Enterprise Data Security Operations Analyst
Join Information Technology as an Enterprise Data Security Operations Analyst! As an Enterprise Data Security Operations Lead, your primary responsibility will be to operationalize and or execute the organization's data security measures. You will be responsible for maintaining effective data security strategies and controls to protect sensitive and confidential information from unauthorized access, disclosure, alteration, or destruction. You will work closely with cross-functional teams, including IT, legal, compliance, and business units, to ensure data security practices align with organizational goals and industry best practices. You will be dealing with various enterprise data domains teams from security point of view and here are few examples of Enterprise Domains of a Manufacturing firm - Master data domains (Customer, Supplier, Product, Material, Person etc.) and Other Domains (Demand, Supply, Inventory, Pricing, Finance etc..)
Main responsibilities of this role will include the following:
- Execute data security policies and procedures: Enforce data security policies, standards, and guidelines to safeguard data throughout its lifecycle.
- Risk assessment and mitigation: Identify potential data security risks and vulnerabilities, conduct risk assessments, and develop plans to mitigate and manage these risks effectively.
- Data classification and access control: Execute data classification framework and access control mechanisms to ensure appropriate levels of data protection based on sensitivity and user roles. Incident response and management: Develop and maintain an incident response plan to promptly respond to and manage data security incidents, including data breaches, unauthorized access, or data loss.
- Security awareness and training: Promote data security awareness across the organization through training programs, communication campaigns, and regular education sessions to foster a culture of security-conscious employees.
- Compliance and regulatory requirements: Stay updated with relevant data security laws, regulations, and industry standards and ensure the organization's data security practices align with legal and regulatory requirements.
- Data privacy and data protection: Collaborate with the privacy team to ensure compliance with data privacy regulations, such as GDPR or CCPA, and implement appropriate technical and organizational measures to protect personal data.
- Vendor and third-party risk management: Assess and manage data security risks associated with third-party vendors and partners, including conducting due diligence and monitoring compliance with security requirements.
- Incident monitoring and threat intelligence: Operationalize and or Execute monitoring tools and techniques to detect and respond to potential data security incidents promptly.
- Establish the Data Security Operations Forum framework, intake process, review cadence etc.
- Central point of contact for data security to coordinate between business, various stakeholders and internal IT Data groups.
- Accountable to drive the actions closure within the security forum and bring required items to Enterprise Data Council for review or approval or conflict resolutions.
- Advocate stakeholders across various organizations to apply established data governance framework including, data stewardship, metadata management, and data access controls.
- Champion the interdomain dependencies and create a stronger network among various domains.
- Represent the Enterprise Data Management group in corporate programs or data councils and become voice of Data Security Area.
- Simplification of the existing or legacy going to be a major responsibility of this role while establishing foundations for future efforts.
- Ensure issue management processes are in place to capture and resolve data issues in a timely manner.
The ideal candidate should have the following behavioral skills:
- Excellent analytical and problem-solving skills.
- Effective communication and collaboration skills to work with cross-functional teams.
- Strong leadership skills and the willingness to drive change and influence stakeholders.
You must possess the below minimum qualifications to be initially considered for this position. Preferred qualifications are in addition to the minimum requirements and are considered a plus factor in identifying top candidates.
The candidate must have a Bachelor's Degree in Computer Engineering, Computer Science or Information Security and 4+ years of experience -OR- a Master's Degree in Computer Engineering, Computer Science and Information Security and 3+ years of experience in Computer Science and Information Security, and 2+ years of experience in:
Data security, information security, or related roles, preferably in a Lead role capacity
Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or Certified Information Privacy Professional (CIPP)
Best practices, and industry standards Data protection laws and regulations, such as GDPR, CCPA, or HIPAA Network and system security technologies, including firewalls, intrusion detection systems, encryption, and authentication protocols Security assessment tools and methodologies.
DAMA certification preferred