Senior Data Privacy and Protection Analyst

Job Description

The Senior Data Privacy and Protection Analyst utilizes business knowledge in combination with technical skills to monitor, detect, identify, analyze, evaluate, report and assist in the response of data privacy and protection related security events. TheData Privacy and Protection (DPP) team operates in partnership with the Cyber Security, Governance and Operations teams to drive a security-first IT organization.This role will work closely with all areas of IT, business units, strategic partners and vendors to ensure proper privacy and protection controls are implemented in an effort to reduce risk to the global firm. This role requires expertise in problem solvingand a solid understanding of common security controls and data privacy.Primary Responsibilities The Senior Data Privacy and Protection Analyst is responsible for daily monitoring and evaluation of data events. The candidate should be passionate about information protection and data usage, including the willingness to learn, adapt and advance. Thisposition will constantly monitor developments in data privacy and protection areas and data security technologies alongside global changes in data privacy laws as well as general information security best practices and new technologies.As part of these processes:

• Assistance with internal monitoring, alerting, incident management and other ‘business as usual’ privacy & protection tasks.
• Operation of Data Security IT controls (for example: Purview, DLP, AIP, MIP and BigId)
• Help create a “single pane of glass” for the oversight of data usage within the firm.
• Production of comprehensive documentation and reporting.
• Assist with data incidents to minimize business impact.
• Maintain a sufficient level of knowledge of the prevalent technical and privacy risks to Barings to assist in the prioritization of response plans and mitigating controls.

The expectations of this position, as stated above, are not all inclusive, but do indicate the major responsibilities of the position. Other responsibilities may be assigned as necessary to support the business environment.Additional Tasks

• Demonstrate a commitment to lifelong learning
• Fulfill additional, relevant, tasks appropriate to the role and business demands
• Assist in product integration and enhance business value where necessary

Skills

• In-depth understanding of European and UK data privacy and data protection regulation, and an awareness of other major privacy frameworks and evolving legislation worldwide..
• Working knowledge of common Security controls (Firewalls, Email Filters, Authentication systems) and how they are used to enforce privacy & protection objectives.
• Event Monitoring and Incident Response.
• Endpoint Detection and Response tools and techniques (i.e. Anti-Malware, Application Whitelisting)
• Understanding of encryption mechanisms (data at rest and transit)
• (Basic) scripting and coding i.e. regex, specifically to be able to writeunderstand data parsing expressions.
• General understanding of Risk Management Frameworks.
• Represent Data Security at appropriate risk oversight committees and boards.
• Contribute to the development, implementation, delivery and support of the IT Security strategy.
• Ability to collect, describe and display technical information in a way to help decision making.
• Strong troubleshooting and problem solving skills.
• Promote a culture of secure by design and left shift security throughout our project development lifecycle and delivery processes.
• Ability to work independently.

Qualifications

• Bachelor’s degree in Information Systems, Computer Science, Information Security, Cybersecurity, Information Assurance (IT related) or equivalent experience.
• Experience of technical and hands on experience in information security – though not necessarily in a corporate environment if such experience is demonstrable.
• Strong problem solving skills and thinking outside the box.
• Strong analytical skills required.
• Excellent verbal and written communication skills and the ability to interact professionally with a diverse group including; executives, managers, IT personnel, and subject matter experts.
• Ability to communicate clearly and effectively within various levels of the organization.

Certifications

• With proven experience in a senior security or IT infrastructure operations role
• Understanding of Data security objectives for large financial service businesses
• Experience in a regulated industry is highly desirable; financial services preferred
• IAPP certifications such as CIPM, CIPP/EU or CIPT certification or an academic equivalent of these certifications