Job DescriptionSr. Manager, Data Security Program
Schedule: M-F (onsite 4 days/week)
Location: Atlanta or Birmingham
Position Summary:Southern Company is seeking an experienced cybersecurity leader to own and drive the enterprise Data Security Program across multiple disciplines and functions. This role is responsible for end-to-end leadership, execution, and evolution of data protection capabilities, ensuring sensitive data is identified, classified, governed, monitored, and protected across on-premises, cloud, SaaS, and hybrid environments.
This position directly supports Southern Company's mission to mitigate real and potential cyber risks to its critical electric and gas utility infrastructure, operational technology environments, enterprise IT systems, personnel, customers, and brand. Positioned between executive strategy and technical execution, this role drives large-scale, cross-functional data security initiatives that reduce risk while enabling secure and efficient business operations.
The Senior Manager will lead a multi-discipline team responsible for enterprise-wide data security, including encryption strategy (data at rest and in transit, databases, cloud, and on-prem), Data Loss Prevention (DLP), Data Security Posture Management (DSPM), data discovery and classification, data labeling governance, and data misuse detection and response. A significant component of this role is forward-looking cryptographic strategy, including planning, preparing, and executing the company's transition to post-quantum cryptography (PQC), defining both pre- and post-quantum approaches in partnership with enterprise stakeholders.
This leader owns day-to-day operational accountability for data security tooling and controls, including policy design, deployment, tuning, alert monitoring and response, and lifecycle management (upgrades, patching, and change management). The role also serves as a trusted advisor to business and technology leaders, shaping data protection strategy, enabling secure innovation, and preparing the enterprise for data management and protection in the age of AI, including policy and guardrails for agentic AI interactions with enterprise data.
The ideal candidate brings strong people leadership, deep data security and cryptography expertise, and the ability to influence across a complex enterprise. This role requires a proven track record of building sustainable, multi-discipline security programs and delivering measurable risk reduction in highly regulated, mission-critical environments.
Job Responsibilities:- Provide leadership focused on building, mentoring, and developing a high-performing, multi-discipline data security team spanning governance, engineering, operations, and consulting functions.
- Own and execute the enterprise Data Security Program strategy and roadmap, aligning outcomes with business priorities, regulatory requirements, and evolving technologies.
- Translate strategic objectives into actionable operating models, execution plans, and measurable KPIs across multiple functional domains.
- Lead enterprise efforts to identify, define, and govern sensitive data, including development and adoption of data classification and labeling standards.
- Own data labeling policy and governance, including label taxonomy, usage standards, enforcement expectations, and adoption improvement.
- Oversee deployment and ongoing operations of Data Loss Prevention (DLP) capabilities across email, endpoints, SaaS, cloud services, and data repositories.
- Define and manage DLP policies, detection rules, and enforcement actions (e.g., block, quarantine, encrypt, alert), balancing risk reduction with business usability and driving continuous tuning and improvement.
- Mature the evolution and operational use of Data Security Posture Management (DSPM) to maintain visibility into sensitive data locations, access pathways, and exposure risks.
- Monitor, triage, investigate, and respond to DLP and DSPM alerts and findings in partnership with Security Operations, Incident Response, Insider Threat, Identity, and related teams.
- Drive remediation of data security risks, including over-permissive access, unprotected or misclassified data, and high-risk data movement.
- Define and execute an enterprise encryption strategy for sensitive data at rest and in transit, including databases, storage platforms, and key management alignment.
- Own the enterprise cryptographic transition strategy for post-quantum readiness, including assessment of cryptographic dependencies, prioritization of critical data and systems, phased adoption planning, and execution of pre- and post-quantum approaches.
- Establish policy, governance, and guardrails for protecting enterprise data while enabling AI adoption, including secure patterns for agentic AI access to and interaction with sensitive data.
- Provide operational ownership of data security tooling, including upgrades, tuning, patching, integrations, and change management.
- Establish program metrics, dashboards, and executive reporting to track data security posture, operational performance, cryptographic readiness, and program maturity.
- Serve as a trusted advisor and consultant to business and technology teams on data protection strategy, patterns, and execution.
- Build and maintain strong partnerships with Technology, Legal, Privacy, Compliance, Security Operations, Insider Threat teams, and enterprise governance bodies including Cloud COE, AI COE, and related groups.
- Foster a culture of accountability, collaboration, innovation, and continuous improvement across the data security program.
Requirements and qualifications:Minimum- Proven experience leading enterprise-scale data security programs across multiple disciplines with measurable risk reduction outcomes.
- 8+ years of experience in cybersecurity, with 3+ years in a leadership or program management role.
- Demonstrated experience building or operating data security capabilities including data discovery, classification, labeling, and DLP.
- Strong understanding of data protection across on-prem, cloud, SaaS, and endpoint environments, including data at rest and data in transit.
- Experience defining and executing encryption strategies, including databases and key management.
- Experience leading cross-functional initiatives and influencing without direct authority.
- Strong communication skills with the ability to translate technical risk into business context.
- Experience working in regulated or highly controlled environments.
- Ability to mentor and develop security professionals across multiple functions.
- Must pass NERC CIP & Insider Threat Protection background checks.
Preferred Qualifications- Experience deploying or operating Data Security Posture Management (DSPM) solutions.
- Hands-on experience with data security tools such as DLP, data discovery/classification platforms, CASB, or cloud security tools.
- Familiarity with Zero Trust data security concepts and data-centric risk models.
- Experience integrating data security signals into SIEM/SOAR platforms.
- Experience defining data protection policy and guardrails for AI and agentic AI use cases.
- Exposure to post-quantum cryptography (PQC) readiness, cryptographic agility planning, or long-term encryption strategy.
- Industry certifications such as CISSP, CISM, CCSP, GIAC, or similar.
- Experience supporting or securing critical infrastructure environments.
This position falls under the company's Insider Threat Program and will have access to, and control over sensitive data, systems or assets. Enhanced personnel screening, which includes a background review, drug screen and psychological assessment, will be required if you are selected for this position
About the TeamSouthern Company Services
