual lifestyles. For a complete list of benefits, please visit

It is Grant Thornton’s policy to promote equal employment opportunities. All personnel decisions, including, but not limited to, recruiting, hiring, training, promotion, compensation, benefits and termination, are made without regard to race, creed, color, religion, national origin, sex, age, marital status, sexual orientation, gender identity, citizenship status, veteran status, disability or any other characteristic protected by applicable federal, state or local law.

Requisition ID: 044919

Arlington, VA
Arlington, Virginia