We are currently seeking a Director to spearhead our Data Protection and Governance Program. The Data Protection and Governance Program Director will report to the Chief Information Security Officer within the function of Cyber Risk Team within Enterprise Risk Management organization. Itis a fast-growing team focused on providing expert insight into risk, developing team members, and effective oversight of cybersecurity and technology risk. This is a team where you can work with great team members across the Cyber Risk, Cyber Tech, Risk Management, and Technology organizations. You will be challenged to excel with exciting and challenging opportunities daily. There is transparency and great support from management teams to allow team members to be effective, grow their careers and meet company goals. Hard work and initiative are rewarded and recognized by management and colleagues alike, which promotes a culture of respect and value across the organization. Within the Cybersecurity Risk team, you will be conducting meaningful work and making a difference in the lives of customers and team members by promoting a cybersecurity culture, optimizing cybersecurity capabilities, protecting data, and developing cyber resilient programs.

Technical Job Responsibilities

• Develop, implement and communicate a comprehensive enterprise-wide Data Protection & Governance program that aligns with  our values and culture, is applicable to current business, and scalable to account for business growth and changes to regulatory requirements across both on prem and cloud environments.

• Drive collaboration among diverse teams to develop and implement data protection controls appropriate to the business processes.

• Manage teams developing and implementing data inventory, protection, and other governance solutions and capabilities that are clearly aligned to the business, technology and threat drivers.

• Lead evaluation of new solutions and services, providing a business case and recommendations on new Data Protection solutions and technologies.

• Facilitate the identification, classification, and assignment of roles and responsibilities for data management to include Data Owners and Data Stewards across all business divisions, and data engineering and operation roles across the organization.

• Manage the processes and implementation of the full data lifecycle to include data inventory, classification, protection, retention, and destruction requirements enterprise wide.

• Collaborate with various stakeholders, including cybersecurity engineering, business product and data teams providing advice on new projects and product features, and implementation of proposed solutions and best practices.

• Stay abreast of changing regulatory landscape and ensure compliance with applicable regulations related to data protection.

Required Experience

• 5-7years of experience managing projects related to the defining and assessing of Data Protection strategy, architecture and practices, and technology implementation.

• Experience leading technology, cybersecurity, privacy, data protection, and/or IT compliance teams

• Understanding of the components of comprehensive Data Protection & Governance program, including governance, policy, organizational design, communications and training, architecture, technologies, processes, and controls

• Understanding of Data Protection technology capabilities such as data discovery, CASB, Microsoft AIP, information rights management, and data loss prevention

• Outstanding interpersonal skills to effectively build relations and interact with stakeholders all levels within the organization with proven success in building and developing strong relationships with business stakeholders.

• Ability to lead small and large cross-functional teams effectively, managing multiple projects at a time.

• Practical experience implementing data protection and governance programs and policies.

• .Practical experience documenting data inventories and data protection control activities Master communicator and active listener who understands how to navigate an audience.

• Ability to manage and prioritize multiple projects and resources with a sense of urgency.

• Familiarity with implementing technical controls required to meet privacy and data protection requirements.

Desired Experience

• Practical knowledge of privacy regulations as it applies to data protection requirements 

• Experience and familiarity with cloud data security and working with public cloud solutions (AWS, Azure)

• Ability to see correlations between data, risks, and initiatives that others may not.

• Adaptable and comfortable with ambiguity, yet eager to understand the root cause of a challenge and drive a solution.