Job Description:

Location: Location: Monterrey or Matamoros, Mexico

Applications from persons not living in Mexico will NOT be accepted.

The Data Protection Analyst is responsible for securing and monitoring all data accessed, transmitted and stored throughout the business and third parties. The Data Protection Analyst is involved throughout the entire data lifecycle, from inception through disposal, ensuring access to data is managed and maintained following rigorous security, engineering, and governance principles. The analyst works closely with business units and stakeholders to help with data access, ownership and enforcement of policies, rules, and safeguards. The analyst works closely with IT team members, information security operations, and third parties, and must be technically proficient with data protection technologies, including data loss prevention (DLP), cloud security, data classification, privacy, behavior analytics, encryption, and GRC.

The individual must collaborate with technical and non-technical teams to design, implement, and manage data protection processes that reduce risks from insider threats and data breaches. The role is expected to be knowledgeable about data storage and identity and access management, and adept at understanding security architecture with internal and hosted services. Continual assessment and validation of controls is required to ensure protection aligns with policies, procedures, and risk oversight. Analysts support senior management to help maintain a safe and secure enterprise technical operation. Additionally, analysts work closely with incident response and security operations center (SOC) personnel when events and suspected incidents surface.

Essential Job Duties

• Serve on a distributed security and technology team responsible for establishing and maintaining data protection technical controls.
• Align data protection policies and procedures with the corporate governance structure.
• Work closely with security leadership, teammates, and stakeholders to evaluate and implement data protection controls that align with organizational risk posture and compliance requirements.
• Support and maintain a wide range of data protection technologies, including but not limited to DLP, behavioral analytics, insider threat, data classification, data governance, and encryption.
• Secure and monitor data on-premises, in cloud infrastructure, and within applications required to support a geographically diverse workforce.
• Manage and test business rules protecting data, as well as the use and handling of data assets.
• Conduct data discovery to locate data at risk, as well as validate existing data storage has not been altered.
• Document data protection policies and exceptions, and periodically review with business units.
• Make recommendations for improvements to ensure least privilege to data and rigorous security practices, without negatively impacting end-user experience or leading to employees attempting to circumvent controls.
• Execute tactical requests supporting the strategic vision for rigorous and scalable data protection controls.
• Maintain understanding of business processes to aid in managing enterprise data protection.
• Frequently interact with business units to understand their plans, risk posture and tolerance, and how to share responsibility and support their vision and business obligations securely.
• Implement data protection projects from inception to completion on time and within budget.
• Openly support the organization, management team, and executive leadership team, even during times of adversity.
• Analyze systems and data sources for accidental, malicious, and unauthorized activities.
• Develop relationships with engineering, IT, incident response, SOC, and software engineering team members.

Skills and Experience

• Preferably 3-5+ years experience in security systems administration, with 2+ years technical hands-on data protection practitioner experience.
• Familiarity with administering directory services, databases, role-based access, DLP, data classification, and governance solutions.
• Ideally familiar with relevant regulatory requirements and laws, such as Sarbanes-Oxley Act (SOX), HIPAA, GDPR, California Consumer Privacy Act (CCPA) and Gramm-Leach-Bliley Act (GLBA). Additionally, experience in one or more of the following is required: ISO 17799, ITIL, NIST Cybersecurity Framework (CSF).
• Preferably some basic experience with one or more scripting languages (e.g., Python, PowerShell, etc.).
• Track record of taking pride in work, seeking to excel, being curious and adaptable, and communicating effectively.
• Strong written and oral communication skills across varying levels of the organization.
• Understanding of data protection principles and control frameworks.
• Organized with the ability to prioritize and complete tasks within defined SLAs.
• Excellent judgment and the ability to make quick decisions when working with complex situations.
• High degree of integrity, trustworthiness, and confidence; represents the company and its management team with the highest level of professionalism.

Education Requirements

• Bachelors degree or equivalent industry experience in information assurance, computer science, engineering, or related field.

Certification Requirements

• CISSP, CIPP, CISA, CRISC, CDPSE, GSEC, or other security certifications preferable but not required.

Salary Package:
MX$ 40,000.00 - 50,000.00 (Mexican Peso)