Sr Staff, InfoSec Engineer - Data Security

About the Role

In this role, you will design, develop, and implement comprehensive data security solutions to protect Gap Inc’s data and information assets. You will draw upon your experience and expertise in security architecture, systems design, infrastructure, access management and cyber defense to ensure robust data protection across all platforms.

What You'll Do

What you’ll do:

• Design, develop, and implement data security solutions.
• Lead Data Security program initiatives, working with stakeholders across information security, engineering, data science, infrastructure and other teams.
• Work collaboratively with Internal security, Product Security and SOC teams on solutioning data security controls and processes.
• Demonstrate proficient knowledge of standard security practices, concepts, and relevant technologies.
• Manage technical requirements analysis and draft technical design specifications based on interpretation of functional requirements gathered through working with business and project teams.
• Ensure governance and compliance with legal and regulatory requirements while maintaining company Information Security policies, standards, and industry best practices.
• Drive automation of data security processes, as applicable.
• Develop and maintain data security architecture frameworks and standards.
• Conduct risk assessments, vulnerability analyses and threat modeling exercises to identify and mitigate security risks.
• Mentor junior Security Engineers towards achieving command of the skills necessary to perform all work-related tasks.
• Monitor and respond to security incidents and breaches, providing expert analysis and recommendations.
• Stay up to date with the latest security technologies, threats, and trends.
• Leverage Microsoft Purview to manage and monitor data security, ensuring protection across clouds, apps, and devices.
• Utilize current Data Security Posture Management (DSPM) solutions to enhance data security posture management.
• Foster strong relationships with peers in internal organizations (engineering, product, privacy, legal) as well as external partners and vendors.
• Work productively with tech teams and engineering leaders, effectively communicating security issues and ensuring they are resolved.
• Operate effectively in an agile, dynamic, fast-paced environment.

Who you are:

• Demonstrate knowledge of standard data security practices, concepts, and technologies relevant to the role.
• Demonstrate proficiency in specific security technologies, applications, standards, and methodologies.
• Experience in code reviews, configuration management screens/scripts, and deployment tools, to an extent that allows the candidate to understand tool/platform configurations.
• Ability to assess relatively complex situations and analyze data to make judgments and recommend solutions.
• Deep knowledge of data security and governance aspects around AI/ML training
• Strong knowledge of data encryption, tokenization, and other data protection technologies.
• Strong understanding of privacy and legal requirements surrounding data handling and exposure.
• Experience with security frameworks such as NIST, ISO 27001, and GDPR.
• Excellent problem-solving and analytical skills.
• Strong communication and interpersonal skills.

Who You Are

• Advanced degree in a related field (CS/Engineering/InfoSec/Data Science) or equivalent combination of education and experience.
• Relevant certifications such as CISSP, CISM, or CISA.
• Experience in an AI-first hybrid multi-cloud environment.