Job Description
Department Summary:
The position partners closely with cybersecurity teams, business units, privacy, legal, compliance, audit, and technology organizations to identify, assess, monitor, and reduce data-related risks across cloud, SaaS, endpoint, collaboration, and on-premises environments while enabling business objectives and regulatory compliance. The position also will be critical to review and update our Security posture from a Data Security and Data Loss Prevention as we expand our AI build and capabilities.
The Information Security Specialist II – Data Security (DSPM & Data Loss Prevention) serves as a senior subject matter expert responsible for the design, implementation, governance, and continuous improvement of the enterprise Data Security Program. This role provides strategic and technical leadership for Data Security Posture Management (DSPM), Data Loss Prevention (DLP), Data Classification, Information and Data Protection, Insider Risk Monitoring, and Sensitive Data and AI governance initiatives.
Required Experience:
Experience administering or supporting Data Loss Prevention (DLP), Data Security Posture Management (DSPM), Data Classification, or Information Protection programs.
Experience conducting risk assessments, investigations, compliance reviews, and security consulting activities.
Strong understanding of cloud technologies, information lifecycle management, and data protection principles.
Preferred Experience:
Microsoft Purview Information Protection and DLP
Cyera DSPM or equivalent DSPM technologies
Broadcom/Symantec Endpoint DLP
Proofpoint DLP
Zscaler DLP
Data Classification and Labeling Solutions
Insider Risk Management
Cloud Security and SaaS Security
Healthcare data protection and regulatory compliance
Other Preferred Certifications
CISM
HCISPP
CDPSE
CCSK
GIAC Information Security Certifications
Microsoft Security Certifications
Oversee planning, execution and management of multi-faceted projects/programs for multiple functional areas across the enterprise related to risk management, compliance, control assurance, and infrastructure/information asset protection. Develop and drive security strategies, policies/standards, ensuring the effectiveness of solutions for critical and/or highly complex projects, and providing security-consultative services to the organization.
- Provide strategic and tactical direction and consultation on information security and compliance.
- Participate in security planning and analyst activities. Work in combination with IT Delivery Lead/Manager to ensure security is engaged in projects.
- Act as primary support contact for the development of secure applications and processes. Provide objective evaluations of security controls, mechanisms and goals in comparison to best practices. Develop, refine and implement enterprise-wide security policies, procedures, and standards across multiple platform and application environments to meet compliance responsibilities. Ensure policies, procedures, standards and system configurations are documented and tracked. Monitor the legal and regulatory environment for development. Recommend, manage, and implement required changes to information security policies and procedures. Monitor compliance with security policies, standards, guidelines and procedures.
- Develop processes and procedures for the information security governance program, including control document reviews, participant assessment preparation, meeting coordination, assessment finding mediation, assisting control owner with remediation plan development, tracking findings through remediation, progress monitoring, reporting and escalation.
- Ensure security compliance with legal and regulatory standards. Engage directly with the business to gather a full understanding of project scope and business requirements.. Provide security-related guidance on business process. Work closely with IT and development teams to design secure infrastructure solutions and applications, facilitating the implementation of protective and mitigating controls.
- Work directly with the customers, third parties and other internal departments and organizations to facilitate information security risk analysis and risk management processes and to identify acceptable levels of residual risk. Participate in the development and maintenance of a global risk framework (a single view of the company’s risk profiles and tolerance.). Capture, maintain, and monitor information security risk in one repository. Serve as a subject matter expert (SME) for performing vendor risk assessments to improve overall vendor risk program.
- Assess threats and vulnerabilities regarding information assets and recommend the appropriate information security controls and measures. Develop and implement strategies to align information security with business objectives and goals, protecting the integrity, confidentiality and availability of data.
- Assist/perform in security assessments and performs security attestations. Participate in security investigations and compliance reviews as requested. Consult with clients on security violations. Act as liaison between internal audit and IT to ensure commitments are met and controls are properly implemented. Ensure coordination of all IT internal and external assessment components.
- Define security configuration and operations standards for security system and applications, including policy assessment and compliance tools, network security appliances, and host-based security systems. Define and validate baseline security configurations for operating systems, applications, networking and telecommunications equipment. Identify and coordinate resolution of information security recovery issues.
- Lead and review application security risk assessments for new or updated internal or third party applications. Maintain contact with vendors regarding security system updates and technical support of security products. Assist in cost-benefit and risk analysis. Security trend and provide recommendations.
- Drive IT changes to ensure effective risk based implementations, awareness and accountability. Evaluate the effectiveness of awareness and training programs and makes recommendations for improvement. Conduct knowledge transfer training sessions to security operations team upon technology implementation.
" Qualifications"
- Bachelor’s degree in related field preferred.
- Seven (7) years of combined IT and security work experience with a broad range of exposure to systems analysis, application development, and systems administration.
- Five (5) years of experience designing and deploying security solutions at the enterprise level required.
- Certified Information Systems Security Professional (CISSP) or Certified Information Security Management (CISM) certifications required.
- Knowledge and familiarity with security frameworks (e.g. HITRUST) preferred.
- In-depth knowledge of security issues, techniques and implications across all existing computer platforms required.
- Strong analytical, problem solving, and consulting skills with knowledge of Information Security and related technologies.
- Knowledge of approaches, tools, and techniques for recognizing, anticipating, and resolving problems; ability to apply this knowledge to diverse situations.
- Experience designing and implementing security solutions.
- A high proficiency level in specific job related skills is required; accuracy and attention to detail skills.
- Written and verbal communication skills.
- Other related skills and/or abilities may be required to perform this job.
All qualified applicants will receive consideration for employment without regard to, among other grounds, race, color, religion, sex, national origin, sexual orientation, age, gender identity, protected veteran status or status as an individual with a disability.