Data Protection Analyst

Role & responsibilities:

1. Develops and maintains the Cyber Security data protection and privacy technical architecture to safeguard data, personnel, products and solutions that meet business requirements. Recommends guiding principles and technical standards that foster technological development.

a. Collaborates with IT and business units to understand the requirements for security of data (stability, availability, integrity, privacy, etc.).

b. Maintains architecture diagrams for both current and future states.

c. Builds security controls that transition from current to future states.

d. Stays abreast of technology innovations relating to data protection to ensure decisions align with industry best practices.

2. The Data Protection Analyst will manage our Microsoft Purview Configurations and any other tools that contribute to data security. In addition, will assist in monitoring and assessing security to maintain governance, risk and compliance requirements through technical audits, risk assessments and issue management to maintain a compliant, audit ready posture. This role may also support the Enterprise Architecture team and Project Management Office to deliver technical security advisory services.

a. Configure data classification controls and standards for the environment.

b. Define data loss prevention controls and standards to protect our most sensitive data.

c. Collaborate with Insider Risk team to identify and remediate risks.

d. Identifies security and compliance requirements that align with standards, policies, technical controls, and architecture principles. Reviews risk assessments completed as part of the project lifecycle.

3. Performs security impact assessments to determine the enterprise's specific security, AI and privacy related risks.

a. Performs risk assessment to ensure appropriate security during the introduction of modern technologies. Review and approve the findings and recommendations of risk assessments.

b. Conducts audits and monitors issues to provide assurance reporting of how complying with policies, industry and regulatory standards, and requirements to ensure the internal control framework is compliant and audit ready.

c. Conducts security due diligence of third parties (vendor, suppliers and partners) based on risk model including security contract language, and logical, physical, and administrative controls.