Cyber Security Analyst II, Data Protection

Responsibilities:

• Provide technical leadership for detection and response workflows by triaging data protection events, validating true positives, conducting root cause analysis, and driving containment and remediation actions with stakeholders.

• Maintain and refine processes and procedures for effective data protection, including incident response plans and data classification schemes.

• Ensure comprehensive documentation of data protection measures, procedures, metrics and training materials is maintained and regularly updated.

• Drive data protection awareness and education programs across the organization to promote a secure data handling culture.

• Collaborate with cross-functional teams to align data protection strategies with organizational goals and regulatory requirements.

• Support the evaluation of emerging data protection technologies and best practices to enhance the organization's security infrastructure.

• Oversee the development and implementation of data governance frameworks to ensure compliance with data protection standards, laws and regulations.

• Support the maintenance of data protection dashboards and reports by defining metrics and data requirements, integrating relevant telemetry to ensure data quality and consistency.

• Conduct regular reviews of data access controls and policies to align with enterprise standards and regulations.

• Facilitate cross-departmental collaboration to ensure data quality and consistency across the organization.

• Support create and standardize data protection processes to prevent, detect, and respond to potential data breaches.

• Develop and maintain training programs and procedures to ensure AES People are knowledgeable in data protection best practices.

• Implement continuous improvement practices to enhance data protection measures and adapt to evolving threats.

• Monitor and support reporting on the effectiveness of data protection strategies to senior management and stakeholders.

• Provide guidance on data protection impact assessments for new projects or technologies.

• Support the response to data protection incidents, ensuring timely reporting and resolution in accordance with SLA's, legal and regulatory obligations.

• Establish and enforce data governance policies to manage enterprise data effectively.

Required Skills:

• Minimum of 4 years of experience working within a security organization, ideally with a focus on process and governance oversight.

• A candidate must possess an analytical mindset to support the continuous optimization of Data Loss Prevention (DLP) and Insider Threat processes and procedures through automation and other optimization techniques.

• Proven experience in leading cyber security initiatives.

• Knowledge of SIEM/SOAR technologies, Microsoft security tools, and enterprise proxy solutions for DLP and insider risk management.

• Understanding of data protection laws and regulations, such as GDPR, CCPA, etc.

• Exceptional communication skills, capable of effectively engaging with both technical and non-technical audiences on data protection issues.

• Knowledge of data lifecycle management, data classification, and data governance principles and practices.

• Strong organizational skills, with the ability to manage and take ownership of multiple priorities in a dynamic environment.

• Candidate must have experience as an analyst on an Insider Threat, Security Operation Center (SOC), or Incident Response (IR) team

Desired Skills:

• Advanced certifications in data protection, privacy, or security domains, such as CIPP/E, CIPT, CIPM, CISM, CISSP, etc.

• Comprehensive knowledge of data protection regulations and frameworks (GDPR, CCPA, NIST, ISO 27001, etc.).

• Ability to coordinate data protection assessments and audits.

• Exceptional analytical and problem-solving abilities.

• Proven track record of successful collaboration with cross-functional teams and executive stakeholders.

• Basic understanding of Operational Technology environments.