Job Title: IT Security Specialist III (Lead Cybersecurity Analyst– Data Protection)

Duration: 12 months contract with high possibility of extension

Location: Camden, NJ 08103 (Hybrid or Remote)

JOB DESCRIPTION:

General Summary:

The Lead Cybersecurity Analyst– Data Protection will be a vital part of a cross-functional team. This role will focus on supporting improvements in the maturity of the overall cybersecurity program through the development and enhancement of the enterprise Data Protection program. The successful candidate will have the desire and ability to work with business stakeholders in Research & Development, Legal, Marketing, and Supply Chain to understand Client's business processes and the underlying data that supports them. This individual will deliver high-quality data protection and information security initiatives and must possess the ability to communicate effectively with an executive audience.

Primary Responsibilities - The key responsibilities of the role are as follows:

Data Classification and Inventory:

• Develop and maintain a comprehensive inventory of organizational data assets, including their classification levels, sensitivity, and associated risks using our data security platform.
• Implement data classification frameworks and methodologies to categorize data according to its level of sensitivity, criticality, and regulatory requirements.
• Collaborate with business units and data owners to identify and document data flows, usage patterns, and access controls for classified data.

Risk Assessment and Analysis:

• Conduct thorough risk assessments of classified data assets to identify potential vulnerabilities, threats, and compliance gaps.
• Analyze and evaluate the effectiveness of existing controls and security measures in mitigating data-related risks.
• Develop risk treatment plans and mitigation strategies to address identified vulnerabilities and improve the overall security posture of data assets.
• Compliance and Regulatory Alignment:
• Ensure compliance with relevant data protection regulations, such as GDPR, CCPA, etc., by assessing data handling practices against regulatory requirements.
• Monitor changes in data protection laws and regulations to ensure ongoing compliance and adapt data classification policies and procedures.
• Provide guidance and support to business units on regulatory requirements and industry best practices related to data classification and risk management.

Data Protection Controls:

• Recommend and implement technical controls, encryption mechanisms, access controls, and data safeguards to protect classified data from unauthorized access, disclosure, or misuse.
• Conduct periodic assessments of data protection controls and security measures to validate their effectiveness and identify areas for improvement.
• Collaborate with IT and Security teams to integrate data protection controls into technology systems and infrastructure.
• Reporting and Communication:
• Prepare and present comprehensive risk assessment reports, findings, and recommendations to senior management.
• Communicate effectively with business units and data owners to raise awareness of data classification requirements, risks, and responsibilities.
• Collaborate with internal audit teams and external auditors to facilitate data classification reviews and compliance assessments.

Job Complexity

This position requires the ability to:

• Work on multiple IT Risk Management projects frequently as the subject matter expert
• Work on projects/issues of medium to high complexity that require demonstrated knowledge across multiple technical areas and business segments.
• Manage multiple concurrent project and task assignments, placing proper priorities on tasks and attention to detail in order to follow through on all assignments to completion.
• Document and explain information security concepts to both business leaders and technical stakeholders
• Ensure agreement on risk across multiple levels of the business up to and including Senior Leadership
• Work with business process owners to identify risk concerns, then assesses those concerns within internal and external services by interfacing with internal process leads and third-party service providers

Job Specifications (knowledge, skills and abilities normally required for competent performance in the job)

Minimum education required: Bachelor’s degree

Education desired: Bachelor’s degree with Emphasis on Information Security, Management Information Systems, or Business Intelligence

Minimum experience required: 5 years of relevant experience

Knowledge, skills and abilities required:

• Relevant certifications such as CISSP, CISM, CRISC, or equivalent is highly desirable.
• Project management, time management, and prioritization capabilities, with an aptitude for breaking down work into manageable parts, effectively assessing the priority and time required to complete each part
• Familiarity with cybersecurity management frameworks including NIST, IS27001, COBIT 5
• Demonstrated ability to digest complex concepts quickly and a strong desire to gain knowledge of networks, desktops, servers, cloud and software as a service technology
• Ability to identify and evaluate risk in accordance with the company and business unit’s overall risk tolerance
• Strong understanding of data classification methodologies, risk assessment frameworks, and regulatory requirements.
• Experience with data protection technologies, such as encryption, access controls, and data loss prevention (DLP) solutions.
• Familiarity with relevant data protection regulations, such as GDPR, CCPA, etc.
• Excellent analytical and problem-solving skills, with the ability to effectively identify and prioritize data-related risks.
• An ability to effectively present findings, and convince others to make appropriate changes in their priorities and behaviors for the benefit of the organization
• An ability to communicate risks to employees outside Information Security in a way that consistently drives objective decisions about risk in order to optimize the trade-off between risk mitigation and business performance.

Looking forward to hearing from you soon!