Data Protection Leader

About The Position

Requirements

• Experience: 5–8+ years in data protection across at least two domains (Information Protection, DLP, Insider Risk, eDiscovery/Records, DSPM) with enterprise delivery experience.
• Education: Bachelor’s in Computer Science, Information Security, or related field (or equivalent experience). Master’s/MBA preferred.
• Technical Expertise: Deep knowledge of Microsoft Purview, Varonis or Proofpoint. Strong knowledge of regulatory requirements and auditor expectations in sectors such as financial services, healthcare, and public sector. Familiarity with scripting/automation (PowerShell, Python, APIs, Logic Apps, Graph API).
• Solution Design & Implementation: Proven ability to craft secure, scalable architectures and trade-off analyses. Hands-on guidance of build teams implementing Purview labels/DLP, Varonis permissions cleanup, Proofpoint DLP/ITM, and DSPM integrations.
• Problem-Solving & Communication: Structured thinking and clear written/verbal communication from technical to executive levels; workshop facilitation and executive-ready materials.
• Availability for periodic client travel and professional engagements.
• Commitment to ongoing education and staying current on data protection trends (e.g., AI governance, DSPM, Zero Trust data).

Nice To Haves

• Certifications (preferred): Microsoft SC-400, SC-200, SC-100; CISSP, CCSP, CIPP; vendor certifications for Varonis or Proofpoint.

Responsibilities

• Solution Design: Define target-state data protection architectures across labeling/encryption, DLP policies, insider risk models, eDiscovery workflows, records retention, and DSPM patterns. Ensure solutions are scalable, repeatable, and aligned to regulatory and Zero Trust data principles.
• Client Engagement: Facilitate assessments and architecture workshops; advise executives on regulatory and risk implications; recommend operating model changes for compliance and monitoring.
• Implementation: Guide conversion of architecture into secure designs and implementation plans; collaborate with Technical Specialists on configuration, policies, and automation (e.g., Purview policies, Varonis remediation, Proofpoint rules).
• Compliance & Risk Management: Align solutions to frameworks (NIST, ISO 27001, HIPAA/HITRUST, PCI DSS, SOX, FedRAMP, GDPR/CCPA). Define controls for data classification, retention, exfiltration, insider misuse, and auditability.
• Technical Leadership: Act as design authority; lead design reviews, threat modeling, and establish non-functional requirements (availability, DR, performance).
• Documentation & Reporting: Produce architecture diagrams, decision records, requirements, test/acceptance criteria, and runbooks. Provide status and outcome reporting.
• Continuous Improvement: Conduct post-implementation reviews; tune DLP/IRM/eDiscovery policies; codify reusable modules and playbooks.
• Practice Development: Support pursuits (SOW scoping, demos/POCs, pricing inputs) and represent the practice externally.