Essential Duties & Responsibilities:
Performs a combination of duties in accordance with departmental guidelines:
Leads the development of data security strategies and designs data security architecture for company’s IT systems that aligns with our Secure Data Strategy, embedding security into the overall approach and vision for data across the enterprise.
Participates in the creation, update and review of corporate security policies and technology standards for data security.
Creates and maintains the information security technology standards to align with corporate data security policies and standards
Develops and maintains data security solution and technology roadmaps for structured and unstructured data discovery, classification, protection and data rights management on premise and in the Cloud.
Develops, maintains and governs the reusable data security framework and design patterns
Develops the enterprise security solutions that deliver Secure Data Analytics, collecting and analyzing business and event data to drive security value and enabling the utilization of data as a business asset.
In collaboration with Information Security and Legal, design solutions and processes to resolve current and potential legal and regulatory issues affecting information security and assesses their impact on company’s security and technology teams.
Contributes to general enterprise architecture framework and strategy development and enhancements.
Key Qualifications, Experience and Knowledge
Bachelor’s Degree with Master’s preferred in Computer Science, Computer Engineering, or related discipline, or equivalent.
A minimum of 7 years of experience in Information Technology, a minimum of 5 years in information security and a minimum of 3 years in data security, preferably with recent data and Cloud technology experience.
Security Architecture: designing and implementing data security solutions involving data encryption and tokenization.
Data discovery and classification: asset and data discovery, classification, right management and labeling technologies.
Data Protection: assessing or building programs related to data encryption (FPE), tokenization, masking, and key management.
Data encryption and key management solutions within Cloud environments (e.g., AWS, Azure, GCP).
Data Security Vendor Selection and Management: hands-on evaluation of vendors, product capabilities, and solutions focusing on Data Encryption, Data Loss Prevention, Data Rights Management, Data Classification, and Data Privacy.
Expert level knowledge of data security concepts and relevant future technology trends.
Strong knowledge of data loss prevention concepts and technologies
Expert knowledge of traditional and modern Cloud data solutions, including Cloud Access Security Brokers (CASB).
Strong knowledge of privacy/data standards and regulations across local, domestic, and global jurisdictions (e.g., State Level Data Protection, ISO, GAPP, NIST 800 53, HIPPA, HiTrust, Privacy by Design, GDPR, EU Data Protection Directives, CCPA, APEC Privacy Framework).
Ability to interface with senior leaders across the enterprise to collaborate on, contribute to and influence concepts, architectures, plans, and the execution therein.
Strong knowledge of information security audit, compliance and risk management, and experience developing security and technology standards
General knowledge and experience in related security domains such as application security, identity and access management, and security operations services.
General Skills, Personal Attributes and Certifications
Strong communication skills with diverse audiences and demonstrated ability to explain technical topics to those without a technical background
Strong leadership, project and team-building skills, including the ability to lead teams and drive projects and initiatives in multiple organizations
Senior-level knowledge and experience of general enterprise architecture framework, best practices and methodologies
Excellent project management skills with ability to organize, prioritize, and plan effectively to meet project goals.
Highly pragmatic and adaptable in approach, with a strong ability to balance a company’s risk tolerance with desired business outcomes.
Knowledge of the insurance industry, its products and services is preferred but not required
Prefer one or more security certifications: CISSP, CISM, ISSAP and/or ISSEP