DLP analyst

DLP Analyst - Data Protection and Application Security

Experience: 5+ Years
Location: Qatar
Duration: 1 Yr Contract

Job Overview: The Data Protection and Application Security Analyst will be vital in safeguarding the company's data and applications, both at endpoints and within cloud environments. The role ensures security and privacy compliance of data across various platforms and applications, including SaaS-based solutions. This includes engaging in security assurance activities throughout the application development lifecycle or deployment, embedding best practices for both security and data privacy. This role requires staying updated with data privacy trends and legislation, ensuring our systems and policies meet the highest data protection standards.

Key Roles & Responsibilities

1. Data Protection and Privacy:
   1. Data Sensitivity Management: Spearhead initiatives for identifying & classifying data, and applying appropriate controls based on data sensitivity.
   2. Data Loss Prevention: Implement and manage technologies like Proofpoint, devising strategies to safeguard against breaches.
   3. Insider Threat Mitigation: Actively manage internal threats to detect and reduce organizational risks.
   4. Policy Implementation and Enforcement: Entrusted with implementing and upholding robust data security policies and standards throughout the company.
   5. Utilize Advanced Technical Measures: Implement a range of technical controls including encryption and masking, to safeguard sensitive data, ensuring robust protection against unauthorized access and data breaches.
2. Incident Response:
   1. Incident Management: Lead incident response planning and execution, ensuring effective handling of data breaches.
   2. Cross-Functional Collaboration: Work with various teams to mitigate the impact of security incidents.
3. Data Privacy and Compliance:
   1. Comprehensive Privacy Assessments: Lead Privacy Impact Assessments to ensure compliance with data protection laws, analyzing how personal information is managed and mitigating potential risks.
   2. Policy Implementation and Vigilance: Enforce and regularly update data privacy policies across the organization, aligning with evolving legal standards and organizational needs.
   3. Monitoring and Training: Implement continuous monitoring and auditing processes to assess privacy controls, coupled with employee training programs to foster a culture of data privacy awareness.
   4. Cross-Functional Collaboration: Collaborate with various departments and engage with regulatory bodies to stay abreast of new regulations and integrate industry best practices into the organization's privacy program.
4. Application Security:
   1. Secure Development Advocacy: Lead the adoption of secure coding practices to prevent application-level threats, integrating security from the outset of the software development lifecycle.
   2. Vulnerability Oversight: Conduct targeted testing and code reviews to uncover and fix vulnerabilities efficiently, using both automated tools and manual inspections.
   3. Security Throughout SDLC: Embed security measures at every SDLC stage, ensuring security is a core component of software development and deployment.
   4. Assured Secure Rollouts: Ensure robust security processes for new software rollouts and updates.
5. Cloud and SaaS Security Management:
   1. Cloud Security: Develop and implement security measures for safeguarding data across all cloud environments, including IaaS, PaaS, and SaaS models.
   2. SaaS Security Oversight: Ensure that all SaaS applications comply with established security policies, and work closely with vendors to maintain high security standards.
   3. Security and Risk Management: Conduct regular reviews and risk assessments for cloud and SaaS environments, adapting to emerging threats and technological changes to continuously protect organizational data.
6. Assignments:
   1. Strategic Cybersecurity Projects: Engage in key projects, leveraging expertise to enhance the company's cybersecurity.
   2. Special Assignments: Undertake unique tasks to continually advance the cybersecurity strategy and roadmap.

Communication

1. Internal Communication:
   1. Senior Cybersecurity Manager
   2. IT Department
   3. Business stakeholders

   Purpose:

   1. To investigate and handle data breach and related cyber incidents.
   2. To ensure the effective implementation of cybersecurity strategies and policies.
   3. To deliver data protection and data privacy program and associated activities.
   4. To manage and coordinate application-related security engagements.
2. External Communication:
   1. Vendors and Security Solution Providers
   2. National Cyber Security Agency
   3. Regulatory Bodies

   Purpose:

   1. Keep abreast of new security technologies and practices through engagement with external experts.
   2. Stay aligned with cybersecurity laws and regulations, liaising with relevant agencies and bodies.

Minimum Qualification/Experience/Skills

1. Education & Professional Qualification:
   1. Minimum Bachelor's degree in Cybersecurity, Computer Science, Information Technology, Computer Engineering, or related field.
   2. Professional certifications in data protection and application security (e.g., CISSP, CISM) are preferred.
2. Professional Experience: At least 5 years of experience in a cybersecurity role with a focus on data protection and application security.
3. Geographic Experience: Experience in the Middle East is preferred.
4. Computer Skills: Proficient in using cybersecurity and analytic tools, MS Office suite, and other relevant software.
5. Language Skills: Fluent in English (must have), Arabic (good to have).
6. Market/Industry/Functional Knowledge: Solid understanding of the cybersecurity landscape, particularly in data protection and application security. Knowledge of the offshore industry and related cybersecurity challenges is an asset.
7. Skills: Application security, SaaS security, security assurance, cloud security, data protection, policy implementation, privacy compliance, insider threat mitigation, incident management, privacy assessments, data sensitivity management, data loss prevention, cybersecurity.

#J-18808-Ljbffr

---