AVP/VP - Data Protection - IT

AVP/VP - Data Protection -

Job Summary :

- We are continuing to expand our team and are looking for a Data Security & Protection Domain lead to join our team of dedicated security professional, whose job it is to providing our customers and partners with security value and outcomes.

Primary Responsibilities :

Policies and Processes :

- Participate in the development and maintenance of procedures and policies governing data protection and security

- Serve as primary contact for Data Protection Program and associated processes.

- Implement and manage data/information classification standards and the data retention program.

- Work with management in the development and enhancement of processes toensure compliance with applicable information security and information management requirements

- Lead working teams to design and implement changes to business policies, procedures and training programs as appropriate.

Assessments and Protections :

- Build a Data protection service domain

- Develop and implement a service with required services in consultation with security engineering for protecting security and integrity of coporate data assets

- Work closely with the BISO organization to engage the SCB business units and functions to understand current business arhitecture, anticipate their future strategies and provide guidance as needed

- Conduct data security assessments regarding cloud computing, mobile devices, new product or services and general initiatives

- Audit existing third party relationships and make recommendations for strengthening contracts where necessary to include provisions for data privacy and security.

- Provide informed decisions to management concerning the potential risks to the business.

- Work with business in tanded with BISO team, security engineering team and other stakeholders to mitigate risk

- Update and test data breach response plans.

- Provide a consultative approach to remediate the audit data audit findings for each business unit by suggesting ways to reduce risk

including people, process and technology solutions as appropriate.

- Provide support and advice to help ensure privacy compliance for data collection efforts in areas such as due diligence, eDiscovery, audits and investigations.

- Researching information security standards; conducting system security and vulnerability analyses and risk assessments; studying architecture/platform; identifying integration issues

Laws, Regulations, and Trends :

- Understand ensure compliance with policies, procedures, and regulations (i.e. PCI DSS, PII, SoX, EU DP)

- Maintain awareness and follow trends in the law and track new laws and regulations and advice accordingly

- Develop working relationships with Legal and Privacy teams and assist where needed in drafting, maintaining and updating employee privacy notices, data transfer and data processing agreements, and other privacy declarations

Other Duties :

- Assist with ongoing activities associated with audit and compliance work

Required Skills and Experience :

- Minimum of 10-12 years of relevant work experience.

- Determines security requirements by evaluating business strategies and requirements

- Experience implementing data loss prevention (DLP), Data Masking/Hiding/Scrubbing, classification tools and processes

- Create and support security awareness programs to inform and educate employees

- Develop, implement and mature information security services that cover the Data Lifecycle at SCB

- Act as the lead technical expert on Data Security for initiatives within SCB

- Knowledge of information management and/or information governance processes and/or privacy processes and technologies.

- Direct experience working in an information governance and/or privacy environment.

- Experience working with professionals in managing electronic information, privacy, information security, eDiscovery and records management.

- Demonstrated experience providing direction toward the determination of policy and strategy.

- Highly motivated and able to energize and support a team to deliver

- Confident, clear and organized thinker able to plan and implement delivery of services

- Desire to deliver pragmatic outcomes that benefit the business.

- Adaptability

- Ability to work independently with minimal supervision

- A good listener, able to distill essentials from conversation and to challenge appropriately.

- Able to explain and communicate complex technical issues in a way that non-specialists can understand.

- Handling data leakage security incidents and event management (SIEM) working with Incident Mgmt teams

Desired Skills and Experience

- Possess widely recognized professional certifications such as CISA, CISSP, CISM, CCSP, CIPP, CEH.

Education :

- Bachelor's degree relating to information security or information management.