Data Security Analyst

Job Family Group: Information Technology

Career Band Level: P3

Job Family: IT Security

Job Summary:

The Data Security Analyst will setup and run the data protection strategy. Must be able to analyze and understand how the different data security technologies come together to provide a holistic data protection program. Responsible for information security-related operational tools, techniques, policies and standards. Demonstrates strong personal skills and business acumen.

Accountabilities & Responsibilities:

• This resource will be working hand in hand with Security Engineering team and the Governance, Risk, and Compliance (GRC) team to build a data protection program from the ground up.
• Experience with performing gaps analysis on existing system and processes.
• Experience with data security and analysis of flow of data through the information life cycle.
• Will work very closely with the company's Technology Services team and the various business units on data discovery, performing gap analysis of existing access, and data security controls.
• Help devise & recommend data security strategy, roadmap & program-related items, based on results of gap analysis
• Collaborates with GRC team on the implementation & maturation of security controls against industry-recognized security frameworks & standards such as NIST CSF and NIST 800-53
• Must be able to analyze and understand how the different data security technologies come together to provide a holistic data protection program.
• Must be able to do auditing and analysis activities from a strategic point of view.
• Updates leadership on current data security risks as it pertains to enterprise sensitive data
• Ability to identify access & data security gaps throughout the Information Lifecycle & recommend techniques & tools to improve data security & prevent data loss
• Assess & recommend enhanced logging & monitoring capabilities to better track/monitor the usage of sensitive data as it lives & moves throughout structured & unstructured repositories
• Familiarity with encryption, cloud security, data warehouse/data lake security and access controls - highly desirable.
• Performs other duties as required.

Education & Experience:

• Minimum Education: Bachelor’s Degree in Computer Science, or equivalent (6+ years) work experience.
• Minimum Experience: 4+ years of experience with IT Security; Experience in a publicly held IT organization preferred
• Requirement to speak, read and write in English with a minimum of 85% proficiency

Knowledge & Skills:

Special Skills:

• Familiarity with various security tools such as Data Leakage Protection (DLP) and Digital Rights Management (DRM).
• Effective business consulting skills including the ability to establish rapport with the business.
• Superior organizational and communication skills.
• Highly proficient oral and written communication capabilities as well as executive presentation abilities.
• Proficient with MS Office Tools
• Ability to be very organized and detail oriented

Specialized Knowledge:

• CISSP or similar security certification recommended - In addition, CISSP-ISSEP, CISA, CRISC, and ITIL ITSM Foundation is desirable.
• Solid knowledge of Sarbanes Oxley compliance, corporate security and network policies and procedures.
• Working knowledge security framework models such as NIST CSF, NIST 800-53, ISO 27000 series, COBIT, etc.

Other:

• Displays the highest standard of integrity (demonstrated by an unblemished career history, complete lack of criminal convictions etc.), and willing to undergo vetting and/or personality assessments to verify, if necessary.
• Travel 0-15% of time depending on business needs.