DLP Information Security Senior Advisor (DLP Subject Matter Expert)
The DLP Information Security Senior Advisor develops, recommends, and implements enterprise information security policies, technical standards, guidelines, procedures, and other elements of an infrastructure necessary to support information security in compliance with established company policies, regulatory requirements, and generally accepted information security controls. Responsible for the selection and delivery of strategic network security, access control and secure transaction/messaging solutions. Primary duties may include, but are not limited to: leading system and network architecture support for DLP related: information and network security technologies; development and execution of risk assessment methodologies to fit business, regulatory, and technical environment considerations; development of requirements, system architecture, and software design of DLP security products and services; leads the development of strategies for discovery, evaluation and response to new networking attacks; develops security incident response plans and strategies.
Provides trouble resolution and serves as point of technical escalation on complex problems. Creates presentations and seeks IT management approval and acceptance of significant replacements or reconfigurations of major security systems serving the Enterprise. Sets vendor strategy and direction. Designs & engineers comprehensive DLP related access management and network security technical solutions based on business requirements and defined technology standards; works with architecture to update technology direction & strategy. Develops reports supporting strategy and direction for management. Capable of leading DLP Solution gap analysis and trade studies, working with vendors to understand and evaluate comparable technologies.
Must be capable of providing top-tier support for 5 or more of the information security technology common body of knowledge skill sets: 1) Access Control, 2) Application Security, 3) Business Continuity and Disaster Recovery Planning, 4) Cryptography, 5) Information Security and Risk Management 6) Legal, Regulations, 7) Compliance and Investigations, 8) Operations Security, 9) Physical (Environmental) Security, 10) Security Architecture and Design, 11) Network Security.
BS/BA in related field
8+ years’ experience in fielding DLP solutions in US Federal Government agencies, and security aspects of information systems, computer networking, telecommunications, systems development and management or any combination of education and experience, which would provide an equivalent background
Advanced cybersecurity and DLP knowledge and understanding of industry-accepted data processing controls and concepts as applied to access management and network security technologies, hardware, software, data, network communications, and people
Expertise with Data Loss Prevention, Data Protection, or Insider Threat security programs
Knowledge of Varonis, McAfee DLP, Varonis, EnCase Forensic, HEAT, Ivanti, Cisco Email Security Appliance (ESA) and Netskope – CASB
Cybersecurity/DLP Expert in at least one of the following cyber-protection areas: Endpoint, Cloud, Network, and Storage
Working knowledge of HIPAA Privacy and Security Rule, HITECH Act, Privacy Act, NIST guidelines, FISMA, Federal Acquisition Regulation (FAR) and other laws and regulations pertaining to the protection of sensitive PHI/PII data.
Experience with the following DLP strategy, policy, and solutions
Discover, identify and prioritize confidential data (e.g. High Value Assets – HVA)
Categorize (classify) the data
Understand when data is at risk
Monitor all data movement (including exfiltration)
Communicate and develop controls
Experience building and maturity information security programs
Experience managing and responding to audit and compliance requests
Coordination of vendor support services, issues, and escalation
Experience managing internal governance functions
Excellent verbal communication skills
Knowledge of cloud services (AWS, Azure, others)
CISSP and other advanced technical security certifications (e.g. Information Systems Security Architecture Professional, Information Security Engineering Professional, Certification and Accreditation Professional, or equivalent certifications) preferred
Data Loss Prevention project experience as a in a US government agency preferred