thoughts on the following role?

dingdangdoo22

https://careers.vmware.com/job/cork/information-security-governance-analyst/1567/7859960?codes=JBIN

JDMurray

You better have lawyer-level understanding of GDPR for any IT/InfoSec job within the EU's borders. Looks like prior governance experience is a big help too.

dingdangdoo22

Hmmm interesting, i think security questionaires will be a big thing, they didnt mention the gdpr side of things at all!

JDMurray

Under Required Skills is "Working knowledge of EU Data Privacy laws, specifically impact of GDPR rollout." That is a requirement most InfoSec people would currently not have. Just when I think that I have the GDPR responsibilities nailed down from an IT InfoSec role viewpoint I discover something else new to me.

This all reminds me of the start of both SOX and HIPAA when we were trying to determine what is really required from complying organizations versus what the lawyers are interpreting from the official documents, and how do we keep from being financially penalized is we make a mistake? IT people with a detailed understanding of GDPR is the next thing that will be in hot demand--if not already.

LordQarlyn

Hell, for that matter, learning everything about GDPR as much as possible would be a great move for any one who is in or pursuing a career in information security. I am reading and watching videos on GDPR, to become as much a GDPR expert as possible. There is going to be a huge demand for people who can implement GDPR compliance not just in the EU but around the world.

Already, I've done some practical experience implementing GDPR compliance at my work. This contract collects and stores data from EU citizens, requiring my systems to be made GDPR compliant.

dingdangdoo22

JDMurray wrote: »

Under Required Skills is "Working knowledge of EU Data Privacy laws, specifically impact of GDPR rollout." That is a requirement most InfoSec people would currently not have. Just when I think that I have the GDPR responsibilities nailed down from an IT InfoSec role viewpoint I discover something else new to me.

This all reminds me of the start of both SOX and HIPAA when we were trying to determine what is really required from complying organizations versus what the lawyers are interpreting from the official documents, and how do we keep from being financially penalized is we make a mistake? IT people with a detailed understanding of GDPR is the next thing that will be in hot demand--if not already.

Yeah i realise this is not a skill most infosec people have and i will be straight with them, but if theres training around it then heh!

JDMurray

Hiring managers prefer to hire people that already know their stuff and do not require (much) training. These hires are more effective in an organization much more quickly, and they save the manager having to spend his/her training budget. Also, in an interview, don't bring up what the org can do for you, but instead what you can do for the org. You are being hired as an instrument to solve the manager's problems and not as a needy, charity case.