Develops and maintains data security solution and technology roadmaps for structured and unstructured data discovery, classification, protection and data rights management on premise and in the Cloud. Develops the enterprise security solutions that deliver Secure Data Analytics, collecting and analyzing business and event data to drive security value and enabling the utilization of data as a business asset. Develops information security policies and procedures. Evaluates and recommends hardware and software to provide the appropriate level of protection for data, software and hardware. Manages the development, deployment and execution of controls and defenses to ensure the security and risk mitigation of company infrastructure technology, information systems and digital payment systems. Analyzes business needs and establishes priorities for protection of critical systems and operational policies. Establishes and implements appropriate standards and criteria for hardware, software, email and web firewall, access verification and encryption requirements. Evaluates potential business impacts from security breaches and provides strategic and tactical guidance to business decision-makers.
Key Qualifications, Experience and Knowledge
- Bachelor’s Degree with Master’s preferred in Computer Science, Computer Engineering, or related discipline, or equivalent.
- A minimum of 10 years of experience in Information Technology, a minimum of 5 years in information security and a minimum of 3 years in data security, preferably with recent data and Cloud technology experience.
- Security Architecture: designing and implementing data security solutions involving data encryption and tokenization.
- Data discovery and classification: asset and data discovery, classification, right management and labeling technologies.
- Data Protection: assessing or building programs related to data encryption (FPE), tokenization, masking, and key management.
- Data encryption and key management solutions within Cloud environments (e.g., AWS, Azure, GCP).
- Data Security Vendor Selection and Management: hands-on evaluation of vendors, product capabilities, and solutions focusing on Data Encryption, Data Loss Prevention, Data Rights Management, Data Classification, and Data Privacy.
- Expert level knowledge of data security concepts and relevant future technology trends.
- Expert knowledge of traditional and modern Cloud data solutions, including Cloud Access Security Brokers (CASB), DLP using Microsoft Security Solutions (Defender, Purview, MDCA)
- Strong knowledge of privacy/data standards and regulations across local, domestic, and global jurisdictions (e.g., ISO, GAPP, NIST 800 53, HIPPA, HiTrust, Privacy by Design, ITPA, PCI, SOX etc).
- Ability to interface with senior leaders across the enterprise to collaborate on, contribute to and influence concepts, architectures, plans,