"Alerted.org

General Description:

The Director, Information Protection Management is a global strategic leadership role responsible for designing, implementing, and spearhead the strategy and framework that secures the organization’s most critical data assets. In this role, you will build a resilient data security ecosystem that spans data loss prevention (DLP), encryption standards, and data assurance that empower our workforce to seamlessly and safely innovate and move beyond traditional compliance checklists to build a dynamic, data-centric program that adapts to AI adoption, cloud-first collaboration, and a global environment. This role is also a bridge between technology, security, and business velocity, ensuring our data remains our greatest asset.

This role will lead a global team for Data Loss Prevention (DLP), Insider Risk Management, and participate as a core member within the Data Governance and Information Governance Committees.

Essential Functions of the Job:

Strategy & Governance

+ **Program Leadership:** Define and execute the roadmap for the Information Protection program, aligning security initiatives with business objectives and regulatory requirements (e.g., SOX, GDPR, CSL/MLPS/DSL/PIPL, EO14117)

+ **Policy Development:** Author, collaborate, maintain policies regarding data security, data classification, handling, retention, and destruction ensuring policies are practical and enforceable

+ **Data Governance & Classification:** Participate as core member to lead the effort to discover, classify, and tag unstructured and structured data across on-premise, cloud, and third-party environments

Data Security

+ **Encryption & Cryptography:** Define and enforce enterprise standards for data encryption (at-rest, in-transit, and in-use) and Key Management (KMS/HSM)

+ **Technical Controls:** Oversee the implementation of advanced data security techniques, including tokenization and data masking controls for sensitive/regulatory environments

+ **Database Security:** Partner with Data Strategy team to implement database activity monitoring (DAM) and ensure robust access controls for structured data repositories (SQL, NoSQL, Data Lakes)

+ **Data Security Posture Management (DSPM):** Lead the deployment of DSPM tools to automatically discover shadow data, identify misconfigurations, and map data lineage across cloud environments

Operational Execution

+ **Data Loss Prevention (DLP):** Oversee the deployment and tuning of DLP technologies (Endpoint, Network, Email, and Cloud/CASB, etc.). Manage the workflow for incident triage and investigation

+ **Insider Risk Management:** Collaborate with HR, Legal, and Compliance to establish an Insider Risk program that identifies and mitigates risks from malicious or negligent internal actors

+ **Cloud Data Security:** Partner with Cloud Architecture teams to ensure information protection standards are applied to IaaS/PaaS/SaaS environments (e.g., AWS S3 buckets, Azure Blob Storage, Microsoft 365, Salesforce, etc.)

Risk Management & Reporting

+ **Metrics & KPIs:** Develop executive-level dashboards that demonstrate the effectiveness of the Information Protection program (e.g., risk reduction metrics, incident response times, coverage ratios)

+ **Audit Support:** Serve as the primary point of contact for internal and external audits regarding data privacy and protection controls

+ **Vendor Risk:** Assist in evaluating the data security posture of third-party vendors and partners

Qualifications:

+ **Experience:** 10+ years of experience in Information Security or Risk Management, with at least 4 years in a leadership role.

+ **Education:** Bachelor’s degree in Computer Science, Information Systems, Business Administration, or a related field or equivalent and relevant experience and certifications

+ **Subject Matter Expertise:** Deep understanding of Data Loss Prevention (DLP) tools (e.g. Microsoft Purview, Netskope, structured and unstructured data) and Data Security, Data Governance, and Data Classification methodologies.

+ **Regulatory Knowledge:** Strong familiarity with global privacy laws and frameworks (NIST CSF, ISO 27001, GDPR, CCPA, CSL/MLPS/DSL/PIPL, EO14117)

Supervisory Responsibilities:

+ Yes

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or protected veteran status.