Job Description
The Business Risk & Control – Data Loss Prevention team is a 1st Line of Defense (LoD) focused on Information Security. Liaison between Information Security Office, IT Security and the Business Control Teams to be in line with the Information Security Framework.
Responsibilities:
As a member of the BRC/DLP team a key focus for the individual will be monitoring external electronic communication, provide consolidated DLP Event Reporting, Incident management – identification, review, escalation and resolution of DLP events, update/revise classification and DLP rules/policies working with the Business/Control Teams. Focused on Data Protection which includes awareness/training, data classification, secure email, and scanning to identify information security gaps in unstructured data.
Day to day triage of Data Protection solution generated reporting and/or centralized incident logs
Performing ongoing tracking of alerts for individuals (repeat offenders, anomalies, issue severity, significance etc.)
Performing research to sort through false positives
Email Forensic Monitoring to detect a violation of policy.
Collects findings, identifies root cause, and proposes long‐term solutions which support business processes
Provide input on the maintenance and design of DLP rules
Escalate incidents/alerts to Business Unit/Team Leads when necessary.
Perform incident response tracking and reporting; incident closures following resolution
Contribute to the KPI/KRI Reporting for Risk Committees or other governance activities
Suggest improvements of Data Protection awareness campaigns and training sessions for various employee profiles
Skills:
Industry Background: Corporate Banking/Capital Markets – Financial Services
Years of Experience: 2-3 years in related field; Analyst
Relevant Risk / Functional Experience: Information Security, Data Protection/Loss Prevention, Incident Alert Reporting/Processing, Case Management, Root Cause Analysis, working within SLA timeframes, Executive Management Reporting and Collaboration, Experience with Electronic Investigation, Forensic Tools and Methodologies, Log Correlation.
Behavioral Competencies: Complex workflow management; Strong interpersonal and communication skills, Ability to handle highly sensitive information in a very professional and confidential manner, and with the highest integrity; Problem solver; Possesses strong organizational and analytical skills; Team player; Self‐motivated and willing to adapt to an evolving work environment; Fosters cooperation, communication and commitment among groups and teams
DLP tools – accustomed to one or more DLP tools such as Microsoft DLP, Symantec, Netskope, Global Relay, Archer, and/or Titus classification tool. Proficiency in MS Word, Excel, and PowerPoint
Certifications: CISM, CISSP, CISA, CIA – Preferred