"Alerted.org

TEKsystems is seeking a highly experienced Data Privacy/GRC Consultant to enhance the client's data protection, data privacy, and disaster recovery readiness programs. Responsibilities include data discovery, evaluating regulatory alignment to privacy regulations such as FERPA, GLBA, HIPAA, GDPR, etc. and updating the privacy and security policies within the organization.

This is a fully remote position on a W2 Contract with TEKsystems. It will operate within Pacific Standard Time (PST). Candidates in PST, MST, and CST time zones are preferred. The ideal candidate will have all the necessary experience and be located in Las Angeles, CA or California, but the client is open to other areas of the country. Candidates with a higher education GRC background , CIPP and FERPA specific experience are highly preferred.

Contract length is expected to go through the remainder of 2025 with a high likelihood of extending in 6 months increments to 2026.

Title: Data Privacy/GRC Consultant

Top Skills' Details

+ Regulatory Compliance & Data Privacy Expertise – To assess alignment with FERPA, GLBA, HIPAA, GDPR, and guide remediation efforts.

+ Risk Assessment & Audit Readiness – To conduct internal audits, support external audits, and develop effective mitigation strategies.

+ Disaster Recovery & Business Continuity Planning – To update, test, and execute DR/BC plans, ensuring organizational resilience.

Description

The higher education client is seeking an experienced Governance, Risk, and Compliance Consultant to support its ongoing efforts in (1) compliance and risk, (2) audit and assessment, (3) Disaster Recovery readiness, (4) Governance.

This role will work under the direction of the CIO and in collaboration with the ISO and ITS departments to evaluate the university's adherence to privacy laws, identify sensitive data assets, and develop a strategic roadmap for risk reduction and compliance. The consultant will LEAD a cross-departmental data discovery initiative and assess current control effectiveness for sensitive and regulated data in alignment with FERPA, GLBA, HIPAA, and CCPA (or GDPR).

The Consultant will also assess the client's DR capabilities, identify gaps and organize tabletop exercises and a full recovery test.

Scope of Work:

Compliance and Risk - must be capable of managing the entire effort. No comprehensive program exists for this client today.

• Lead the data discovery process to identify and map sensitive and regulated data across all departments and data systems.

• Categorize data types and classify them according to sensitivity, regulatory scope, and business criticality.

• Evaluate the higher education client's current alignment with FERPA, GLBA, HIPAA, and CCPA (or GDPR) regulations

• Assess current administrative, technical, and physical controls in place to protect sensitive data

• Identify gaps in compliance or control maturity and develop a remediation roadmap with prioritized actions.

• Collaborate closely with ITS, Legal, Risk Management, and departmental stakeholders to gather requirements and validate findings.

• Deliver an assessment report with detailed gap analysis and prioritized recommendations to remediate gaps

• Provide guidance on best practices for data minimization, retention, and classification.

• Support the reboot of the Data Governance and Privacy Working Groups with input and alignment recommendations.

• Document policies and procedures or recommend updates where necessary.

• Assist in preparing summary reports and presentations for senior leadership and auditors.

• Review and assess vendor data privacy policies as outlined in existing contracts, identify risks and get vendors into compliance

Audit and Assessment

• Support internal and external audits by coordinating evidence gathering, facilitating auditor interviews, and addressing audit findings through detailed management responses and effective mitigation strategies.

• Conduct internal security audits and readiness assessments aligned with NIST, ISO 27001, and HIPAA frameworks; analyzed findings and collaborated with stakeholders to develop corrective action plans.

Disaster Recovery

• Facilitate updates to the university's Disaster Recovery (DR) plans and procedures

• Perform a tabletop exercise of the university's BC/DR plan/procedures

• Develop a prioritized action plan based on tabletop exercise findings

• Plan and facilitate a full recovery of DR Data and Systems (Summer 2025)

Governance

• Establish and maintain policies, standards, and guidelines aligned with regulatory and business requirements.

• Facilitate governance boards, steering committees, and executive briefings to promote top-down security awareness and direction.

Experience:

Deep understanding of FERPA, GLBA, HIPAA, and GDPR

Ability to assess compliance gaps and recommend remediation strategies.

Experience with data classification, retention, and minimization best practices.

Proficiency in conducting internal audits and readiness assessments using frameworks like NIST, ISO 27001, and HIPAA.

Skilled in coordinating with auditors, gathering evidence, and crafting effective management responses.

Experience developing and testing DR/BC plans, including tabletop exercises and full recovery simulations.

Ability to translate findings into actionable, prioritized recovery plans.

Strong background in establishing governance frameworks, policies, and procedures.

Skilled in facilitating governance boards and aligning stakeholders across departments.

Ability to work closely with ITS, Legal, Risk Management, and other stakeholders.

Strong communication skills for delivering reports, presenting to leadership, and driving consensus.

Prior experience in a higher education environment is highly desirable.

Preferred certifications may include: CIPP, CIPM, CISA, CISM, GRCP, CGEIT, CISSP, CIRSC, CIPP/US

Skills

GRC

Top Skills Details

GRC

Additional Skills & Qualifications

Ability to interpret regulations and apply them to complex institutional environments.

Experience working cross-functionally with IT, legal, and business teams.

Strong leadership, organization, and project management skills.

Excellent written and verbal communication skills, especially in presenting findings to non-technical audiences.

Highly organized, self-motivated, and results oriented.

Experience Level

Expert Level

Pay and Benefits

The pay range for this position is $70.00 - $75.00/hr.

Eligibility requirements apply to some benefits and may depend on your job classification and length of employment. Benefits are subject to change and may be subject to specific elections, plan, or program terms. If eligible, the benefits available for this temporary role may include the following:

• Medical, dental & vision • Critical Illness, Accident, and Hospital • 401(k) Retirement Plan – Pre-tax and Roth post-tax contributions available • Life Insurance (Voluntary Life & AD&D for the employee and dependents) • Short and long-term disability • Health Spending Account (HSA) • Transportation benefits • Employee Assistance Program • Time Off/Leave (PTO, Vacation or Sick Leave)

Workplace Type

This is a fully remote position.

Application Deadline

This position is anticipated to close on Jun 3, 2025.

About TEKsystems and TEKsystems Global Services

We’re a leading provider of business and technology services. We accelerate business transformation for our customers. Our expertise in strategy, design, execution and operations unlocks business value through a range of solutions. We’re a team of 80,000 strong, working with over 6,000 customers, including 80% of the Fortune 500 across North America, Europe and Asia, who partner with us for our scale, full-stack capabilities and speed. We’re strategic thinkers, hands-on collaborators, helping customers capitalize on change and master the momentum of technology. We’re building tomorrow by delivering business outcomes and making positive impacts in our global communities. TEKsystems and TEKsystems Global Services are Allegis Group companies. Learn more at TEKsystems.com.

The company is an equal opportunity employer and will consider all applications without regard to race, sex, age, color, religion, national origin, veteran status, disability, sexual orientation, gender identity, genetic information or any characteristic protected by law.