Information Protection Job Description
Information protection
provides subject Matter Expert (SME) support for development and review of security configuration standards for operating systems, networking devices, application development, user access controls, and Industry Regulatory compliance requirements.
Information Protection Duties & Responsibilities
To write an effective information protection job description, begin by listing detailed duties, responsibilities and expectations. We have included information protection job description templates that you can modify and use.
Sample responsibilities for this position include:
Develop policies and procedures to comply with applicable laws and regulations while meeting expectations supporting data privacy, confidentiality, examining cross border data flows and protecting intellectual capital
Maintain knowledge of the changing regulatory requirements that impact information protection including but not limited to HIPAA, HITECH, and PCI
Perform and regularly update risk assessments of member firms and track potential issues for further investigation
Facilitate the firm-wide information security and privacy internal audit program, helping ensure timely submission, tracking of issues, and facilitating remediation efforts
Management of remediation tracking efforts for security and privacy related assessments, escalation of issues when appropriate, and validation that plans are implemented in a timely and effective manner
Work with various members of the Information Protection Group to help ensure that the controls catalog is updated to reflect current risks
Work with others in the Information Protection Group on ongoing or new information risk activities, as the need arises
Duties Will be responsible for driving Automation Opportunities within Cigna Information Protection beginning with the Public Key Infrastructure (PKI)
Evaluates security products and tools for enterprise implementation and develops technical security configurations
Directs the development of techniques and procedures for conducting IP security risk assessments and compliance audits, the evaluation and testing of hardware, firmware, and software for possible impact on system security, and the investigation and resolution of security incidents
Information Protection Qualifications
Qualifications for a job description may include education, certification, and experience.
Licensing or Certifications for Information Protection
List any licenses or certifications required by the position: CISSP, CEH, CISM, GCFW, GSEC, GIAC, CIPP, CISA, CPT, PMP
Education for Information Protection
Typically a job would require a certain level of education.
Employers hiring for the information protection job most commonly would prefer for their future employee to have a relevant degree such as Bachelor's and Collage Degree in Computer Science, Education, Information Technology, Technical, Business, Engineering, Information Security, Cyber Security, Management, Information Systems
Skills for Information Protection
Desired skills for information protection include:
Networking fundamentals and common attacks
Windows and *nix-based operating systems
Agile development methodologies
Generally accepted Information Security controls
Policies and procedures
Microsoft Office
Industry standards and techniques in development and testing
Archive
HIPAA
Retrieve digital files
Desired experience for information protection includes:
Ability to configure/use HSMs and Key Management tools (e.g., Luna/Safenet, RSA)
Experience with certificate creation on Windows and Linux systems using various tools (e.g., keytool, openssl, certutil and MMC snap-in) and for various type certs (client and server auth, code signing)
Served in leadership position on PNNL committees or improvement groups
Experienced professional with complete understanding and wide application of technical principles, theories, and concepts in the protection of classified matter
Managed projects of limited scope
Interacted with senior internal and external personnel
Information Protection Examples
1
Information Protection Job Description
Job Description Example
Our company is looking for an information protection. Please review the list of responsibilities and qualifications. While this is our ideal list, we will consider candidates that do not necessarily have all of the qualifications, but have sufficient experience and talent.
Responsibilities for information protection
- Collaborate and provide guidance on information protection matters
- Work with regulators and internal business leadership to maintain internal and external information protection requirements
- Provide advice and recommendations regarding information protection controls to IT projects throughout the lifecycle, including management of the risk assessment methodology and documentation
- Perform privacy compliance reviews, provide privacy advice on third party contracts and completion of 2010 model clauses
- Working with the leadership team to support business development opportunities
- Taking an active role in developing the privacy practice through various means such as eminence, article writing, proposition and service development
- Prepare, review, and maintain Information Protection Program’s manageable work efforts
- With oversight from Information Protection Leadership, collaborate with subject matter experts to identify best practices and develop strategies to implement across divisions and facilities to drive maturity and standardization
- Conduct high level analysis of evidence and related data to identify areas of opportunity to mature Information Protection program and processes across the enterprise
- Plan, organize, and co-lead conference calls, targeted training, Q&A sessions, and coaching sessions as needed
Qualifications for information protection
- Proven ability to build relationships and to influence individuals at all levels in the organization, with external vendors and service providers
- Current Secret clearance (investigated within the last 5 years) - US Citizenship Required - Applicants MUST include their Security Clearance Level, Investigation Type and Investigation Date clearly on their resume
- Creative thinker, always looking for a “better way” to deliver value
- Minimum of 5 years' experience in IT or Information Security
- Have an understanding and working knowledge of regulatory and audit mandates to ensure environments meet PCI, FFIEC, SOX and corporate standards
- Minimum six years of progressive global data protection and information management strategy experience
2
Information Protection Job Description
Job Description Example
Our company is hiring for an information protection. Thank you in advance for taking a look at the list of responsibilities and qualifications. We look forward to reviewing your resume.
