Job title: Sr. Engineer – Data Loss Prevention
Fidelity National Financial, Inc. (NYSE: FNF) is a leading provider of title insurance and transaction services to the real estate and mortgage industries. FNF is the nation's largest title insurance company through its title insurance underwriters - Fidelity National Title, Chicago Title, Commonwealth Land Title, Alamo Title and National Title of New York - that collectively issue more title insurance policies than any other title company in the United States. More information about FNF can be found at fnf.com.
FNF is seeking a Sr Engineer of Data Loss Prevention (DLP) to join the Information Security Office (ISO) in either the Jacksonville, FL office or REMOTE. This position will report to the Director of DLP & Insider Threat Engineering. The Sr. Engineer will support FNF’s DLP toolsets, Insider Threat Management, DLP Investigation, Secure Data Transmission, and Cloud Data Protection initiatives. An ideal candidate must be fluent in DLP technologies and methodologies, root cause analysis and risk management, security best practices standards, and audit and regulatory frameworks.
- Develop, deploy, and manage target state DLP technologies, integrations, and policies.
- Manage full lifecycle of design and support evolution of engineering, system administration and daily operations of DLP technologies and services with a focus on continuous service improvement.
- Manage and mature DLP program-related controls, documentation, testing and alignment with risk management framework.
- Assess business requirements of the various lines of business and align solutions to balance enablement of the business with appropriate security controls.
- Collaborate with other security groups to ensure alignment of strategies and ensure control coverage.
- Support creation and documentation of business process aspects of the DLP initiative including process and procedure manuals, training, employee communication, workshops, business unit orientation and on-boarding, and team meetings.
- Work with DLP Response team to deliver measurable metrics reporting, Key Risk Indicators (KRI’s) and Key Performance Indicators (KPI’s) that will be used for reporting to stakeholders and board of directors and continuous improvements for the program.
- Work with various Audit, Compliance and Assessment teams and programs to identify, assess and mitigate operational risks, evaluating the adequacy and effectiveness of the platform, standards, procedures, processes, and internal controls.
- Support adherence to applicable Security Controls, Policies, and Standards; partner with business owners and technology groups to synchronize plans to remediate gaps.
- Participate in afterhours activities, as necessary, such as an on-call rotation and critical incident investigations.
- BS/MS in Computer Science or Business with emphasis in IT or equivalent is optional, but highly desired.
- Relevant cyber security certifications, such as CISSP, CISM, are optional, but highly desired.
- 6+ years of Cybersecurity, Security Engineering and/or Governance Risk and Compliance related experiences.
- Experience with Enterprise DLP, UBA, UEBA, CASB, DAG, DAM, software solutions, design, and implementation.
- Familiarity with Forcepoint, McAfee DLP, Microsoft Defender for Applications (Formally MCAS), MIP, Proofpoint, and/or Varonis.
- Experience building and maintaining custom DLP detection and prevention policies.
- Experience successfully working within a globally distributed/remote organization of team members and key program stakeholders.
- Experience gathering, developing, and documenting business/technical requirements.
- Experience developing and maintaining a DLP development/test lab environment.
- Familiarity with regulatory standards such as PCI, NYDFS, GDPR and/or CCPA.
- Experience taking requirements and translating them to technology through evaluation and implementation.
- Experience analyzing and quickly identifying important DLP events to investigate/remediate.
- Experience writing, reviewing, and maintaining technical program documentation
- Experience mentoring and training peers and junior level resources.
- Experience interfacing with Sr. leadership to present both situation reports and business proposals for strategic change/improvements.
Nice to Have
- Experience with SOAR technologies.
- Experience with ServiceNow Security Incident Management.
- Experience writing and maintaining scripts.
- Team player with strong analytical skills
- Inquisitive mindset, ability to adapt and learn within a complex, dynamic environment and evolving threat landscape
- Coach-able and willingness to learn and grow in the organization
- Salary: $120000 - $150000
- Citizenship: Us Citizen
- Incentives: Not Provided
- Education: Bachelors Degree
- Travel: No Travel
- Telework: Full Telecommute