Data Security Operations Lead
Black & Veatch · Cary, NC · 1 wk ago
ManagementFull-time
About the role
The Data Security Operations Lead will oversee the organization's data security initiatives, driving the development, implementation, and management of a comprehensive data security program.
Responsibilities
- Oversee the continuous identification and mapping of all data assets across diverse environments, including cloud (IaaS, PaaS, SaaS), databases, and on-premises systems.
- Utilize available tools to discover data stores and maintain a real-time inventory of sensitive data, ensuring no blind spots in the data landscape.
- Collaborate with IT and business units to understand data flows and ensure comprehensive visibility into where critical data resides.
- Maintain and support a robust Data Security Posture Management (DSPM) framework to continuously assess and improve the organization’s data security posture.
- Identify and prioritize risks, such as misconfigurations, excessive permissions, or plaintext data storage, and provide actionable remediation recommendations.
- Monitor data stores for vulnerabilities and ensure proactive measures to reduce the attack surface across all environments.
- Develop and enforce Data Loss Prevention (DLP) policies to prevent unauthorized access, exfiltration, or misuse of sensitive data.
- Implement and manage real-time monitoring and controls to detect and block sensitive data from leaving secure environments and minimize false positives.
- Identify compromised instances, insider risk, or misconfigurations, providing context-rich insights for rapid incident response.
- Lead the development of a proactive Data Detection & Response (DDR) strategy to detect and respond to data security incidents in real-time.
- Coordinate with incident response teams to mitigate risk and ensure operational resilience.
- Ensure the data security program aligns with industry regulations (e.g.: GDPR, CCPA, GLBA) and internal privacy policies.
- Provide actionable insights to stakeholders to maintain regulatory compliance without disrupting business operations.
- Implement controls to ensure sensitive data is only accessible to authorized AI systems, reducing risk associated with AI-driven data sprawl.
- Align data security initiatives with business objectives through coordination and cooperation.
- Communicate effectively with leadership, providing clear, data-driven insights into the organization's security posture and improvement strategies.
- Foster a culture of continuous learning, ensuring the program adapts to evolving risks and technological advancements.
Requirements
- Bachelor’s degree in computer science, Cybersecurity, Information systems or related field or equivalent experience.
- 10+ years in Cybersecurity with at least 3 years in a leadership role focused on data security or DSPM.
- Proven experience in designing and implementing data security programs.
- Hands-on experience with data discovery, classification, DLP, and access governance tools.
Qualifications
- Minimum qualifications: Bachelor’s degree in computer science, Cybersecurity, Information systems or related field or equivalent experience.
- Preferred qualifications: Certifications such as CISSP, CISM, CISA, CRISC, CIPP or similar privacy certifications.
- Experience: 7+ years in Cybersecurity with at least 3 years in a leadership role focused on data security or DSPM.
- Skills: Experience in modern data security frameworks, strong communication skills, ability to translate technical risks into business impacts, excellent project management, time management, and organizational skills.
Skills
- Experience in modern data security frameworks, including DSPM, DLP, and DDR.
- Strong ability to improvise to solve complex problems.
- Strong communication skills with both technical and executive audiences.
- Ability to translate technical risks into business impacts for executive stakeholders.