Data Protection Engineer III

About The Position

Requirements

• Bachelor's degree in a related field- (Information Security/ IT)
• Typically requires 4 years’ experience in security systems administration, to include 2+ years’ technical hands-on data protection practitioner experience.
• Experience with administering directory services, databases, role-based access, DLP, data classification and governance solutions.
• Experience with Information Protection and develop and enhance insider threat and information protection policies.
• Experience with regulatory requirements and laws, such as Sarbanes-Oxley Act (SOX), GDPR & CMMC.
• Experience in one or more of the following is required: ISO 2700x, ITIL, NIST Cybersecurity Framework (CSF).
• This position requires you to have or obtain a government security clearance. Security clearances may only be granted to U.S. citizens.
• This position requires you to access information that is subject to U.S. export regulations. You may only access such information if you are a U.S. citizen, lawful permanent resident of the U.S., protected individual as defined by 8 U.S.C. 1324b(a)(3), or eligible to obtain the required authorizations from the U.S. government.

Nice To Haves

• Active U.S. Secret Clearance.
• Some basic experience with one or more scripting languages (e.g., Python, PowerShell and Bash).

Responsibilities

• Serve on a distributed security and technology team responsible for establishing and maintaining data protection technical controls.
• Align data protection policies and procedures with the corporate governance structure.
• Develop, refine, and produce clear metrics and insights on data protection, risk trends, and control effectiveness
• Work closely with security leadership, teammates and stakeholders to evaluate and implement data protection controls that align with organizational risk posture and compliance requirements.
• Support and maintain a wide range of data protection technologies, including but not limited to DLP, CASB, behavioral analytics, insider threat, data classification, data governance and encryption.
• Secure and monitor data on-premises, in cloud infrastructure and within applications required to support a dispersed remote workforce.
• Manage and test business rules protecting data, as well as the use and handling of data assets.
• Conduct data discovery to locate data at risk, as well as validate existing data storage has not been altered.
• Document data protection policies and exceptions, and periodically review with business units.
• Make recommendations for improvements to ensure least privilege to data and rigorous security practices, without negatively impacting end-user experience or leading to employees attempting to circumvent controls.
• Execute tactical requests supporting the strategic vision for rigorous and scalable data protection controls.
• Maintain understanding of business processes to aid in managing enterprise data protection.
• Frequently interact with business units to understand their plans, risk posture and tolerance, and how to share responsibility and support their vision and business obligations securely.
• Implement data protection projects from inception to completion on time and within budget.
• Openly support the organization, the management team and executive leadership team, even during times of adversity.
• Analyze systems and data sources for accidental, malicious and unauthorized activities.
• Develop relationships with engineering, IT, incident response, SOC and software engineering team members.
• Openly support the organization, management and executive leadership, even during times of adversity.
• Perform other duties as assigned.

Benefits

• lifelong learning
• comprehensive skills training
• tuition reimbursement