The Role

This is a hands-on security position working within the Information Security group and with the internal IT department at large. This position’s core focus is to ensure consistent, measurable end-to-end delivery of security services. The successful candidate will work to develop and deploy capabilities, ensuring enterprise systems and data are protected with the security controls and tools required to meet policy and compliance requirements.  

We are looking for candidates who have a passion for cybersecurity, threat detection, risk mitigation and response. This role is responsible for designing, implementing and managing Data Protection and Data Security solutions in support of the CAA data protection program. Primary focus is on safeguarding stuctured and unstructured data stored across SaaS applications, Cloud storage solutions, and custom developed applications.  

The ideal candidate will bring deep expertise in Microsoft’s data security ecosystem, including Microsoft Purview, Endpoint DLP and adjacent data security solutions.  

Responsibilities 

• Develop a comprehensive plan on the management of structured and unstructured data in an enterprise environment with a focus on business enablement. 

• Partner across technology teams to create practical best practices for implementation of Microsoft Purview solutions including 

• Data Loss Prevention 

• Data Security Posture Management 

• Information Protection 

• Insider Risk Management 

• Data Lifecycle Management 

• Conduct data discovery, classification and risk assessment across managed data repositories – OneDrive, SharePoint, SaaS, and custom developed solutions storing company data. 

• Integrate data protection controls with security and workflow toolsets such as SIEM, EDR, ServiceNow/JIRA. 

• Configure, deploy and manage Endpoint DLP policies to prevent or monitor data exfiltration across company devices or BYOD. 

• Partner with business groups to review workflows, producing output to enhance security processes in support of those workflows. 

• Ensure the security considerations identified are implemented and the solutions are configured securely. 

• Coordinate with IRM leadership to develop and deliver key security metrics to ensure technical security controls are meeting desired objectives; ensuring the measurable effectiveness of CAA’s technical controls. 

Qualifications

• A minimum of 6 years in Information Technology 

• A minimum of 3 years’ experience in data protection, Data Loss Prevention or information security engineering 

• Experience in an enterprise environment with exposure to broader technology and business teams 

• A Bachelor’s or Master’s Degree in a relevant field of work  

• Certifications such as CISSP, CISA/CISM, Microsoft Certified Information Protection Administration preferred, but not required 

• Proven experience with Microsoft data security and data compliance technologies 

• Strong analytical skills in conducting due diligence to identify, assess and prioritize data related risks 

• Familiarity with information security frameworks (NIST, ISO27001), data privacy regulations (GDPR, CCPA), and information security certifications/attestations (SOC, ISO, PCIDSS, FedRAMP) 

• A strong understanding of the fundamental operations of servers, operating systems, cloud applications, and infrastructure 

• Hands-on experience with one or more:  

• DLP (e.g., Microsoft Purview, Crowdstrike)  

• DSPM / SSPM platforms  

• Cloud security (AWS, Azure, GCP)  

• Strong understanding of:  

• Data protection techniques (encryption, tokenization, masking)  

• Identity and access management principles  

• API security and modern application architectures  

• Experience integrating security tooling with SIEM/SOAR platforms  

• Scripting/programming experience (e.g., Python, PowerShell, or similar) 

Location

This role is hybrid, based in our Nashville office.

Compensation

The annual base salary for this position is in the range of $121,000 - $135,000 in Nashville. This position is also eligible for benefits and a discretionary bonus. Ultimately, the salary may vary based upon, but not limited to, relevant experience, time in the role, business sector, and geographic location, among other criteria. Please talk with a CAA Recruiter to learn more.