Data Protection Manager

Under the direction of the CISO, the Data Protection Manager will be focused on all aspects of research, planning, design, implementation, governance, analytics, automation, and partner relationship management related to ensuring effective and compliant Protection of Enterprise Data as well as effective regular assessment of justified and appropriate access to Data across the Clayco organization.

This role will contribute to existing and evolving Business Relationship Management and Data Architecture functions to ensure cohesive inventory, management, classification, protection, recoverability, and retention of Enterprise Data to enable its intended value, establish its justification, ensure appropriate access, and assess its relative compliance across the Clayco organization. In collaboration with the Data Analytics & Engineering team, this role will also contribute to the establishment of a formal Master Data Management discipline as well as maintain, periodically review for revision recommendations, and coordinate publishing and communication of Clayco’s Enterprise Data Classification & Protection Policy.As such, this role requires working across multiple work streams and communicating effectively with Senior Technology Leaders and Business Partners which span across multiple lines of Business within Clayco.

The Data Protection Manager will also work with Project Management throughout the Project Delivery life-cycle to evaluate designs and configurations of Solutions enabling the discovery, classification, and protection of Data as well as Controls supporting role-based, least-privilege access and compliant storage, handling, and transfer of Clayco Data.

The ultimate goal of this position is establishing and maintaining an inventory of Data repositories, discovery and classification of Data stored within inventoried repositories, and insights into provisioned access and access events for all discovered Data to ensure that all activity is scrutinized against appropriate threat models, least-privilege principles, and regulatory and contractual obligations. This includes understanding and documentation of Dataflows to identify potential exposures of Data during processing, especially when Artificial Intelligence (AI) tools are utilized. Oversight, administration, and life-cycle management of the tools delivering these capabilities as well as their ongoing effectiveness assessments and evaluation against alternatives will also be part of the Data Protection Manager role.

• Analyzes process and control gaps relative to achieving regulation-driven or business-defined requirements and expectations
• Contributes to the ongoing development and maintenance of a Data Classification & Protection Policy, Data Labeling taxonomy and deployment strategy as well as produces Training materials to educate the contributing Data Users on their responsibilities
• Contributes to the development of processes to identify and mitigate privacy and Data exposure Risks associated with artificial intelligence, ensuring compliance with applicable regulations and supporting ethical use of AI in medical devices and cloud-based services.
• Contribute to the design and implementation of Data Loss Prevention (DLP) and Information Protection solutions across the scope of Clayco’s Data landscape
• Builds and maintains relationships with and collaborates cross-functionally with other Information Technology teams and Business Stakeholders across the Organization as well as strategic 3rd Party Partners
• Contributes to the development of road maps for material gap remediation to achieve and sustain Business-defined expectations
• Tracks, Monitors, and Reports on implementation of gap remediation efforts
• Identifies and communicates changes in Business context, Regulatory Climate, and/or Threat Landscape that may indicate a need for change in Business Processes, policies, procedures, internal controls, or training
• Contributes to major organizational initiatives as necessary to ensure new solutions align with existing policies and compliance requirements
• Provides leadership with comprehensive reports of progress and challenges, as requested
• Configure, tune, and optimize DLP policies and rules across multiple platforms with a bias towards optimizing signal-to-noise ratios and minimizing false positives while partnering with the Security Operations Center (SOC) team to operationalize monitoring, alerting and response actions to DLP events
• Contribute to ongoing Security Awareness Program to ensures all appropriate Employees have the knowledge and tools to comply with Clayco’s Data Privacy and protection standards

• 3-5+ years of experience working in Information Security roles directly involving Data Protection and Privacy Assurance
• Functional knowledge and experience with utilizing Data Security Posture Management (DSPM) platforms to discover and classify Data, determine provisioned access, detect and alert on suspicious/ noncompliant access activity, and execute automated remediation when appropriate
• Certified Information Systems Security Professional (CISSP), Certified Information Privacy Professional (CIPP) Certifications [actively certified, or obtained within 6 months of assuming role]
• Excellent oral and written communication skills including the ability to document functional requirements, test and validation criteria, develop communication plans, report on performance and compliance, and other relevant Operational communications to both technical and non-technical stakeholders
• Strong project management abilities, with a track record of delivering complex Data Protection projects on time and within budget
• Functional knowledge of both Cloud and Client/Server infrastructures and their components related to Data storage, processing, transformation, transfer, exposure, etc. and the applicable controls necessary to ensure proper protection throughout its life-cycle
• Bachelor's degree in Information Security or related field, or equivalent experience
• Strong experience leveraging analysis principles and methodologies to evaluate policies, processes, systems, and Data structures to identify relationships, business risks, compliance with Regulations, Frameworks, & Standards, and any applicable control gaps
• Functional knowledge of how to map business processes, map Data components to business processes, map Dataflows to identify exposure, engineer process improvements, design controls to reduce Sensitive Data exposure
• Functional knowledge and experience with both cloud-based and internally deployed Data Loss Prevention (DLP) and Information Protection solutions to enforce proper handling of classified Data and restrict transfer to only authorized repositories
• Operate with strong integrity with the ability to handle projects of a sensitive and confidential nature
• Proficiency in necessary productivity tools (such as Microsoft Excel and PowerPoint) for analytics and presentations
• Experience interpreting Data-related Laws and Regulations to identify Privacy, Protection, and Auditability requirements and an understanding of trends to ensure effectiveness and compliance with any relevant Regulations, Frameworks, and Standards such as NIST 800-171, NIST Cybersecurity Framework, CIS Critical Security Controls, HIPAA, PCI DSS, ITAR/EAR, and all applicable U.S. State-level Data Protection & Privacy Regulations ((CA, CO, CT, DE, FL, IN, IA, KY, MD, MN, MT, NE, NH, NJ, OR, RI, TN, TX, UT, VA, and any additional becoming active)
• Ability to respond to Major Incidents 24/7 including holidays and weekends
• Knowledge of statistics, reporting and analytical tools to analyze and solve complex problems
• 6-8+ years of experience working in hands-on, functional Information Security roles
• Experience in leading Data Governance, Data Protection, or GRC Programs

• 2024 Best Places to Work – Crain’s Chicago Business, St. Louis Business Journal, Los Angeles Business Journal, and Phoenix Business Journal.
• Comprehensive Benefits Package Including: Medical, dental and vision plans, 401k, generous PTO and paid company holidays, employee assistance program, flexible spending accounts, life insurance, disability coverage, learning & development programs and more!
• Discretionary Annual Bonus: Subject to company and individual performance.