Director, Data Protection
About the role
At DTCC, we are at the forefront of innovation in the financial markets. We are committed to helping our employees grow and succeed. We believe that you have the skills and drive to make a real impact. We foster a thriving internal community and are committed to creating a workplace that looks like the world that we serve.
Responsibilities
- Data Protection Control Ownership: Design, deployment, and lifecycle management of DTCC’s data protection capabilities, including DLP, classification and labeling, CASB, DSPM, AI proxy controls, and related technical solutions.
- Own and operate DTCC’s data protection control framework across: Email and collaboration platforms, Endpoint and web egress, Cloud and SaaS services, AI and emerging data channels.
- Ensure consistent enforcement of classification, DLP, and encryption intent across all control points.
- Work with Data Protection operations and content engineering to support tuning, and automation to ensure consistent protection across email, endpoints, collaboration tools, web, cloud, SaaS, and data platforms.
- Ensure control design aligns with DTCC’s data-centric, context-driven security principles and minimizes unnecessary business friction.
- Platform Leadership: Provide executive-level technical leadership and direction for Data Protection solutions including (not limited to) Purview, Zscaler, Symantec and other DLP tools.
- Classification, DLP & Encryption Strategy: Drive DTCC’s enterprise classification and labeling strategy, including: Taxonomy governance, SIT / classifier standards, Label inheritance and lifecycle.
- Lead the transition from pattern-only DLP to context-and label-driven enforcement.
- Ensure data protection controls meet regulatory, audit, and risk management expectations for client, regulated, and confidential data.
- Maintain clear, auditable evidence of control effectiveness through metrics, reporting, and documentation.
- Support internal audits, regulatory reviews, and management reporting related to data protection risk and control posture.
- Advisory & Secure-by-Design Enablement: Provide technical data protection advisory to technology and business teams for new initiatives, system changes, cloud migrations, AI use cases, and third-party engagements. Ensure appropriate controls (e.g., encryption, masking, tokenization, access restrictions) are embedded before go-live. Serve as a trusted advisor who enables the business to use data confidently and securely.
Qualifications
- Minimum of 10 years of related experience
- Bachelor's degree preferred and/or equivalent experience
Skills
- Talents Needed For Success: Experience owning enterprise-scale data protection capabilities. Proven success leading multi-platform DLP, classification, and encryption programs. Demonstrated ability to translate regulatory and policy requirements into precise, enforceable technical controls. Experience accountable for outcomes, not just strategy or advisory input. Experience operating in highly regulated environments (financial services strongly preferred).
Benefits
Competitive compensation, including base pay and annual incentive
Comprehensive health and life insurance and well-being benefits, based on location
Pension / Retirement benefits
Paid Time Off and Personal/Family Care, and other leaves of absence when needed to support your physical, financial, and emotional well-being.
Pay
The salary range is indicative for roles at the same level within DTCC across all US locations. Actual salary is determined based on the role, location, individual experience, skills, and other considerations.
Schedule
We offer a flexible/hybrid model of 3 days onsite and 2 days remote (onsite Tuesdays, Wednesdays and a third day unique to each team or employee).