Senior Data Protection Governance Analyst

About The Position

Requirements

• 5–8+ years of experience in cybersecurity governance, technology risk, compliance, audit support, or data protection programs within a regulated environment.
• Bachelor’s degree preferred or equivalent practical experience.
• Demonstrates a strong commitment to integrity, transparency, and accountability in all aspects of work.
• Proven ability to understand, govern, and effectively challenge technical security controls without serving in a direct hands‑on engineering capacity.
• Strong analytical, documentation, and executive‑level communication skills, with the ability to distill complex technical concepts into clear, decision‑ready narratives.
• Experienced in engaging with Internal Audit, second‑line risk functions, and/or regulatory stakeholders.
• Maintains current knowledge of data protection, security governance, and evolving risk and regulatory expectations.
• Builds and sustains trusted partnerships across engineering, risk, compliance, and governance teams.
• Communicates clearly and confidently with both technical and non‑technical stakeholders.
• Contributes to a collaborative, high‑trust working environment that encourages openness and shared responsibility.

Responsibilities

• Own day‑to‑day governance activities for the Data Protection Program, ensuring alignment with DTCC control standards, regulatory expectations, and enterprise risk frameworks.
• Maintain authoritative program artifacts, including: Control inventories and control mappings, Operating procedures and governance documentation, Centralized repositories for evidence and program records.
• Manage policy review cycles, control attestations, and exception tracking related to data protection obligations.
• Develop, maintain, and govern standard operating procedures (SOPs) and runbooks supporting data protection activities, including: Alert triage and escalation, Exception handling and approvals, Remediation tracking and validation.
• Ensure procedures are current, consistently applied, and aligned with how controls operate in production. Coordinate updates following control changes, incidents, or audit findings.
• Own centralized tracking of data protection exceptions, issues, and management actions arising from: Operational constraints, Business requests, Audit or regulatory findings.
• Manage exception intake, documentation, approvals, and periodic review to ensure items remain time‑bound and risk‑appropriate.
• Validate remediation actions with Engineering and Operations teams and track issues through closure.
• Serve as a primary first‑line coordinator for data protection‑related audits and reviews.
• Develop and maintain audit‑ready evidence packs, including: Control design descriptions, Operating procedures, Metrics and effectiveness evidence, Exception and remediation records.
• Ensure evidence is complete, consistent, version‑controlled, and defensible.
• Own production of operational, management‑level, and executive‑level reporting on data protection effectiveness and risk posture.
• Translate technical control signals (e.g., detections, coverage, exceptions) into clear, decision‑useful risk narratives.
• Ensure metrics are consistent, repeatable, and aligned to enterprise data risk reporting standards.
• Serve as a first‑line point of contact for Internal Audit, second‑line Risk, and regulatory examinations related to data protection.
• Coordinate collection, validation, and presentation of audit‑quality evidence.
• Track audit issues, management actions, and remediation commitments through to closure.
• Act as a governance liaison across: Data Protection Engineering & Operations (first line), Data Risk Management and Technology Risk (second line), Privacy, Legal, and Cyber Governance teams.
• Ensure alignment between technical protection outcomes and broader enterprise data risk narratives.
• Identify opportunities to strengthen governance processes, reporting quality, and evidence consistency.
• Support scaling of governance as new capabilities are introduced (e.g., expanded DSPM coverage, AI data controls).
• Contribute to improving regulator and auditor understanding of modern, data‑centric protection models.
• Maintain a strong working understanding of: Data Loss Prevention (DLP) across email, endpoint, web, SaaS, and AI environments, Data classification and labeling models, Data Security Posture Management (DSPM), CASB and AI proxy enforcement patterns.
• Partner with Engineering and Operations teams to: Understand control intent, dependencies, and limitations, Validate that reporting reflects real‑world control behavior, Identify gaps between control design, deployment, and outcomes.

Benefits

• Competitive compensation, including base pay and annual incentive
• Comprehensive health and life insurance and well-being benefits, based on location
• Pension / Retirement benefits
• Paid Time Off and Personal/Family Care, and other leaves of absence when needed to support your physical, financial, and emotional well-being.