Director, Data Protection

Guild Mortgage,
$144,001 - $210,601Onsite

About The Position

The Director of Data Protection is a strategic leadership role responsible for establishing and overseeing the organization’s data protection program. This includes protecting sensitive data across on-premises and cloud environments, ensuring regulatory compliance, and minimizing risk related to data loss, exposure, and misuse. This role partners closely with Security Engineering, Security Operations, Legal, Privacy, IT, and business leaders to implement scalable data protection controls aligned with frameworks such as NIST CSF, CIS Critical Security Controls, and SOC 2.

Requirements

  • Bachelor's Degree directly related to the position or equivalent, required.
  • Minimum 10 years' experience.
  • Minimum five years supervisory or leadership experience.
  • Excellent interpersonal communication skills required.
  • Excellent verbal and written communication skills required.
  • Highly organized and detail-oriented; ability to work in a fast-paced, metrics-driven environment required.
  • Proficiency in Microsoft Office Suite, Word, Excel, Wiki, collaborative cloud-based programs, and third-party software applications required.
  • Commitment to company values.
  • Customer Service - Proactive attention to each person.
  • Integrity - Do and say what's right.
  • Respect - Treat others with dignity.
  • Collaboration - Listen and work together.
  • Learning - Seek knowledge and strive for improvement.
  • Excellence – Deliver the unexpected.

Responsibilities

  • Act as the primary liaison between Information Security and business units for data protection initiatives.
  • Translate technical controls and data risk findings into business-relevant impact, including financial, regulatory, and operational implications.
  • Partner with business leaders to identify critical data assets, define classification requirements, and align protection strategies to business objectives.
  • Provide clear guidance to business stakeholders on secure data handling, sharing, and retention practices.
  • Lead awareness and training initiatives focused on reducing data handling risks (e.g., improper sharing, shadow IT, SaaS sprawl).
  • Collaborate with product, sales, and operations teams to ensure data protection requirements are embedded into business processes and customer solutions.
  • Present data protection posture, risks, and remediation strategies to executive leadership, risk committees, and non-technical audiences.
  • Establish feedback loops with business units to continuously improve usability and adoption of data protection controls.
  • Define and execute the enterprise data protection strategy, roadmap, and operating model.
  • Establish policies, standards, and procedures for data classification, handling, retention, and destruction.
  • Align data protection initiatives with NIST, CIS, SOC 2, and regulatory requirements (e.g., GLBA, CCPA, GDPR where applicable).
  • Lead the development of a data protection governance framework, including metrics and reporting for executives and risk committees.
  • Oversee deployment and management of: Data Loss Prevention (DLP) solutions (endpoint, network, cloud/SaaS), Data Security Posture Management (DSPM) and data discovery/classification tools, Encryption strategies (data at rest, in transit, and key management), Tokenization, masking, and anonymization technologies.
  • Ensure visibility and protection of sensitive data across: M365 (SharePoint, OneDrive, Exchange), Cloud platforms (Azure, AWS), SaaS platforms (Salesforce, Snowflake, etc.).
  • Define and enforce secure data lifecycle management practices.
  • Identify and assess data-related risks, including shadow data stores and unauthorized data movement.
  • Partner with Legal/Compliance to ensure adherence to privacy laws and contractual obligations.
  • Support audits and certifications (SOC 2, internal audits, regulatory exams).
  • Develop risk acceptance, mitigation, and exception processes for data-related issues.
  • Establish monitoring capabilities to detect data exfiltration, misuse, and anomalous access patterns.
  • Partner with Security Operations to integrate data protection alerts into SIEM/SOAR workflows.
  • Lead response efforts for data-related incidents, including breach investigations and reporting.
  • Provide guidance to business units on secure data handling practices.
  • Develop and maintain data protection KPIs and scorecards for executive leadership.
  • Report on program maturity, risk posture, and control effectiveness.
  • Build and lead a high-performing data protection team.
  • Drive a culture of continuous improvement, accountability, and security awareness.
  • Mentor team members and promote cross-training and career development.

Benefits

  • medical
  • dental
  • vision
  • life insurance
  • AD&D
  • LTD
  • 401(k) with employer match
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service