Senior Data Security Engineer

CNA Insurance is dedicated to fostering a culture where employees feel valued and empowered. The Senior Data Security Engineer will become a Subject Matter Expert in data classification and remediation, focusing on enhancing data loss prevention and protection strategies to mitigate risks associated with sensitive information.

Responsibilities:

• Provides technical expertise and support to client, IT management and staff in risk assessments, implementation and operational aspects of appropriate information security procedures and products
• Participates in the evaluation, development and implementation of security standards, procedures and guidelines for multiple platforms and diverse systems environments (e.g., firm-wide, distributed, client server systems, and e-applications)
• Tests and implements appropriate security methods and control techniques such as data access rules tables, data containerization, data encryption, data backup and recovery
• Partners with different teams in the organization to accomplish tasks
• Drive projects as an individual contributor and oversee MSPs leveraged
• Understand the OSI model of networking, Data Loss Prevention and Data Classifications from a technical perspective
• Acts as liaison to product groups and assists them in implementation of data privacy, information security technologies, and application security
• Comprehend regulatory compliance requirements related to data
• Develop and manage data classification schemes, ensuring accurate labeling and the application of sensitivity labels to protect sensitive information
• Create data discovery and labeling schemes and perform remediation tasks related to user access to sensitive data
• Collaborate with DLP teams to prevent data exfiltration, configure systems to detect sensitive data and trigger appropriate actions, and regularly review policies for effectiveness and alignment with evolving requirements
• Maintains an awareness of existing and proposed security standard setting groups, state and federal legislation and regulations pertaining to information security. Identifies regulatory changes that will affect information security policy, standards and procedures, and recommends appropriate changes

Requirements:

• Experience in extracting, analyzing, manipulating, and organizing large amounts of data from disparate sources using various investigative tools
• Drive Data Loss Prevention (DLP) rule development lifecycle including policy development, response rules, and maintenance
• Conduct research to improve accuracy across systems and minimize false positives through use of technology and data analytics
• Experience in implementing and managing various data security platforms, systems, applications to deploy appropriate technical controls
• Ability to communicate complex findings in meaningful, easy-to-understand formats, including written summaries, visualizations, and presentations
• Develop and maintain a deep understanding of the company's most valuable intellectual property to proactively identify and investigate potential risks
• Demonstrated ability to maintain confidentiality of sensitive data and information
• Stay updated with the latest industry trends and best practices in data security
• Bachelor's degree in Computer Science, or related discipline, or equivalent work experience
• Typically a minimum of seven years of technical experience in the security aspects of multiple platforms, operating systems, software, communications and network protocols or an equivalent combination
• Familiarity with Microsoft Purview and Securiti.ai (training will be provided if necessary)
• Experience with structured and unstructured data connectors, data classification, and regex adjustments to identify risks
• Experience with data protection and security operations through use of DLP tools and Data Classification technologies
• Microsoft Purview
• Microsoft CoPilot
• BigID
• Securiti.AI
• Varonis
• SkyHigh
• Forcepoint
• Blue Coat
• Proofpoint
• Netskope