Cyber Security Analyst, Data Protection

As a Cyber Security Analyst Lead for Data Protection, you will support, in a lead role, the Cyber Security Team's efforts to safeguard the confidentiality, integrity, and availability of data within the AES enterprise. Your role involves supporting the team’s objective of mitigating the risks of data loss and insider threats. You will guide the team in implementing and enforcing data protection policies, standards, and best practices, while also fostering a culture of security awareness. Your expertise in cybersecurity and data protection will be pivotal in maintaining AES’s data security posture. Responsibilities:

• Provide technical leadership for detection and response workflows by triaging data protection events, validating true positives, conducting root cause analysis, and driving containment and remediation actions with stakeholders.
• Maintain and refine processes and procedures for effective data protection, including incident response plans and data classification schemes.
• Ensure comprehensive documentation of data protection measures, procedures, metrics, and training materials is maintained and regularly updated.
• Drive data protection awareness and education programs across the organization to promote a secure data handling culture.
• Collaborate with cross-functional teams to align data protection strategies with organizational goals and regulatory requirements.
• Support the evaluation of emerging data protection technologies and best practices to enhance the organization’s security infrastructure.
• Oversee the development and implementation of data governance frameworks to ensure compliance with data protection standards, laws, and regulations.
• Support the maintenance of data protection dashboards and reports by defining metrics and data requirements and integrating relevant telemetry to ensure data quality and consistency.
• Conduct regular reviews of data access controls and policies to align with enterprise standards and regulations.
• Facilitate cross-departmental collaboration to ensure data quality and consistency across the organization.
• Support the creation and standardization of data protection processes to prevent, detect, and respond to potential data breaches.
• Develop and maintain training programs and procedures to ensure AES people are knowledgeable in data protection best practices.
• Implement continuous improvement practices to enhance data protection measures and adapt to evolving threats.
• Monitor and support reporting on the effectiveness of data protection strategies to senior management and stakeholders.
• Provide guidance on data protection impact assessments for new projects or technologies.
• Support the response to data protection incidents, ensuring timely reporting and resolution in accordance with SLAs and legal and regulatory obligations.
• Establish and enforce data governance policies to manage enterprise data effectively.

Required Skills:

• Minimum of 4 years of experience working within a security organization, ideally with a focus on process and governance oversight.
• A candidate must possess an analytical mindset to support the continuous optimization of Data Loss Prevention (DLP) and Insider Threat processes and procedures through automation and other optimization techniques.
• Proven experience in leading cybersecurity initiatives.
• Knowledge of SIEM/SOAR technologies, Microsoft security tools, and enterprise proxy solutions for DLP and insider risk management.
• Understanding of data protection laws and regulations, such as GDPR, CCPA, etc.
• Exceptional communication skills, capable of effectively engaging with both technical and non-technical audiences on data protection issues.
• Knowledge of data lifecycle management, data classification, and data governance principles and practices.
• Strong organizational skills, with the ability to manage and take ownership of multiple priorities in a dynamic environment.
• Candidate must have experience as an analyst on an Insider Threat, Security Operation Center (SOC), or Incident Response (IR) team

Desired Skills:

• Advanced certifications in data protection, privacy, or security domains, such as CIPP/E, CIPT, CIPM, CISM, CISSP, etc.
• Comprehensive knowledge of data protection regulations and frameworks (GDPR, CCPA, NIST, ISO 27001, etc.).
• Ability to coordinate data protection assessments and audits.
• Exceptional analytical and problem-solving abilities.
• Proven track record of successful collaboration with cross-functional teams and executive stakeholders.
• Basic understanding of operational technology environments.