Outcomes and Activities:

• This position will work from home; occasional planned travel to an assigned Southfield, Michigan office location may be required. However, this position is permitted to work at a Southfield, Michigan office location if requested by the team member
• Define and Implement data security strategy and solutions aligning with information security program objectives, policies, procedures, and technical control requirements.
• Function as a subject matter expert in multiple service areas of data security and operations - Data Loss Prevention (DLP), data minimization, data discovery, cloud data protection, Privileged Access Management (PAM), data privacy, data classification and rights management, key and certificate management, data encryption, data access governance, etc.
• Define and Implement data classification strategy, policy, procedures and related tools.
• Work closely with business leaders to review and understand data security, compliance, and privacy requirements for new and in-flight projects and initiatives, with the ability to articulate the impacts clearly and concisely, while recommending solutions and offering practical suggestions as to remediation activities.
• Lead the technical configuration, implementation, administration, management and support of multiple data security products and solutions such as CASB, SASE, DLP, DSPM etc.
• Define key performance indicators (KPIs) and key risk indicators (KRIs) for data governance and protection controls.
• Gather metrics and report updates to the key business leaders.
• Develop use cases, scenarios, requirements in support of integrations with other platforms.
• Identify and document all data processing activities and data flows within the organization
• Create and update data protection policies, privacy notices, consent forms, and other related documents in collaboration with the legal department
• Conduct DPIAs for new projects or changes in data processing that may impact data subject's privacy.
• Conduct periodic audits to assess and maintain data security compliance

Competencies: The following items detail how you will be successful in this role.

• Impact Analysis: Understand the rationale behind and how changes impact the enterprise and/or applications and across the technical ecosystem.
• Solution Design: Translate high level requirements to create and implement designs that meet the needs of the customer, technically sound, maintainable and cost effective. Ability to identify missing or ambiguous requirements. Ability to design at both high and low levels of abstraction, understand complex requirements and translate into understandable solutions. Ability to accurately estimate based on requirements.

Requirements:

• Bachelor's degree in Computer Science, Information Systems, or closely related field of study or equivalent experience.
• Minimum 10 years of experience in the Information Security field
• Minimum 5 years of hands on experience with data security, data protection, privacy and data governance initiatives.
• Experience developing and executing data security strategies.
• Experience performing critical systems reviews to assess security implications and requirements for introduction of controls and/or technologies.
• Experience deploying and data security tools to address threats and lower risk:
• Must have hands-on experience with CASB or DLP solutions.
• Understanding of modern cloud technology components and deployment patterns: virtual machines, containers, Kubernetes, serverless, infrastructure as code, etc.
• Knowledge of PAM, RBAC, authentication & authorization solutions, etc.
• Working knowledge of cloud security CSPM or DSPM solutions
• Familiarity with industry compliances such as SOX, GLBA, NY DFS 500, or ISO 27001
• Working knowledge of CIS, CSA, and NIST Frameworks and best practices.
• Demonstrated ability to collaborate with other teams to achieve complex objectives.

Preferred Experience:

• Knowledge and/or proven record of successfully managing technology implementation projects for at least two (2) of the following :
• Data Loss Prevention (Symantec DLP, McAfee DLP, Forcepoint DLP etc.)
• Privileged Access Management (Beyondtrust, CyberArk, Delinea etc.)
• Cloud Access Security Broker (McAfee Skyhigh, Netskope CASB, Zscaler, etc.)
• Web Security (Netskope SWG, Zscaler, Forcepoint Proxy, Broadcom WSS etc.)
• Data Retention and Destruction (Symantec Network Discovery, Office365 Security Compliance Center, Varonis etc.)
• Data Classification and Rights Management (Microsoft AIP, Boldon James, Titus etc.)
• Data Access Governance
• Data Encryption and Code Signing
• Data Privacy (BigID, OneTrust etc.)

Knowledge and Skills:

• Bring a strong understanding of relevant and emerging technologies, provide input and coach team members and embed learning and innovation in the day-to-day
• Ability to foster strong relationships across the organization
• Experience and understanding of how to connect the work being done and how it drives business value
• Ability to communicate complex technical information (both verbal and written) to all levels, including senior leadership

Targeted Total Compensation: $187,000 - $313,750. Total compensation is comprised of a competitive base salary and an annual variable compensation package.

INDENGHP

#zip

#LI-Remote

Benefits

• Excellent benefits package that includes 401(K) match, adoption assistance, parental leave, tuition reimbursement, comprehensive medical/ dental/vision and many nonstandard benefits that make us a Great Place to Work

Our Company Values:

To be successful in this role, Team Members need to be:

• Positive by maintaining resiliency and focusing on solutions
• Respectful by collaborating and actively listening
• Insightful by cultivating innovation, accumulating business and role specific knowledge, demonstrating self-awareness and making quality decisions
• Direct by effectively communicating and conveying courage
• Earnest by taking accountability, applying feedback and effectively planning and priority setting

Expectations:

• Remain compliant with our policies processes and legal guidelines
• All other duties as assigned
• Attendance as required by department

Advice!

We understand that your career search may look different than others. Our hiring team wants to make sure that this would be a fit not just for us, but for you long term. If you are actively looking or starting to explore new opportunities, send us your application!

P.S.

We have great details around our stats, success, history and more. We're proud of our culture and are happy to share why - let's talk!

California Residents: Please click for the California Consumer Privacy Act (CCPA) notice regarding the personal information Credit Acceptance may collect from you.

Play the video below to learn more about our Company culture.