Manager, Data Protection & Information Security Efficacy

About The Position

Requirements

• 8+ years of experience in information security, including experience in data loss protection, insider risk management, information security metrics and simulations.
• Experience with Data Protection platforms BigID and Purview.
• Experienced in building Power BI dashboards, integrating data through API connections, and developing automation workflows to streamline reporting and operational processes.
• Excellent communication and interpersonal skills, with the ability to explain complex technical concepts to non-technical stakeholders, both verbally and written.
• Strong understanding of cybersecurity frameworks and best practices.
• Convey a can-do approach, even in the face of obstacles and constraints, by assessing what is in front of you and effectively and efficiently optimizing what you have, whether it is working on something new or thinking about how to do something better.
• Demonstrate teamwork and communication skills through knowledge sharing, collaboration, and relationship-building.
• Exhibit the capacity to actively learn and apply specific domain knowledge and best practices to continually enhance and improve.
• Bachelor’s degree in computer science, Information Security, or a related field.

Nice To Haves

• Experience with cloud security (e.g., AWS, Azure, Google Cloud) is desirable.
• Certifications such as CISSP, CISM, CISA, or similar are highly desirable.

Responsibilities

• Configure, operate, and maintain DSPM and data protection technology platform, including classifiers, policies, correlation logic, and enforcement controls—to ensure consistent alignment with the enterprise information protection strategy.
• Partner with business and IT teams to identify vital and sensitive company data and implement the appropriate protection controls.
• Monitor and respond to alerts or reports of potential information or data exposure, coordinating with SOC and IT teams as needed to ensure timely analysis and response.
• Perform root cause analysis for identified threats or exposure events and drive corrective actions to prevent recurrence.
• Maintain, refine, and enhance information protection rulesets in collaboration with information security, business stakeholders, and IT teams, supporting the identification, remediation, or mitigation of data protection gaps.
• Responsible for collection, analysis, and reporting of key performance indicators (KPIs) and key risk indicators (KRIs) across all information security program domains to measure control effectiveness and overall program maturity.
• Develop and maintain near–real‑time dashboards that provide transparency into program performance, risk trends, and operational metrics for stakeholders and leadership.
• Conduct periodic benchmarking of the information security program by coordinating with BISO, Information Security, IT, and other stakeholders to evaluate progress against internal targets and industry standards.
• Partner with IS and IT teams to execute the organization’s annual strategy and roadmap for adversary simulations and internal and external penetration testing across network, web applications, and critical systems.
• Support with overseeing third party selection, planning and execution of internal and external testing activities, ensuring alignment with approved methodologies and rules of engagement.
• Evaluate and synthesize test results to identify systemic risks, control weaknesses, and emerging patterns.
• Partner with security, IT, and business stakeholders to ensure remediation actions are prioritized, tracked, and validated.
• Prepare input and summaries for executive‑level reporting on testing outcomes, risk posture, and improvements to strengthen overall security resilience.
• Support the BISO in the development and delivery of organization-wide information security training content.
• Establish and publish technical security guidance in coordination with information security colleagues.
• Participate in the design and assessment of phishing simulation campaigns to assess employee awareness through the company’s phishing delivery platform.

Benefits

• Comprehensive medical, dental, vision, prescription drug coverage
• company provided basic life, accidental death & dismemberment, short-term and long-term disability insurance
• tuition reimbursement
• student loan assistance
• a generous 401(k) match
• flexible time off
• paid holidays
• paid leave programs