POSITION DESCRIPTION
The IT Security Specialist (Data Security and Governance) is responsible for safeguarding the bank's critical information assets. This role focuses on the end-to-end lifecycle of data protection, from coordinating on defining classification standards to managing the technical implementation of Data Loss Prevention (DLP) across the enterprise. The Specialist ensures that sensitive data—including PII, intellectual property, and financial records—is handled in accordance with privacy regulations and internal IT security policy.
DUTY & RESPONSIBILITY
- Implements data security controls, a risk assessment framework, and a program that align to regulatory requirements, ensuring documented and sustainable compliance that aligns with bank business objectives.
- Design, implement, and manage Data Loss Prevention (DLP) policies and tools.
- Monitor and analyze DLP alerts; investigate and respond to potential data leakage or misuse incidents.
- Drive data classification and labeling initiatives across the organization.
- Collaborate with business units to identify, catalog, and classify personally identifiable information (PII), financial data, and other sensitive records.
- Ensure protection of data across endpoint, email, cloud, and network environments.
- Manage the lifecycle of DLP and privacy policies, ensuring alignment with evolving business requirements and regulatory needs.
- Support compliance with data privacy regulations and internal data handling standards.
- Assist legal, compliance, and privacy teams with audits, investigations, and regulatory reporting.
- Conduct and document risk assessments for data protection tools and vendor solutions.
- Perform forensics on recurring data leak patterns to identify systemic gaps in business processes or user behavior.
- Participate in or lead data protection awareness and training sessions for employees.
- Analyze and recommend improvements to policies, technical controls, and workflows.
- Assist in monitoring and analyzing security-related systems/solutions (MDM and GRC).
- Support integration of DLP tools with CASB, SIEM, or endpoint platforms for holistic data protection coverage.
- Handle others' tasks assigned by Head of Department.
QUALIFICATION
- Master's or Bachelor's degree in cybersecurity, IT, computer science, or other related fields.
- Minimum 3 years' experience covering the IT security, data governance, or cybersecurity domain and minimum 1 year of hands-on experience with DLP solution administration.
- Outstanding leadership and organizational and time management skills.
- Basic understanding of security principles and best practices.
- Strong understanding of data encryption standards, masking, and hashing techniques.
- Knowledge of global data privacy laws such as GDPR, CCPA, or HIPAA.
- Good communication and interpersonal skills.
- Ability to work both independently and collaboratively in a team environment.
- Basic analytical and problem-solving skills.
- Familiarity with industry standards and frameworks such as PCI-DSS, ISO 27001, NIST, or COBIT.
- Willing to learn, fast learner, flexible, self-motivated, and "can do" attitude.
- Relevant certifications such as CCNP, CC, SSCP, CCSP, or equivalent are a plus.
