Job DescriptionThe Impact you will have in this role:Being a member of IT Cybersecurity & Platform Strategy team, the Data Protection, Director will be a part of a team within Cybersecurity & Resilience to expand the Data Security program capabilities by collaborating with colleagues across the firm (e.g., Privacy, Compliance, Insider Threat, Data Governance and others) to confirm existing controls, ownership, breadth of coverage, and maturity while problem solving for potential gaps. A combination of strong technical skills, problem solving/anticipation skills, and strong people skills is needed to be successful in this role. If you enjoy challenging work, high visibility, and making things better then this is an opportunity to consider.
Your Primary Responsibilities:Data Protection Control Ownership- Design, deployment, and lifecycle management of DTCC's data protection capabilities, including DLP, classification and labeling, CASB, DSPM, AI proxy controls, and related technical solutions
- Own and operate DTCC's data protection control framework across: Email and collaboration platforms, Endpoint and web egress, Cloud and SaaS services, AI and emerging data channels
- Ensure consistent enforcement of classification, DLP, and encryption intent across all control points.
- Work with Data Protection operations and content engineering to support tuning, and automation to ensure consistent protection across email, endpoints, collaboration tools, web, cloud, SaaS, and data platforms.
- Ensure control design aligns with DTCC's data-centric, context-driven security principles and minimizes unnecessary business friction.
Platform Leadership - Provide executive-level technical leadership and direction for Data Protection solutions including (not limited to) Purview, Zscaler, Symantec and other DLP tools.
Classification, DLP & Encryption Strategy- Drive DTCC's enterprise classification and labeling strategy, including: Taxonomy governance, SIT / classifier standards, Label inheritance and lifecycle
- Lead the transition from pattern-only DLP to context- and label-driven enforcement
- Ensure data protection controls meet regulatory, audit, and risk management expectations for client, regulated, and confidential data.
- Maintain clear, auditable evidence of control effectiveness through metrics, reporting, and documentation.
- Support internal audits, regulatory reviews, and management reporting related to data protection risk and control posture.
Advisory & Secure-by-Design Enablement- Provide technical data protection advisory to technology and business teams for new initiatives, system changes, cloud migrations, AI use cases, and third-party engagements.
- Ensure appropriate controls (e.g., encryption, masking, tokenization, access restrictions) are embedded before go-live.
- Serve as a trusted advisor who enables the business to use data confidently and securely.
Qualifications:- Minimum of 10 years of related experience
- Bachelor's degree preferred and/or equivalent experience
Talents Needed for Success:- Experience owning enterprise-scale data protection capabilities.
- Proven success leading multi-platform DLP, classification, and encryption programs.
- Demonstrated ability to translate regulatory and policy requirements into precise, enforceable technical controls.
- Experience accountable for outcomes, not just strategy or advisory input.
- Experience operating in highly regulated environments (financial services strongly preferred).
The salary range is indicative for roles at the same level within DTCC across all US locations. Actual salary is determined based on the role, location, individual experience, skills, and other considerations.
