Senior Information Systems Security Analyst - Information Security Data Protection
Aegon · United States · 4 days ago
RemoteRemoteInformation Technology$92k–$114k/yrFull-time
About the role
GTS-security within Aegon's Global Technology Services delivers information security programs across all business units. This role focuses on information/data protection across Data Protection (DP) and Data Loss Prevention (DLP) domains.
Responsibilities
- The delivery, management, maintenance and tuning of information security data protection technologies (with focus on DP and DLP platforms such as BigID and Forcepoint)
- Administer and support data discovery, classification, and remediation capabilities across enterprise DP and DLP tooling
- Maintain oversight of information security data protection support functions including policies, operational issues, training, budget and metrics
- Manage relationships with information security data protection partners (internal Aegon, and external vendors) and provide input into tooling strategy/solutions (e.g., DP and DLP technology)
- Define and maintain oversight of the information security components of a global cohesive data protection strategy
- Maintain alignment with other global programs and stakeholders including general data governance and privacy
- Drive information security data protection improvements and work towards consistent globally agreed capabilities
- Identify and implement opportunities to automate data security processes using scripting (preferably Python), APIs, and available enterprise tools
- Support the development and enhancement of automated workflows for activities such as data scanning, reporting, onboarding, and remediation
- May extend responsibilities into other information security domains such as:
- Complete research, development and implementation of straightforward information security initiatives, including review of policy, program, process, procedural and technology improvements and solutions to ensure they are current and meet business needs
- Provide input, creates awareness and training materials and leads certain activities, such as hardcopy and online learning content, presentations, pamphlets, electronic communications (e.g., internal blogs)
- Perform certain procedural tasks found within control self-assessments and security exception/waiver processes, such as assessing controls and compliance with standards, assisting in management of exception reviews and recommending action plans
- Perform certain procedural tasks found within third-party assessments, such as reviewing due-diligence artifacts, supervising tasks, reviewing results and recommending outcomes
- Perform procedural tasks found within other security processes, such as information management, classification and protection
- Able to help employees and contractors understand their role in safeguarding information, technology and services
- Assist and show where policies, processes and procedures can be found and explain why they should be followed
- Tracks current and impeding laws, regulations and industry requirements and best practices, such as data protection, data privacy, cyber security and information security
- Is able to translate requirements into practical solutions
- Gathers data, analyzes and drafts reports, including department, project, key indicators and dashboards
- Assists with requirements and improvement plans
Qualifications
- Subject matter experts in one or more technologies and their interaction with applications
- Breadth of knowledge across technology disciplines
- Ability to convert complex information into simple, explainable solutions
- Understanding of current and future business needs met by infrastructure platforms
- Results-driven with a bias towards practical applications
- Possesses a planning orientation with integrative thinking skills
- Ability to quickly learn and apply new concepts
- Ability to drive and achieve consensus/support from diverse groups
- Written and verbal communication skills enabling effective articulation of technology solutions and process and procedures to a technical and non-technical audience
- Demonstrated project management (planning & reporting) and client relationship skills
- Ability to lead teams on small to medium projects is required
Preferred Qualifications
- Four-year Computer Science or related degree, or equivalent work experience
- Three or more years of related work experience (i.e. DP and DLP solutions)
- Certifications in relevant technologies, methods, or platforms are a plus
- Experience with automation and scripting (preferably Python) and integrating security tooling via APIs
- Experience using development tools such as Visual Studio Code and GitHub
- Experience working in an Agile environment utilizing Scrum and/or Kanban methodologies, along with Jira and Confluence
- Demonstrate the key critical behaviors of commitment to task, communication, customer focus, decision making / problem solving, flexibility, tolerance of ambiguity, planning, prioritizing, and goal setting
- Front Office: Very good knowledge of Big ID GUI functions and setup details, understanding of data source using correlation set, Very good understanding of data field types within correlation set, Very good knowledge of DSAR Application, Very good understanding Big ID policy setup, Very good understanding of policy impact within Big ID Apps vs Core, Knowledge of setup details for policies (triggers, thresholds, connections to relevant Apps, etc.), May requires RegEx experience, Ability to translate BU requests into policy setup requirements
- Back Office: Very good knowledge of classifier setup within Big ID, Good knowledge of Big ID GUI functions, Ability to translate BU requirements into RegEx, Extensive RegEx experience- may require data scientist