Vice President - Data Loss Prevention
Job Description The VP - Cybersecurity Data Loss Prevention will assume leadership of the teams responsible for executing projects and day to day tasks associated with DLP and User Behavior Analytics (UBA). This includes liaising with business stakeholders, identifying data loss use cases, iterating through DLP solutions, leading implementation efforts by the DLP team as well as the strategy and evolution of DLP processes and technologies. The successful candidate will have a strong background in the area of Data Loss Prevention, DLP risks, DLP technical controls, DLP technologies, security best practices standards (ISO, NIST, COBIT), and audit and regulatory frameworks. Strong documentation skills are also crucial to successful process and project delivery.
The individual will be required to work closely with other members of the Information Risk and Cybersecurity team to set objectives for the DLP and UBA program. The individual will be responsible for successfully meeting DLP and UBA objectives, as well as operationalizing the DLP program and working with key business stakeholders throughout this process. Functional Responsibilities
- Demonstrate ownership of the Data Loss Prevention program and its associated projects and technologies.
- Lead the team responsible for implementing DLP technologies and controls. Provide oversight and guidance for during implementation and development.
- Build and lead a team responsible for responding to DLP alerts and incidents.
- Liaise with senior business stakeholders and provide oversight and guidance during sensitive DLP investigations.
- Think with a security mindset while successfully analyzing business risk and remediation effort, to prioritize efforts and projects.
- Own information security decisions and project deliverables related to the DLP program. Ensure solutions adhere to information security policies and that DLP controls are embedded in all new technology initiatives at Moody's.
- Manage the successful delivery of Information Security Projects and services for business stakeholders and Moody's IT executives.
- Provide oversight and guidance during implementation and deployment of User Behavior Analytics solution at Moody's as part of the DLP program.
- Liaise with business stakeholders an identify DLP gaps and solutions for current and future business processes.
- Create and deliver meaningful presentations and reports on project goals and status, tailored to different audiences.
- Partner with other leaders and business project sponsors to build consensus on project requirements, expected timelines, and service delivery goals as well as report on status and key project risks.
- Act as a backup to other senior department leaders as needed.
Minimum education and work experience required for this position include:
- Minimum 10-15 years of experience in IT industry, preferably in a financial services or consulting organization.
- Minimum 8 years of experience in progressively more senior Information Security roles.
- Strong writing and communication skills. Ability to create and maintain accurate and detailed guidelines and procedures.
- Demonstrated expertise in his/her skill area. Member of industry groups and forums, and able to create and give presentations on the subject.
- Hands-on experience with Data Loss Prevention technologies and capabilities such as Symantec DLP, Microsoft O365 DLP, Ironport DLP, Cloud Access Security Brokers (CASB), etc.
- Firsthand experience with UBA tools such as Securonix, Exabeam, Splunk UBA, etc. is a plus.
- Firsthand experience working with response teams for security/DLP investigations is a plus.
- Familiarity with Help Desk ticketing tools such as ServiceNow.
- Ability to interact directly with customers that do not have an IT background including key business stakeholders and clients.
- BS or BA degree, preferably in technology/business or equivalent.
- Relevant certifications such as CISSP, CISM, ITIL or PMP are a plus
- Thinking with a security mindset. The successful candidate has a strong IT background with in depth knowledge of several key security practice areas: data loss prevention; security analytics; application security; audit and regulatory; security operations.
- Ability to maintain a high performing, motivated team, and adapt direction to accommodate changes in priorities.
- Process driven approach to managing security controls and customer touchpoints.
- Knowledge of and experience with current and emerging data loss prevention tools and methodologies including Symantec DLP, Microsoft o365 DLP, etc.
- Knowledge of how the DLP landscape has changed in the last number of years and a vision for how it may evolve over time.
- Strong knowledge of data loss prevention controls.
- Strong knowledge of data loss prevention response procedures and protocols.
- Off shore vendor management.
- Strong knowledge of regulatory standards that govern Information Security practices such as SOX, PCI, and state and federal privacy laws.
- Strong knowledge of best practice standards that govern Information Security such as ISO, NIST and SANS.
- Strong written and oral communication skills including the ability to interact directly with customers that do not have an IT background.
- Strong presentation skills involving large and of varying IT background audiences
- Proven ability to work within a large enterprise that spans multiple continents, is governed by change management and has a tiered support model.
- Proven ability to lead projects and initiatives within schedule and budget
Moody's is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, sex, gender, age, religion, national origin, citizen status, marital status, physical or mental disability, military or veteran status, sexual orientation, gender identity, gender expression, genetic information, or any other characteristic protected by law. Moody's also provides reasonable accommodation to qualified individuals with disabilities in accordance with applicable laws. If you need to inquire about a reasonable accommodation, or need assistance with completing the application process, please email email@example.com.. This contact information is for accommodation requests only, and cannot be used to inquire about the status of applications.
For San Francisco positions, qualified applicants with criminal histories will be considered for employment consistent with the requirements of the San Francisco Fair Chance Ordinance. For New York City positions, qualified applicants with criminal histories will be considered for employment consistent with the requirements of the New York City Fair Chance Act. For all other applicants, qualified applicants with criminal histories will be considered for employment consistent with the requirements of applicable law.
Click here to view our full EEO policy statement. Click here for more information on your EEO rights under the law.
Candidates for Moody's Corporation may be asked to disclose securities holdings pursuant to Moody's Policy for Securities Trading and the requirements of the position. Employment is contingent upon compliance with the Policy, including remediation of positions in those holdings as necessary.