Data Loss Prevention Program Specialist

Headquartered in Houston, Texas, Motiva refines, distributes and markets petroleum products throughout the Americas. The company's Port Arthur Manufacturing Complex in Port Arthur, TX, is comprised of North America's largest refinery with a total throughput of 720,000 barrels per day, the world's second largest lubricants plant, and an integrated chemical plant. Under exclusive long-term brand licenses with Shell and Phillips 66 (for the 76® brand), Motiva's commercial operations supply more than 12 billion gallons of fuel to customers annually. Motiva is wholly owned by Aramco, one of the world's largest integrated energy and chemicals companies.
Position Overview:
We are seeking a highly skilled and motivated Data Loss Prevention Program Specialist to join our team Reporting directly to the Manager of Digital Security Operations within the Digital Security Team, this role holds significant responsibility in safeguarding our organization's assets. In this role, you will be responsible for developing, implementing, and overseeing strategies and technologies aimed at preventing Data Loss within our organization. Working closely with cross-functional teams, you will identify, analyze, and mitigate potential risks to sensitive data, playing a pivotal role in achieving our mission to ensure the security, integrity, and confidentiality of Motiva Enterprise's systems and data.
Responsibilities:

• Develop and implement comprehensive Data Loss Prevention (DLP) strategies and policies to safeguard sensitive information across the organization.
  
• Investigate insider behaviors and provide key input to drive insider threat and DLP strategies effectively.
  
• Monitor and analyze network traffic, user behavior, and data movement to proactively identify potential insider threats and security breaches.
  
• Collaborate closely with IT, security, and legal teams to investigate and respond promptly to security incidents and insider threats.
  

• Conduct regular risk assessments and security audits to identify vulnerabilities and gaps in data protection measures, ensuring continuous improvement.
  
• Manage and optimize rules and policies related to CASB, email DLP, and USB protections to enhance data security effectiveness.
  
• Stay abreast of the latest security threats, vulnerabilities, and best practices in Data Loss Prevention and insider threat detection, integrating new knowledge into existing strategies.
  
• Identify potential security risks through comprehensive risk assessments, analyze their impact, and develop robust mitigation strategies to address them.
  
• Conduct security audits and assessments of cloud-based systems regularly to ensure compliance with security policies, standards, and industry regulations.
  
• Lead incident response and management efforts by developing and maintaining an incident response plan and procedures, coordinating investigations, and minimizing the impact of security incidents.
  
• Provide expert security recommendations, advising on best practices, configurations, and enhancements to cloud infrastructure, applications, and services.
  
• Collaborate with cross-functional teams, including IT, development, and business units, to evaluate security risks, develop remediation plans, and ensure secure deployment and configuration of cloud resources.
  
• Develop and deliver security awareness training and educational materials to foster a culture of security best practices among employees.
  
• Maintain comprehensive incident reporting and documentation, analyzing root causes of security incidents, preparing detailed reports, and making recommendations for improvement based on lessons learned.
  

Experience and Qualifications Required:
Basic Qualifications:

• Bachelor's degree in Computer Science, Information Technology, or a related field.
  
• Minimum of 5 years of previous experience in a similar role, with specific expertise in securing cloud environments. Proven track record in Data Loss Prevention, insider threat detection, and security incident response.
  
• Proficiency in DLP technologies, network security, encryption, and data classification.
  
• Comprehensive understanding of regulatory requirements and industry standards related to data protection and privacy (e.g., GDPR, HIPAA, PCI DSS).
  
• Familiarity with security frameworks (e.g., NIST, CIS), industry regulations (e.g., GDPR, HIPAA), and compliance requirements.
  
• Knowledge of security incident response, threat intelligence, and security monitoring tools.
  
• Excellent analytical and problem-solving skills, with the ability to interpret complex data and identify anomalous behavior.
  
• Strong communication and interpersonal skills, enabling effective collaboration with diverse stakeholders and clear articulation of security concepts to both technical and non-technical audiences.
  
• Proficiency in data analytics and reporting.
  
• Strong technical documentation and reporting skills.
  
• Proven ability to effectively manage assigned security initiatives.
  
• Experience in Microsoft Suite products i.e., Excel, Word, PowerPoint, etc.
  

Preferred Qualifications:

• A Master's degree
  
• Relevant certifications in cybersecurity, such as Certified in Risk and Information Systems Control(CRISC), Certified Information Privacy Professional (CIPP), GIAC Certified Forensic Examiner (GCFE) or Certified Data Protection Officer, are highly desirable.
  
• Experience reviewing tuning detections to reduce false positives and detection creation
  
• Understanding of understanding of SOC (Security Operations Center) and SIEM (Security Information and Event Management)and process automation
  
• Ability to script in python and/or PowerShell
  
• Experience leveraging APIs and scripting for integration and automation
  
• Strong collaborative instincts
  
• Familiarity with Incident Response and the ATT&CK framework
  

We reserve the right to amend or withdraw Motiva jobs at any time, including prior to the closing date. Depending on qualifications, the successful candidate may be offered a position at a more appropriate level and/or grade.
Applicants for regular U.S. positions must be authorized to work in the United States for Motiva Enterprises LLC without the need for sponsorship of an immigration authorization or visa (for example, TN, H-1B, or other employment-based immigration authorization or visa).
Motiva participates in E-Verify.
All qualified applicants will receive consideration for employment without regard to race, color, sex, national origin, age, religion, disability, sexual orientation, gender identity, protected veteran status, citizenship, genetic information, or other protected status under federal, state, or local laws.