Data Protection Manager

About Us

Clayco is a full-service, turnkey real estate development, master planning, architecture, engineering, and construction firm that safely delivers clients across North America the highest quality solutions on time, on budget, and above and beyond expectations. With $7.6 billion in revenue for 2024, Clayco specializes in the "art and science of building," providing fast track, efficient solutions for industrial, commercial, institutional, and residential related building projects.

The Role We Want You For

Under the direction of the CISO, the Data Protection Manager will be focused on all aspects of research, planning, design, implementation, governance, analytics, automation, and partner relationship management related to ensuring effective and compliant Protection of Enterprise Data as well as effective regular assessment of justified and appropriate access to Data across the Clayco organization.

The ultimate goal of this position is establishing and maintaining an inventory of Data repositories, discovery and classification of Data stored within inventoried repositories, and insights into provisioned access and access events for all discovered Data to ensure that all activity is scrutinized against appropriate threat models, least-privilege principles, and regulatory and contractual obligations. This includes understanding and documentation of Dataflows to identify potential exposures of Data during processing, especially when Artificial Intelligence (AI) tools are utilized. Oversight, administration, and life-cycle management of the tools delivering these capabilities as well as their ongoing effectiveness assessments and evaluation against alternatives will also be part of the Data Protection Manager role.

This role will contribute to existing and evolving Business Relationship Management and Data Architecture functions to ensure cohesive inventory, management, classification, protection, recoverability, and retention of Enterprise Data to enable its intended value, establish its justification, ensure appropriate access, and assess its relative compliance across the Clayco organization. In collaboration with the Data Analytics & Engineering team, this role will also contribute to the establishment of a formal Master Data Management discipline as well as maintain, periodically review for revision recommendations, and coordinate publishing and communication of Clayco’s Enterprise Data Classification & Protection Policy. As uch, this role requires working across multiple work streams and communicating effectively with Senior Technology Leaders and Business Partners which span across multiple lines of Business within Clayco.

The Data Protection Manager will also work with Project Management throughout the Project Delivery life-cycle to evaluate designs and configurations of Solutions enabling the discovery, classification, and protection of Data as well as Controls supporting role-based, least-privilege access and compliant storage, handling, and transfer of Clayco Data.

The Specifics of the Role

• Contributes to the ongoing development and maintenance of a Data Classification & Protection Policy, Data Labeling taxonomy and deployment strategy as well as produces Training materials to educate the contributing Data Users on their responsibilities
• Contributes to the development of processes to identify and mitigate privacy and Data exposure Risks associated with artificial intelligence, ensuring compliance with applicable regulations and supporting ethical use of AI in medical devices and cloud-based services.
• Contribute to the design and implementation of Data Loss Prevention (DLP) and Information Protection solutions across the scope of Clayco’s Data landscape
• Configure, tune, and optimize DLP policies and rules across multiple platforms with a bias towards optimizing signal-to-noise ratios and minimizing false positives while partnering with the Security Operations Center (SOC) team to operationalize monitoring, alerting and response actions to DLP events
• Analyzes process and control gaps relative to achieving regulation-driven or business-defined requirements and expectations
• Contributes to the development of road maps for material gap remediation to achieve and sustain Business-defined expectations
• Tracks, Monitors, and Reports on implementation of gap remediation efforts
• Identifies and communicates changes in Business context, Regulatory Climate, and/or Threat Landscape that may indicate a need for change in Business Processes, policies, procedures, internal controls, or training
• Builds and maintains relationships with and collaborates cross-functionally with other Information Technology teams and Business Stakeholders across the Organization as well as strategic 3rd Party Partners
• Contribute to ongoing Security Awareness Program to ensures all appropriate Employees have the knowledge and tools to comply with Clayco’s Data Privacy and protection standards
• Contributes to major organizational initiatives as necessary to ensure new solutions align with existing policies and compliance requirements
• Provides leadership with comprehensive reports of progress and challenges, as requested
  

Requirements

• 6-8+ years of experience working in hands-on, functional Information Security roles
• 3-5+ years of experience working in Information Security roles directly involving Data Protection and Privacy Assurance
• Bachelor's degree in Information Security or related field, or equivalent experience
• Certified Information Systems Security Professional (CISSP), Certified Information Privacy Professional (CIPP) Certifications [actively certified, or obtained within 6 months of assuming role]
• Strong experience leveraging analysis principles and methodologies to evaluate policies, processes, systems, and Data structures to identify relationships, business risks, compliance with Regulations, Frameworks, & Standards, and any applicable control gaps
• Experience interpreting Data-related Laws and Regulations to identify Privacy, Protection, and Auditability requirements and an understanding of trends to ensure effectiveness and compliance with any relevant Regulations, Frameworks, and Standards such as NIST 800-171, NIST Cybersecurity Framework, CIS Critical Security Controls, HIPAA, PCI DSS, ITAR/EAR, and all applicable U.S. State-level Data Protection & Privacy Regulations ((CA, CO, CT, DE, FL, IN, IA, KY, MD, MN, MT, NE, NH, NJ, OR, RI, TN, TX, UT, VA, and any additional becoming active)
• Experience in leading Data Governance, Data Protection, or GRC Programs
• Functional knowledge of how to map business processes, map Data components to business processes, map Dataflows to identify exposure, engineer process improvements, design controls to reduce Sensitive Data exposure
• Functional knowledge and experience with utilizing Data Security Posture Management (DSPM) platforms to discover and classify Data, determine provisioned access, detect and alert on suspicious/ noncompliant access activity, and execute automated remediation when appropriate
• Functional knowledge and experience with both cloud-based and internally deployed Data Loss Prevention (DLP) and Information Protection solutions to enforce proper handling of classified Data and restrict transfer to only authorized repositories
• Functional knowledge of both Cloud and Client/Server infrastructures and their components related to Data storage, processing, transformation, transfer, exposure, etc. and the applicable controls necessary to ensure proper protection throughout its life-cycle
• Knowledge of statistics, reporting and analytical tools to analyze and solve complex problems
• Proficiency in necessary productivity tools (such as Microsoft Excel and PowerPoint) for analytics and presentations
• Operate with strong integrity with the ability to handle projects of a sensitive and confidential nature
• Strong project management abilities, with a track record of delivering complex Data Protection projects on time and within budget
• Excellent oral and written communication skills including the ability to document functional requirements, test and validation criteria, develop communication plans, report on performance and compliance, and other relevant Operational communications to both technical and non-technical stakeholders
• Ability to respond to Major Incidents 24/7 including holidays and weekends
  

Some Things You Should Know

• No other builder can offer the collaborative design-build approach that Clayco does.
• We work on creative, complex, award-winning, high-profile jobs.
• The pace is fast!

Why Clayco?

• 2024 Best Places to Work – Crain’s Chicago Business, St. Louis Business Journal, Los Angeles Business Journal, and Phoenix Business Journal.
• 2024 ENR Midwest – Midwest Contractor (#1).
• 2024 ENR Top 100 Design-Build Firms – Design-Build Contractor (Top 5).
• 2024 ENR Top 100 Green Contractors – Green Contractor (Top 5).

Benefits

• Discretionary Annual Bonus: Subject to company and individual performance.
• Comprehensive Benefits Package Including: Medical, dental and vision plans, 401k, generous PTO and paid company holidays, employee assistance program, flexible spending accounts, life insurance, disability coverage, learning & development programs and more!

Compensation

• The salary range for this position considers a wide range of factors in making compensation decisions including but not limited to: Education, qualifications, skills, training, experience, certifications, internal equity, and location. Compensation decisions are dependent on the facts and circumstances of each case.