Isaca Socialmedia Block

CDPSE Job Practice Details

Domain 1: Privacy Governance (34%)

(Governance, Management and Risk Management)

  • Identify the internal and external privacy requirements specific to the organization's governance and risk management programs and practices.
  • Participate in the evaluation of privacy policies, programs, and policies for their alignment with legal requirements, regulatory requirements, and/or industry best practices.
  • Coordinate and/or perform privacy impact assessments (PIA) and other privacy-focused assessments.
  • Participate in the development of procedures that align with privacy policies and business needs.
  • Implement procedures that align with privacy policies.
  • Participate in the management and evaluation of contracts, service levels, and practices of vendors and other external parties.
  • Participate in the privacy incident management process.
  • Collaborate with cybersecurity personnel on the security risk assessment process to address privacy compliance and risk mitigation.
  • Collaborate with other practitioners to ensure that privacy programs and practices are followed during the design, development, and implementation of systems, applications, and infrastructure.
  • Develop and/or implement a prioritization process for privacy practices.
  • Develop, monitor, and/or report performance metrics and trends related to privacy practices.
  • Report on the status and outcomes of privacy programs and practices to relevant stakeholders.
  • Participate in privacy training and promote awareness of privacy practices.
  • Identify issues requiring remediation and opportunities for process improvement.

Domain 2: Privacy Architecture (36%)

(Infrastructure, Applications/Software and Technical Privacy Controls)

  • Coordinate and/or perform privacy impact assessment (PIA) and other privacy-focused assessments to identify appropriate tracking technologies, and technical privacy controls.
  • Participate in the development of privacy control procedures that align with privacy policies and business needs.
  • Implement procedures related to privacy architecture that align with privacy policies.
  • Collaborate with cybersecurity personnel on the security risk assessment process to address privacy compliance and risk mitigation
  • Collaborate with other practitioners to ensure that privacy programs and practices are followed during the design, development, and implementation of systems, applications, and infrastructure.
  • Evaluate the enterprise architecture and information architecture to ensure it supports privacy by design principles and considerations.
  • Evaluate advancements in privacy-enhancing technologies and changes in the regulatory landscape.
  • Identify, validate, and/or implement appropriate privacy and security controls according to data classification procedures.

Domain 3: Data Lifecycle (30%)

(Data Purpose and Data Persistence)

  • Identify the internal and external privacy requirements relating to the organization's data lifecycle practices.
  • Coordinate and/or perform privacy impact assessments (PIA) and other privacy-focused assessments relating to the organization’s data lifecycle practices.
  • Participate in the development of data lifecycle procedures that align with privacy policies and business needs.
  • Implement procedures related to data lifecycle that align with privacy policies.
  • Collaborate with other practitioners to ensure that privacy programs and practices are followed during the design, development, and implementation of systems, applications, and infrastructure.
  • Evaluate the enterprise architecture and information architecture to ensure it supports privacy by design principles and data lifecycle considerations.
  • Identify, validate, and/or implement appropriate privacy and security controls according to data classification procedures.
  • Design, implement, and/or monitor processes and procedures to keep the inventory and dataflow records current.