Responsibilities for information protection
- Create and maintain dashboards, scorecards, and/or reports to be presented to CISO, IP Leadership, and other company leaders on the status of initiatives and overall IP Programs
- Establish and manage partnerships and relationships with business leaders at all levels of the company
- Prepare and/or ensure high quality, professional deliverables such as toolkits and supporting materials to enable divisions and facilities to accelerate their Information Protection programs
- Perform other related duties as assigned to support the Information Protection department
- Maintain knowledge of information protection concepts, tools, and industry trends by participating in appropriate educational opportunities
- Design, develop and maintain Cyber security program across IT and the enterprise
- Managing the enterprise Information Protection (IP) community program awareness, communications and learning program across all lines of business which includes over 100 participants globally
- Leading benchmarking strategy and execution for the enterprise which includes identifying appropriate industry relevant frameworks, internal and external assessment against frameworks, reporting of findings and integration of findings into the IP roadmap
- Accountability for information protection business operations (finances and resource/demand management) and interfaces with IT business and portfolio management
- Maintaining holistic portfolio management for all Information Protection projects including both portfolio projects and baseline/enhancements
Qualifications for information protection
- Experience in privacy intra-group agreements, completion of EU model clauses and knowledge of international data protection frameworks
- Experience implementing binding corporate rules preferred
- Hold a valid passport with the ability to travel periodically on global business assignments
- Working with end-users to define work flows and integrate business processes and technology into effective business solutions
- Mentoring other project managers in program and project management
- Experience in managing technology projects with a strong focus on information security is preferred
3
Information Protection Job Description
Job Description Example
Our company is hiring for an information protection. If you are looking for an exciting place to work, please take a look at the list of qualifications below.
Responsibilities for information protection
- Assimilating the Advanced Cyber Threat (ACT) program into the integrated Information Protection portfolio
- Central point to interface with Enterprise Risk Management, Corporate Audit, Privacy and Legal
- Structure delivery measurements to business objectives
- Establishing and managing end to end communication plan that encompasses project delivery status internal and external program communications
- Builds and maintains strong, effective working relationships with business owners, IT&S leadership, and other stakeholders involved with information security and privacy initiatives
- Gather business and technical requirements assisting with business and technical design/architecture
- Forge strong partnerships with your specific planning and process teams, to proactively review business strategies and complete risk-based data protection reviews at the optimal time in the change cycle
- Internal Customer Care
- Responsible for the annual Information Security Policy and Standard lifecycle including creation and updates
- Responsible for strategic direction, thought leadership to safeguard system integrity and protect information from accidental or unauthorized modification or disclosure
Qualifications for information protection
- Strong contributor
- Develop and manage the GLBA compliance program governance framework
- Carry out monthly GLBA governance meetings with senior business line risk management and second line of defense functions
- Establish reporting routines, assess the sufficiency of existing GLBA and information risk related reports and drive improvements, where necessary
- Annually develop and publish the GLBA report to the Board of Directors
- Prepare and maintain ongoing evidence of GLBA compliance and assist in internal and external examinations of the customer information protection program
4
Information Protection Job Description
Job Description Example
Our innovative and growing company is searching for experienced candidates for the position of information protection. Thank you in advance for taking a look at the list of responsibilities and qualifications. We look forward to reviewing your resume.
Responsibilities for information protection
- Ensures modern trends in security (threats, technologies) are considered in developing security architecture requirements and recommendations
- Advances the enterprise security architecture practice, security policies and security standards to enhance operational practices
- Third Party Assessments
- Provide operational support and administration of Information Protection solutions, with a primary focus on endpoint protection for Red Cross end-user devices, servers, and applications
- Day-to-day operational support of endpoint protection solutions, including the McAfee ePolicy Orchestrator (ePO) environment, ensuring data integrity, security, availability, and optimal performance
- Provide maintenance for McAfee ePolicy Orchestrator managed products to maintain compliance, including DAT files, patch updates and upgrades
- Plan and perform upgrades to infrastructure
- Build and maintain vendor relationships with security vendor representatives
- Support IT Major Incident Management during emergency events
- Provide compliance reports as needed
Qualifications for information protection
- Compliance or regulatory program development or management experience
- Experience collaboration and communicating with senior business leadership
- Current Secret clearance - US Citizenship Required - (must have been investigated within the last 5 years)
- Building, documenting, updating, planning, and testing endpoint security controls (anti-virus, encryption, file integrity monitoring, data loss prevention)
- AA or AS degree in Computer Science, Information Systems, Cyber Security or related field
- 5 years in information security engineering, or operations
5
Information Protection Job Description
Job Description Example
Our innovative and growing company is looking for an information protection. Please review the list of responsibilities and qualifications. While this is our ideal list, we will consider candidates that do not necessarily have all of the qualifications, but have sufficient experience and talent.
Responsibilities for information protection
- Conduct and mitigate risk assessments and investigations
- Design new Secure Mail solutions and integrate with externally facing applications
- Design and build new Cloud based Global Server Load Balancing (GSLP) solution
- Maintain operational policy routing decisions for ingress/egress mail
- Maintain operational availability of all email security tools
- Responsible for the research, evaluation, recommendation and administration of internet perimeter messaging systems and subcomponents
- Identifies security risks and potential issues with the global messaging sanitization and routing service and quickly mitigates current and future issues
- Manage complex message filtering logic and provide reporting and metrics around filter effectiveness to management
- Engineer Portal based secure mail solutions involving TLS fallback SAML 2.0 integration
- Provide virus, malware and message header analysis to incident response and data loss teams
Qualifications for information protection
- Endpoint Security Experience (AntiVirus, Disk Encryption, Intrusion Prevention, Data Loss Prevention, Removable Media Control)
- Understanding of Microsoft Windows and Active Directory
- Independent, yet collaborative
- Understanding of technical controls and application used to mitigate risks (IDS/IPS, Firewall, Encryption, Server Hardening, Monitoring, Whitelisting)
- 2-5 years of experience in multiple compliance or information security rolls required
- Relevant management experience in a global or Fortune 500 organization preferred