Lead Information Security Engineer - DLP

The Lead Information Security Engineer will be the organization’s subject matter expert (SME) for the Data Loss Prevention (DLP) and Insider Risk Management (IRM) programs. This role will be responsible for spearheading the design and implementation of enterprise level DLP and IRM strategies. This individual contributor role will be a member of a global engineering team that collaborates with various organizations and vendors to continually assess and improve the effectiveness of DLP and IRM controls and policies.

Key Responsibilities and Duties

• DLP Program Development: Lead the design and implementation of a cohesive DLP strategy, including data classification, policy creation, standards, and best practices to safeguard sensitive information.

• Data Classification and Labeling: Develop and manage data classification schemes and collaborate with data owners to ensure data is accurately labeled according to sensitivity and regulatory requirements.

• Data Discovery and Inventory Management: Use data discovery tools to locate unstructured data and catalog sensitive data across on-premises and cloud environments.

• Engineering design: architect and implement highly available and resilient solutions.

• Policy and Rule Configuration: Design, implement, and fine-tune DLP policies and detection rules to minimize false positives and optimize incident management.

• User and Entity Behavior Analytics (UEBA): Integrate user and entity behavior analytics with DLP tools to detect abnormal data access or potential insider threats, developing models to monitor deviations in sensitive data handling.

• Cloud and SaaS Data Protection: Develop DLP strategies for cloud services and SaaS applications to extend data visibility and control in cloud environments.

• Automation & Scripting: Leverage scripting languages (e.g., Python, PowerShell) to automate DLP processes, enhance security monitoring, and support the integration of DLP controls within existing systems. Security Controls Optimization: Identify and implement automation opportunities to improve the DLP program’s efficiency in detecting and responding to security incidents.

Educational Requirements

• University (Degree) Preferred

Work Experience

• 5+ Years Required; 7+ Years Preferred

Physical Requirements

• Physical Requirements: Sedentary Work

Career Level
8IC

Required Skills: 

• DLP Expertise: 5+ years’ experience integrating and managing DLP technologies, data classification, exfiltration monitoring, and email/endpoint/web DLP.  (EX: Forcepoint DLP, Microsoft Defender for Cloud Apps, Microsoft Purview, Proofpoint DLP, Symantec DLP, Trellix DLP, Zscaler ZIA DLP & DSPM) 

• Policy Development: Experience in creating and managing data protection policies and governance processes in compliance with regulatory requirements. 

• Scripting Proficiency: 2+ years’ experience in scripting languages (e.g., Python, PowerShell) to support DLP automation. 

Preferred Skills: 

• 7+ years’ experience as a Security or Infrastructure Engineer with 2+ years of demonstrated experience working with DLP technologies 

• Security Architecture: 2+ years’ experience creating and maintaining reference security architectures and frameworks that incorporate DLP and automation. 

• Project Leadership: Experience leading DLP, IRM, or security automation projects from design through deployment. 

• Security Certifications: Recognized certifications (e.g., CISSP, CCSP, CISM, GSEC) focused on data protection, SecurityDevOps, or cloud security. 

• Prompt engineering: Experience crafting instructions (prompts) to elicit the best possible output from generative AI models. 

#LI-158487406_MB1

Related Skills

Accountability, Adaptability, Business Continuity Planning, Cloud Computing Security, Collaboration, Communication, Compliance, Consultative Communication, Cybersecurity, Detail-Oriented, General Risk Management, Network Security, Prioritizes Effectively

Anticipated Posting End Date:

2025-04-25

Base Pay Range: $107,200/yr. - $163,700/yr.

Actual base salary may vary based upon, but not limited to, relevant experience, time in role, base salary of internal peers, prior performance, business sector, and geographic location.  In addition to base salary, the competitive compensation package may include, depending on the role, participation in an incentive program linked to performance (for example, annual discretionary incentive programs, non-annual sales incentive plans, or other non-annual incentive plans). 

_____________________________________________________________________________________________________

Company Overview

Every worker deserves a secure retirement. For more than 100 years, TIAA has delivered it for millions of people. Founded to help educators retire with dignity, today weʼre a market-leading retirement company fueled by world-class asset management. But weʼre not just another legacy financial services firm. Weʼre fighting harder than ever before for our clients and the many Americans who need us.

Benefits and Total Rewards

The organization is committed to making financial well-being possible for its clients, and is equally committed to the well-being of our associates. That’s why we offer a comprehensive Total Rewards package designed to make a positive difference in the lives of our associates and their loved ones. Our benefits include a superior retirement program and highly competitive health, wellness and work life offerings that can help you achieve and maintain your best possible physical, emotional and financial well-being. To learn more about your benefits, please review our Benefits Summary.

Equal Opportunity

We are an Equal Opportunity Employer. TIAA does not discriminate against any candidate or employee on the basis of age, race, color, national origin, sex, religion, veteran status, disability, sexual orientation, gender identity, or any other legally protected status.

Read more about your rights and view government notices here.

Accessibility Support

TIAA offers support for those who need assistance with our online application process to provide an equal employment opportunity to all job seekers, including individuals with disabilities. 

If you are a U.S. applicant and desire a reasonable accommodation to complete a job application please use one of the below options to contact our accessibility support team: 

Phone: (800) 842-2755

Email: accessibility.support@tiaa.org

Privacy Notices

For Applicants of TIAA, Nuveen and Affiliates residing in US (other than California), click here.

For Applicants of TIAA, Nuveen and Affiliates residing in California, please click here.

For Applicants of TIAA Global Capabilities, click here.

For Applicants of Nuveen residing in Europe and APAC, please click here.