Data Protection Director

Job Summary

The Data Protection Director will spearhead the organization's data protection strategy, leveraging Microsoft 365 Data Loss Prevention (DLP) and Microsoft Purview tools to ensure the confidentiality, integrity, and availability of sensitive information. This role will involve the development and implementation of robust data protection policies, procedures, and technologies to mitigate risks associated with data breaches and regulatory non-compliance. Reporting directly to the Chief Information Security Officer (CISO), the Data Protection Director will collaborate with various teams to enhance data governance, privacy initiatives, and ensure compliance with relevant regulations.

Responsibilities

Key Accountabilities

Data Protection Strategy Development

• Lead the development and execution of the organization's data protection strategy, specifically through the utilization of 0365 DLP and Purview tools.
• Establish data classification and handling protocols aligned with business goals and compliance requirements.
  
  

Policy And Compliance Management

• Develop, review, and enforce data protection policies, standards, and procedures to ensure compliance with applicable laws and regulations (e.g., GDPR, HIPAA).
• Conduct regular audits and assessments to measure the effectiveness of data protection controls and compliance with established policies.
  
  

Incident Response And Management

• Collaborate with the Incident Response team to ensure effective response and recovery strategies for data breaches or incidents involving sensitive data.
• Oversee root cause analysis and reporting for data-related incidents, ensuring lessons learned are integrated into future preventive measures.
  
  

Training And Awareness

• Design and implement data protection training programs for employees to promote awareness of data handling practices and the importance of data protection.
• Serve as a subject matter expert in data protection, guiding stakeholders on best practices.
  
  

Stakeholder Engagement And Communication

• Build strong relationships with key stakeholders, including IT, legal, compliance, and business units, to foster a culture of data protection throughout the organization.
• Provide regular updates to executive leadership on data protection initiatives, compliance status, and risk assessments.
  
  

Technology And Tool Management

• Oversee the deployment and management of 0365 DLP and Purview tools, ensuring they are effectively configured and utilized to monitor and protect sensitive data.
• Evaluate and recommend additional data protection technologies and tools to enhance the organization's data security posture.
  
  

Networking/Key relationships

To be determined based on all cybersecurity program needs, to include interactions with:

• All Corporate functions.
• Communication with product development, operations, or manufacturing disciplines.
• Coordination/ communication with executive management teams.
  
  

Qualifications

Minimum Knowledge & Experience required for the position:

• Bachelor's degree in computer science, Cybersecurity, Information Technology, or a related field (Master's degree preferred).
• 8 years of experience in data protection, cybersecurity, or information governance, with a focus on Microsoft 365 tools.
• Proven experience in developing and implementing data governance frameworks and compliance programs.
  
  

Skills & Capabilities

• Strong understanding of data protection regulations and best practices.
• Excellent leadership, communication, and interpersonal skills, with the ability to engage both technical teams and executive leadership.
• Strong analytical and problem-solving skills, with a proactive approach to identifying and mitigating data protection risks.
• Experience with security frameworks (e.g., NIST, ISO 27001) and data protection technologies
  
  

Travel Requirements

Less than 25% of the time.