Information Protection Job Description
Information Protection Duties & Responsibilities
To write an effective information protection job description, begin by listing detailed duties, responsibilities and expectations. We have included information protection job description templates that you can modify and use.
Sample responsibilities for this position include:
Information Protection Qualifications
Qualifications for a job description may include education, certification, and experience.
Licensing or Certifications for Information Protection
List any licenses or certifications required by the position: CISSP, CEH, CISM, GCFW, GSEC, GIAC, CIPP, CISA, CPT, PMP
Education for Information Protection
Typically a job would require a certain level of education.
Employers hiring for the information protection job most commonly would prefer for their future employee to have a relevant degree such as Bachelor's and Collage Degree in Computer Science, Education, Information Technology, Technical, Business, Engineering, Information Security, Cyber Security, Management, Information Systems
Skills for Information Protection
Desired skills for information protection include:
Desired experience for information protection includes:
Information Protection Examples
Information Protection Job Description
- Collaborate and provide guidance on information protection matters
- Work with regulators and internal business leadership to maintain internal and external information protection requirements
- Provide advice and recommendations regarding information protection controls to IT projects throughout the lifecycle, including management of the risk assessment methodology and documentation
- Perform privacy compliance reviews, provide privacy advice on third party contracts and completion of 2010 model clauses
- Working with the leadership team to support business development opportunities
- Taking an active role in developing the privacy practice through various means such as eminence, article writing, proposition and service development
- Prepare, review, and maintain Information Protection Program’s manageable work efforts
- With oversight from Information Protection Leadership, collaborate with subject matter experts to identify best practices and develop strategies to implement across divisions and facilities to drive maturity and standardization
- Conduct high level analysis of evidence and related data to identify areas of opportunity to mature Information Protection program and processes across the enterprise
- Plan, organize, and co-lead conference calls, targeted training, Q&A sessions, and coaching sessions as needed
- Proven ability to build relationships and to influence individuals at all levels in the organization, with external vendors and service providers
- Current Secret clearance (investigated within the last 5 years) - US Citizenship Required - Applicants MUST include their Security Clearance Level, Investigation Type and Investigation Date clearly on their resume
- Creative thinker, always looking for a “better way” to deliver value
- Minimum of 5 years' experience in IT or Information Security
- Have an understanding and working knowledge of regulatory and audit mandates to ensure environments meet PCI, FFIEC, SOX and corporate standards
- Minimum six years of progressive global data protection and information management strategy experience
Information Protection Job Description
- Create and maintain dashboards, scorecards, and/or reports to be presented to CISO, IP Leadership, and other company leaders on the status of initiatives and overall IP Programs
- Establish and manage partnerships and relationships with business leaders at all levels of the company
- Prepare and/or ensure high quality, professional deliverables such as toolkits and supporting materials to enable divisions and facilities to accelerate their Information Protection programs
- Perform other related duties as assigned to support the Information Protection department
- Maintain knowledge of information protection concepts, tools, and industry trends by participating in appropriate educational opportunities
- Design, develop and maintain Cyber security program across IT and the enterprise
- Managing the enterprise Information Protection (IP) community program awareness, communications and learning program across all lines of business which includes over 100 participants globally
- Leading benchmarking strategy and execution for the enterprise which includes identifying appropriate industry relevant frameworks, internal and external assessment against frameworks, reporting of findings and integration of findings into the IP roadmap
- Accountability for information protection business operations (finances and resource/demand management) and interfaces with IT business and portfolio management
- Maintaining holistic portfolio management for all Information Protection projects including both portfolio projects and baseline/enhancements
- Experience in privacy intra-group agreements, completion of EU model clauses and knowledge of international data protection frameworks
- Experience implementing binding corporate rules preferred
- Hold a valid passport with the ability to travel periodically on global business assignments
