Sr Manager, Data Protection Engineering

Responsibilities/Requirements:

• Develops and administers the solutions that meet system expectations relative to scalability, performance, fault tolerance, usability, and data integrity.
• Delivers solutions that meet end user expectations relative to performance, usability and security for the Information Security Engineering and Support function.
• Job focus is on managing others and applying strategic leadership and operational management skills. Management responsibilities and decisions likely include hiring, performance reviews, pay decisions and development.
• Achieves goals mostly through work of others. Manages professional staff and/or supervisors/ team leads. Accountable for the performance and results of a team within own area of specialty.
• Adapts departmental strategies, plans, and priorities to address resource and operational challenges. Decisions and problem solving are guided by well documented and approved policies, requirements, processes, procedures, and department plan; receives strategic direction and guidance from the Global head of Data Protection. Provides guidance to partners, colleagues and/or clients.
• Primary candidate has techno-functional knowledge and experience in Information Security domain involving undertakings and projects focusing on data security activities. This includes prior contributions to the strategic direction of data security programs, working knowledge of, and experience with the development and enterprise-wide implementation of end-to-end processes, as well as data security best practices.
• Identifies and solves strategic, technical and operational problems; understands and recognizes broader impact across the department, and within the broader information security organization.
• Develops strategic and tactical goals, organizes the work, sets short-term priorities, monitors all activities, and ensures timely and accurate completion of the work.
• Guided by policies and departmental plan, impacts the teams ability to achieve service, quality and timeliness of objectives.
• Applies understanding of the business and how own area integrates with others to achieve departmental objectives.
• Guides and influences others either internally or externally to adopt a different point of view.
• Develop, socialize, maintain, and interpret complex data security governance elements (e.g., policy, standard, TOM, business processes, business continuity, and disaster recovery plans) that define data security requirements.
• Having strong expertise in Database Activity Monitoring (DAM) and secondary encryption.
• Develop, implement, and execute governance and monitoring processes and controls as required per internal/external standards and regulations (e.g.: FFIEC, GDPR, etc).
• Responsible for execution of Data Protection Risk & Controls Self Assessments (RCSA), as well as development and ongoing maintenance and enhancement of Data Protections Process Risk & Controls Inventories (PRCI).
• Responsible for providing oversight for Data Protection controls design, development, execution and testing.
• Responsible for monitoring KRI/KPI and conducting escalation activities for non-compliance to data protection policies, standards, processes, and procedures to various levels of leadership.
• Contributes to the optimization, execution, and maintenance of a data security program elements, especially those involving business processes, repeatable methods, automation, controls efficacy, and measurements needed for a viable risk-based data security program (e.g.: KRI/KPI metrics).
• Works with information security management frameworks (i.e., ISO 2700X, NIST CSF, SANS Top 20 Critical Security Controls, etc.).
• Responds both verbally, and in writing, to complex inquiries and new periodic exams from both internal partners (e.g., legal, compliance, audit, risk) and external partners (e.g., regulators, external auditors, third-parties). This also includes prior experience in optimization and execution methods to improve future responses to such inquiries, as well as prior experience providing peer-review of such responses.
• Responsible for the management and tracking of internal and external issues or areas of concerns related to the Data Protection program (e.g.: audit responses, etc).
• Responsible for managing the content on the Enterprise-wide knowledge and collaboration workspace specifically for the Data Protection program.
• Provides input and support to Data Protections programme strategy and budget management process.
• Conducts performance management and career development processes, provides input for staffing and disciplinary actions and provides hands-on training to staff
• Displays a balanced, cross-functional perspective, liaising with the business to improve efficiency, effectiveness and productivity

Minimum:

Bachelors degree or equivalent experience

Experience managing one or more teams; adapts department plans and priorities to meet short-term service and/or operational objectives

Technical experience in managing Database Activity Monitoring (DAM) and secondary encryption functions.

Experience in managing global teams, ensuring timely delivery of highquality technical outcomes.

Expert experience in design, execution and testing of information security internal controls

Experience with end-to-end strategic program roadmap development

Strong analytical and problem-solving skills

Expert experience with report visualization (Excel, PowerPoint, Tableau, Power BI, etc.)

Excellent communication skills

Strong organizational and facilitation skills

Ability to work autonomously, under pressure, and to prioritize tasks

Preferred:

CISSP, CISM, or other information security certifications

Experience with computer languages (SQL Query, Python, etc.)

Vast working knowledge of Business Process Management

Experience with KRI/KPI and dashboard reporting development and socialization