Cybersecurity Consultant

Job Title: Cybersecurity Consultant

SUMMARY

Seeking an experienced Cybersecurity Consultant to support cases involving breach notifications related to Personal Identifiable Information (PII). The role involves advising on breach response strategies, ensuring compliance with notification requirements, and offering guidance on cybersecurity best practices to prevent future incidents. This is a contractor role with flexible, interim engagement periods based on workload and needs.

KEY DUTIES and RESPONSIBILITIES:

• Assist in evaluating the scope, nature, and impact of data breaches involving PII.

• Advise on notification processes to comply with federal, state, and industry-specific breach notification requirements.

• Draft or review notification communications to affected individuals and relevant regulatory bodies as needed.

• Provide insights on legal and regulatory requirements for breach response (e.g., GDPR, HIPAA, CCPA, GLBA, state laws).

• Guide teams to meet reporting timelines and standards following a cybersecurity incident.

• Advise on the implementation of cybersecurity best practices to mitigate the risk of future breaches.

• Recommend tools, technologies, and processes to strengthen data protection and system security.

• Collaborate with internal stakeholders, legal teams, and IT staff during breach assessments.

• Provide actionable input during incident management and response processes.

• Support post-breach analysis and reporting to ensure lessons learned are applied effectively.

EXPERIENCE and/or EDUCATION:

• Minimum 5 years of experience in cybersecurity, with direct experience in breach response and PII management.

• Experience supporting organizations with incident management and regulatory compliance related to data breaches.

• CISSP (Certified Information Systems Security Professional) (Preferred)

• CISM (Certified Information Security Manager) (Preferred)

• CIPP/US or similar privacy-related certifications (Preferred)

KNOWLEDGE, SKILLS and ABILITIES:

• Strong understanding of breach notification laws (federal, state, and international regulations like GDPR, HIPAA, etc.).

• Knowledge of cybersecurity frameworks (e.g., NIST, CIS Controls, ISO 27001).

• Ability to assess and recommend cybersecurity prevention capabilities (e.g., endpoint protection, firewalls, IAM, etc.).

• Familiarity with incident response processes and forensic analysis.

• Excellent written and verbal communication skills for interacting with technical and non-technical stakeholders.
• Ability to draft clear and professional notification content for various audiences.