We are hiring a data security analyst who is an expert in data and system security and have a good understanding of GDPR.
Responsibilities include:
Lead the enterprise data engineering security development practices to ensure that information protection requirements and associated security controls are integrated into the platform
Recommend the appropriate technology patterns to ensure Data Engineering's compliance and conformance across all data security and privacy category standards
Architect and implement workflows for data access and baseline activity logging and monitoring services.
Establish and maintain specification policies to drive data masking, anonymization, encryption, and de-identification mechanisms within applicable environments
Lead the design & build of specifications/guidelines to set up test data sets with appropriate scrambling and encryption.
In alignment with GDPR, manage and operationalize the appropriate process and technology to be in alignment with companies’ data retention and disposal policies, procedures
Facilitate risk escalation, exception processes, and development of remediation plans when security standard alignment is not possible
Provide continual education to the Data Engineering organization on company and industry leading security and privacy practices
Execute and review regular scanning of existing databases, file shares, SharePoint sites and other data repositories for sensitive data.
Document findings; engage stakeholders and risk management partners on acceptable remediation approaches; and track repeat offenders over time.
Administer assigned security systems, in accordance with appropriate policies, SLAs, and directions from leadership.
Vet and fulfill requests for exceptions to security policies/standards related to protecting data at rest on premises or in the cloud.
Extensive Knowledge of data security standard methodologies for structured and unstructured data repositories
Hands-on experience with data protection technologies (i.e. data loss prevention, encryption, data-masking, rights management, and database activity monitoring).
An understanding of the business requirements process used to effectively identify and apply security controls.
Experience designing and implementing security solutions for data-oriented platforms. This includes the implementation of encryption, redaction, masking or anonymization schemes
Strong knowledge and understanding of current business continuity and disaster recovery planning techniques and technologies, as well as the methods used in performing risk analyses and business impact analyses
Extensive experience in working with data-intensive applications and infrastructures
Solid understanding of data governance and data life cycle management practices.
Risk Certifications a plus (CISSP, CRISC, other Risk Management certifications)