What are the responsibilities and job description for the Head of Enterprise Information Protection - Director position at NuWare?
Role Description
We are seeking an experienced professional who will be responsible for the strategic leadership, development, and execution of our information protection program. This senior role requires a deep understanding of cybersecurity, data privacy, and regulatory compliance within the financial services industry. The successful candidate will oversee the design, implementation and management of policies, processes, and technologies to protect the bank’s sensitive information, ensuring compliance with all relevant regulations and industry standards.
The Head of Enterprise Information Protection (EIP) is responsible for safeguarding data from unauthorized access, use, disclosure, disruption, modification, or destruction. The role encompasses data encryption, access control, data loss prevention, and compliance with regulatory requirements, ensuring the confidentiality, integrity, and availability of sensitive information across the enterprise.
Role Objectives
Develop and lead the overall strategy for enterprise information protection, aligning it with business objectives and regulatory requirements.
Design and implement comprehensive information protection policies and procedures, ensuring alignment with regulatory standards (e.g., NYDFS Cybersecurity Regulation, GDPR, CCPA).
Develop and establish an operational function to manage the day-to-day operations of the enterprise information protection program. This includes overseeing the ongoing monitoring, management, and support of security processes, tools, and systems.
Identify, assess, and mitigate risks related to information security and data privacy. Oversee risk assessments and security audits to ensure ongoing compliance and protection.
Manage data leakage prevention solutions and incidents to detect, monitor, and prevent unauthorized access, sharing, or transmission of sensitive information.
Manage and implement advanced security technologies and tools to enhance information protection capabilities.
Oversee the deployment and management of encryption technologies to secure sensitive data at rest, in transit, and in use. Ensure encryption policies are effectively implemented across the organization.
Establish and maintain robust data governance frameworks, ensuring the proper classification, handling, and protection of sensitive information across the organization.
Ensure compliance with all applicable laws and regulations, including those specific to the financial services industry. Liaise with auditors and other stakeholders as needed.
Work closely with other departments, including Data Governance, Data Privacy, IT, legal, compliance, and risk management, to ensure an aligned approach to information protection.
Lead, mentor, and develop a high-performing team of information protection professionals. Foster a culture of security awareness across the organization.
Qualifications And Skills
Bachelor’s degree in Information Security, Computer Science, or a related field.
10 years of experience in information security, data protection, or a related field, with at least 5 years in a leadership role within a regulated financial institution.
In-depth knowledge of information security standards, best practices, and regulatory requirements, particularly within the financial services sector.
Proven track record of developing and implementing enterprise-wide information protection strategies.
Strong understanding of data privacy laws and regulations, including GDPR, CCPA, and NYDFS Cybersecurity Regulation.
Technical knowledge and hands-on experience with leading security tools such as Varonis (for data security and insider threat protection), Proofpoint DLP/CASB (for email security and data loss prevention), Microsoft Purview, Database Encryption technologies, etc.
Cloud experience with information protection capabilities in Azure or AWS, including encryption, access controls, and cloud-native security tools.
Experience with risk management, incident response, and data governance.
Demonstrated ability to lead and manage a team, with excellent interpersonal and communication skills.
Translates technical concepts into plain language to articulate business risks and suggests appropriate solutions.
Ability to plan, coordinate, and support security, technology and business needs in a fast-paced, rapidly changing environment at a strategic level.
Strong problem solving and analytical skills, with a proactive and results oriented approach to security.
Experience working in a highly regulated environment such as financial services.
Relevant certifications such as CISSP, CISM, CIPP, or equivalent are strongly preferred.
We are seeking an experienced professional who will be responsible for the strategic leadership, development, and execution of our information protection program. This senior role requires a deep understanding of cybersecurity, data privacy, and regulatory compliance within the financial services industry. The successful candidate will oversee the design, implementation and management of policies, processes, and technologies to protect the bank’s sensitive information, ensuring compliance with all relevant regulations and industry standards.
The Head of Enterprise Information Protection (EIP) is responsible for safeguarding data from unauthorized access, use, disclosure, disruption, modification, or destruction. The role encompasses data encryption, access control, data loss prevention, and compliance with regulatory requirements, ensuring the confidentiality, integrity, and availability of sensitive information across the enterprise.
Role Objectives
Develop and lead the overall strategy for enterprise information protection, aligning it with business objectives and regulatory requirements.
Design and implement comprehensive information protection policies and procedures, ensuring alignment with regulatory standards (e.g., NYDFS Cybersecurity Regulation, GDPR, CCPA).
Develop and establish an operational function to manage the day-to-day operations of the enterprise information protection program. This includes overseeing the ongoing monitoring, management, and support of security processes, tools, and systems.
Identify, assess, and mitigate risks related to information security and data privacy. Oversee risk assessments and security audits to ensure ongoing compliance and protection.
Manage data leakage prevention solutions and incidents to detect, monitor, and prevent unauthorized access, sharing, or transmission of sensitive information.
Manage and implement advanced security technologies and tools to enhance information protection capabilities.
Oversee the deployment and management of encryption technologies to secure sensitive data at rest, in transit, and in use. Ensure encryption policies are effectively implemented across the organization.
Establish and maintain robust data governance frameworks, ensuring the proper classification, handling, and protection of sensitive information across the organization.
Ensure compliance with all applicable laws and regulations, including those specific to the financial services industry. Liaise with auditors and other stakeholders as needed.
Work closely with other departments, including Data Governance, Data Privacy, IT, legal, compliance, and risk management, to ensure an aligned approach to information protection.
Lead, mentor, and develop a high-performing team of information protection professionals. Foster a culture of security awareness across the organization.
Qualifications And Skills
Bachelor’s degree in Information Security, Computer Science, or a related field.
10 years of experience in information security, data protection, or a related field, with at least 5 years in a leadership role within a regulated financial institution.
In-depth knowledge of information security standards, best practices, and regulatory requirements, particularly within the financial services sector.
Proven track record of developing and implementing enterprise-wide information protection strategies.
Strong understanding of data privacy laws and regulations, including GDPR, CCPA, and NYDFS Cybersecurity Regulation.
Technical knowledge and hands-on experience with leading security tools such as Varonis (for data security and insider threat protection), Proofpoint DLP/CASB (for email security and data loss prevention), Microsoft Purview, Database Encryption technologies, etc.
Cloud experience with information protection capabilities in Azure or AWS, including encryption, access controls, and cloud-native security tools.
Experience with risk management, incident response, and data governance.
Demonstrated ability to lead and manage a team, with excellent interpersonal and communication skills.
Translates technical concepts into plain language to articulate business risks and suggests appropriate solutions.
Ability to plan, coordinate, and support security, technology and business needs in a fast-paced, rapidly changing environment at a strategic level.
Strong problem solving and analytical skills, with a proactive and results oriented approach to security.
Experience working in a highly regulated environment such as financial services.
Relevant certifications such as CISSP, CISM, CIPP, or equivalent are strongly preferred.
