Job Summary :

We are seeking a highly skilled and experienced Data Protection Specialist to be responsible for the end-to-end strategy, design, implementation, and maintenance of our enterprise data protection framework. This role requires deep technical expertise in technologies like DLP, encryption, and tokenization, coupled with a strong understanding of global data privacy regulations (e.g., GDPR, CCPA). The Specialist will ensure data integrity, confidentiality, and compliance across all systems and applications.

Key Responsibilities and Technical Focus :

Design and Implementation :

- Design, deploy, and maintain data protection solutions, including Data Loss Prevention (DLP) systems, encryption technologies (at rest and in transit), and data masking/tokenization solutions.

Policy and Governance :

- Develop, refine, and enforce data protection policies, standards, and procedures in close collaboration with legal and compliance teams to ensure legal and regulatory alignment.

System Administration :

- Manage and optimize critical data protection infrastructure, including Key Management Systems (KMS), Hardware Security Modules (HSMs), and cloud-native protection services.

Incident Response :

- Participate in security incident response activities related to data breaches or data exfiltration events.

- Conduct root cause analysis and implement effective corrective actions to prevent recurrence.

Compliance & Auditing :

- Ensure all data processing activities comply with global and regional data privacy regulations (e.g., GDPR, CCPA).

- Prepare detailed documentation and evidence necessary for internal and external audits.

Security Architecture :

- Provide security expertise to development (Dev) and operations (Ops) teams on integrating robust data protection controls into new and existing applications and infrastructure.

Vulnerability Management :

- Identify data-related security vulnerabilities (continuation of the point from the original text).

Required Qualifications & Skills :

Experience : Minimum 5-8 years of experience in Information Security, specifically focused on Data Protection.

Core Technologies : Hands-on expertise in implementing and managing DLP tools, various encryption methods (symmetric/asymmetric, TDE), and data masking/tokenization solutions.

Infrastructure : Proven experience administering and optimizing KMS and HSMs.

Compliance : Strong working knowledge of major global data privacy regulations (e.g., GDPR, CCPA).

Incident Handling : Experience participating in and leading incident response and remediation efforts related to data security.

Communication : Excellent collaboration skills for working with legal, compliance, and development teams.

Preferred Skills :

- Relevant certifications such as CISSP, CISM, CIPP/E, or CIPT.

- Experience with cloud-native data protection services (e.g., AWS KMS, Azure Key Vault, Google Cloud KMS).

- Scripting skills (e.g., Python, PowerShell) for automating security tasks and data reporting.