- Working with end-users to define work flows and integrate business processes and technology into effective business solutions
- Mentoring other project managers in program and project management
- Experience in managing technology projects with a strong focus on information security is preferred
Information Protection Job Description
- Assimilating the Advanced Cyber Threat (ACT) program into the integrated Information Protection portfolio
- Central point to interface with Enterprise Risk Management, Corporate Audit, Privacy and Legal
- Structure delivery measurements to business objectives
- Establishing and managing end to end communication plan that encompasses project delivery status internal and external program communications
- Builds and maintains strong, effective working relationships with business owners, IT&S leadership, and other stakeholders involved with information security and privacy initiatives
- Gather business and technical requirements assisting with business and technical design/architecture
- Forge strong partnerships with your specific planning and process teams, to proactively review business strategies and complete risk-based data protection reviews at the optimal time in the change cycle
- Internal Customer Care
- Responsible for the annual Information Security Policy and Standard lifecycle including creation and updates
- Responsible for strategic direction, thought leadership to safeguard system integrity and protect information from accidental or unauthorized modification or disclosure
- Strong contributor
- Develop and manage the GLBA compliance program governance framework
- Carry out monthly GLBA governance meetings with senior business line risk management and second line of defense functions
- Establish reporting routines, assess the sufficiency of existing GLBA and information risk related reports and drive improvements, where necessary
- Annually develop and publish the GLBA report to the Board of Directors
- Prepare and maintain ongoing evidence of GLBA compliance and assist in internal and external examinations of the customer information protection program
Information Protection Job Description
- Ensures modern trends in security (threats, technologies) are considered in developing security architecture requirements and recommendations
- Advances the enterprise security architecture practice, security policies and security standards to enhance operational practices
- Third Party Assessments
- Provide operational support and administration of Information Protection solutions, with a primary focus on endpoint protection for Red Cross end-user devices, servers, and applications
- Day-to-day operational support of endpoint protection solutions, including the McAfee ePolicy Orchestrator (ePO) environment, ensuring data integrity, security, availability, and optimal performance
- Provide maintenance for McAfee ePolicy Orchestrator managed products to maintain compliance, including DAT files, patch updates and upgrades
- Plan and perform upgrades to infrastructure
- Build and maintain vendor relationships with security vendor representatives
- Support IT Major Incident Management during emergency events
- Provide compliance reports as needed
- Compliance or regulatory program development or management experience
- Experience collaboration and communicating with senior business leadership
- Current Secret clearance - US Citizenship Required - (must have been investigated within the last 5 years)
- Building, documenting, updating, planning, and testing endpoint security controls (anti-virus, encryption, file integrity monitoring, data loss prevention)
- AA or AS degree in Computer Science, Information Systems, Cyber Security or related field
- 5 years in information security engineering, or operations
Information Protection Job Description
- Conduct and mitigate risk assessments and investigations
- Design new Secure Mail solutions and integrate with externally facing applications
- Design and build new Cloud based Global Server Load Balancing (GSLP) solution
- Maintain operational policy routing decisions for ingress/egress mail
- Maintain operational availability of all email security tools
- Responsible for the research, evaluation, recommendation and administration of internet perimeter messaging systems and subcomponents
- Identifies security risks and potential issues with the global messaging sanitization and routing service and quickly mitigates current and future issues
- Manage complex message filtering logic and provide reporting and metrics around filter effectiveness to management
- Engineer Portal based secure mail solutions involving TLS fallback SAML 2.0 integration
- Provide virus, malware and message header analysis to incident response and data loss teams
- Endpoint Security Experience (AntiVirus, Disk Encryption, Intrusion Prevention, Data Loss Prevention, Removable Media Control)
- Understanding of Microsoft Windows and Active Directory
- Independent, yet collaborative
- Understanding of technical controls and application used to mitigate risks (IDS/IPS, Firewall, Encryption, Server Hardening, Monitoring, Whitelisting)
- 2-5 years of experience in multiple compliance or information security rolls required
- Relevant management experience in a global or Fortune 500 organization preferred