Director, Data Protection

About The Position

Requirements

• Minimum of 10 years of related experience
• Bachelor's degree preferred and/or equivalent experience
• Experience owning enterprise‑scale data protection capabilities.
• Proven success leading multi‑platform DLP, classification, and encryption programs.
• Demonstrated ability to translate regulatory and policy requirements into precise, enforceable technical controls.
• Experience accountable for outcomes, not just strategy or advisory input.
• Experience operating in highly regulated environments (financial services strongly preferred).

Responsibilities

• Design, deployment, and lifecycle management of DTCC’s data protection capabilities, including DLP, classification and labeling, CASB, DSPM, AI proxy controls, and related technical solutions
• Own and operate DTCC’s data protection control framework across: Email and collaboration platforms, Endpoint and web egress, Cloud and SaaS services, AI and emerging data channels
• Ensure consistent enforcement of classification, DLP, and encryption intent across all control points.
• Work with Data Protection operations and content engineering to support tuning, and automation to ensure consistent protection across email, endpoints, collaboration tools, web, cloud, SaaS, and data platforms.
• Ensure control design aligns with DTCC’s data‑centric, context‑driven security principles and minimizes unnecessary business friction.
• Provide executive‑level technical leadership and direction for Data Protection solutions including (not limited to) Purview, Zscaler, Symantec and other DLP tools.
• Drive DTCC’s enterprise classification and labeling strategy, including: Taxonomy governance, SIT / classifier standards, Label inheritance and lifecycle
• Lead the transition from pattern‑only DLP to context‑ and label‑driven enforcement
• Ensure data protection controls meet regulatory, audit, and risk management expectations for client, regulated, and confidential data.
• Maintain clear, auditable evidence of control effectiveness through metrics, reporting, and documentation.
• Support internal audits, regulatory reviews, and management reporting related to data protection risk and control posture.
• Provide technical data protection advisory to technology and business teams for new initiatives, system changes, cloud migrations, AI use cases, and third‑party engagements.
• Ensure appropriate controls (e.g., encryption, masking, tokenization, access restrictions) are embedded before go‑live.
• Serve as a trusted advisor who enables the business to use data confidently and securely.

Benefits

• Competitive compensation, including base pay and annual incentive
• Comprehensive health and life insurance and well-being benefits, based on location
• Pension / Retirement benefits
• Paid Time Off and Personal/Family Care, and other leaves of absence when needed to support your physical, financial, and emotional well-being.