Director, Data Security & Insider Risk (DDSIR)

Director, Data Security & Insider Risk (DDSIR)

Job Description: The Director, Data Security & Insider Risk (DDSIR) position will lead the development and programmatic maturity in protecting the confidentiality, integrity, and availability of Huntington data and information assets. This leadership role is instrumental in addressing insider risk, leading data security investigations, driving regulatory readiness, ensuring effective data risk governance by interfacing with senior leadership, across business units, and collaborating with internal and external stakeholders. The success candidates will cultivating a proactive, highly-engaged, industry-leading team of cybersecurity professionals to drive business-focused outcomes.

Key Responsibilities:

Information Asset Protection:

• Data Loss Prevention: Consistent coverage of DLP solutions, use case development, controls, and optimization.
• Insider Risk/Insider Threat: Knowledge and practice managing Insider Risk and developing relevant, specific use cases. Understanding program maturity and stakeholder engagement and education.

Data Security Operations Maturity: Driving continuous improvement and operational excellence.

• Operations Management: Experience leading an highly effective team of analysts focused on colleague and contractor risk while maturing policies, threat hunting, and reducing alert fatigue.
• Investigations: Understanding and proven practice of data preservation, data collection, fact pattern analysis, objective reporting, and quality control tied to an investigative product.
• Incident Response: Developing and executing incident response plans to quickly and effectively address cyber and data security incidents in partnership with Cyber Incident Response, Privacy, Legal, Human Resources, etc.

Data Risk Management & Governance: Experience building and applying controls for sensitive data in a fast-paced environment where data is key to business enablement and growth.

• Regulatory Management: Experience with issues and findings management, action plan development, milestone resolution, leveraging effective industry practices.
• Policy Development: Creating and maintaining policies and procedures to ensure compliance with regulatory requirements

Cybersecurity Innovation:

• Business Risk Mitigation through Consultation: Understanding the utilization of security controls to assist in the protection of data while implementing safe and sound business practices.
• Emerging Technologies: Evaluating and integrating new technologies to enhance the organization's security posture

Leadership & Collaboration:

• Education and Outreach: Presentation and development of materials that are relatable to business partners and secure a strong working relationship and understanding of the risks and the need for controls.
• Team Development: Mentoring and developing team members to enhance their skills and knowledge in cybersecurity

Communications & Reporting:

• Executive Leadership Engagement: Frequent interaction with executive leadership on business partner relations, risk management, objectives and key results, operation metrics, goal planning, budget and fiscal responsibility, and team management.
• Security Metrics: Developing and tracking operational metrics, key performance indicators (KPI), and key risk indicators to various leadership and committees as identified.
• Cross-functional Engagement: Review and escalation of objective reporting through engagement of Human Resources, Legal, CIRT, Privacy and other stakeholders as identified.
• Compliance Reporting: Preparing and presenting reports on the organization's capabilities and posture to senior leadership and regulatory bodies.

Basic Qualifications:

• Bachelor’s degree.
• 10+ years of experience in Cybersecurity.
• 5 years experience in Cybersecurity Data Protection or Insider Risk
• 5 years experience leading a team of cybersecurity professionals

Preferred Qualifications:

• Master’s degree in a related field or equivalent.
• Industry-specific certifications and/or training not limited to CISSP, CEH, Security+, Cloud Platform (AWS, Azure, GCP), or equivalent.
• Proven track record in developing and executing large-scale cybersecurity programs that align with business and risk management objectives, ideally within financial services.
• Strong experience in cybersecurity governance, risk management, compliance, and policy development.
• Deep understanding of insider risk, regulations, innovation trends, and effective industry practices.
• Exceptional ability to drive clarity and build consensus.
• Strong leadership abilities with experience managing cross-functional teams and influencing senior leadership.
• Outstanding communication skills, including the ability to present complex concepts to non-technical stakeholders
• Strong knowledge of security technologies (DLP, SIEM, UEBA, DSPM, etc.) and frameworks (NIST, CRI, ISO, etc.).
• Frequent interaction with executive leadership on business partner relations, risk management, objectives and key results, operation metrics, goal planning, budget and fiscal responsibility, and team management.
• Clear communication skills and proven effective leadership experience that has resulted in team cohesiveness and advancement.
• Strong ability to balance strategic thinking with tactical execution.
• Collaborative mindset with the ability to work across functions and with external partners.
• Results-driven, with a commitment to continuous improvement and innovation in cybersecurity practices.
• Proven ability to thrive in a fast-paced, ever-changing threat landscape.

Toolsets, not limited to:

• Data Loss Prevention (DLP)
• Email Security
• User and Entity Behavior Analytics (UEBA) / Baseline & Deviation
• Security Information and Event Management (SIEM) platforms
• User Activity Monitoring
• Data Security Posture Management (DSPM)
• Device Control/USB Management
• Generative AI Risk Management platforms
• Data inventory and discovery (Structured/Unstructured)
• Enterprise Browser

#Hybrid

#LI-SG1

Exempt Status: (Yes = not eligible for overtime pay) (No = eligible for overtime pay)

Workplace Type:

Our Approach to Office Workplace Type

Certain positions outside our branch network may be eligible for a flexible work arrangement. We’re combining the best of both worlds:  in-office and work from home. Our approach enables our teams to deepen connections, maintain a strong community, and do their best work. Remote roles will also have the opportunity to come together in our offices for moments that matter. Specific work arrangements will be provided by the hiring team.

Huntington is an equal opportunity and affirmative action employer and is committed to providing equal employment opportunities for all regardless of race, color, religion, sex, national origin, age, disability, sexual orientation, veteran status, gender identity and expression, genetic information, or any other basis protected by local, state, or federal law.

Tobacco-Free Hiring Practice: Visit Huntington's Career Web Site for more details.

Agency Statement: Huntington does not accept solicitation from Third Party Recruiters for any position