Early Warning Services

Principal of Access and Data Security SME

Early Warning Services$154K — $193K *
Information Technology
11 - 15 years of experience
Job Overview by Ladders

Qualifications

  • 15+ years IT experience with 8+ years in Information Security
  • Expertise in data security including encryption, tokenization, and DLP
  • Deep understanding of IAM and PAM programs
  • Experience in regulated environments, preferably financial services
  • Ability to relate technical findings to business risks and regulatory requirements
  • Strong understanding of cloud, on-prem, and hybrid data architectures

Responsibilities

  • Provide independent oversight of data protection practices
  • Define data security policies and standards
  • Challenge effectiveness of data security controls
  • Assess data access and sharing decisions
  • Deliver risk reports on data exposure and control gaps
  • Oversee IAM and PAM programs
  • Deliver reporting on access risks and excessive privileges

Benefits

  • Competitive healthcare coverage with contributions to HSAs and FSAs
  • 401(k) with a 100% company match on employee contributions up to 6%
  • Flexible Time Off for exempt employees plus generous PTO for non-exempt employees
  • 11 paid company holidays and a paid volunteer day
  • 12 weeks of paid parental leave
  • Comprehensive family planning support through Maven
Full Job Description
Overall Purpose:

The Principal of Access Control & Data Security Oversight is responsible for ensuring the organization's Access Control and Data Security programs are effective, risk-aligned, and defensible-through independent challenge, governance, and validation.

This role provides independent risk-based governance within a Three Lines of Defense (3LOD) model, ensuring access management and data protection practices are effective, measurable, and aligned to risk appetite and regulatory expectations. The position partners closely with engineering, identity, data, and application teams, acting as a credible challenger-not an operator. This role will support the Cybersecurity and Technology Risk Management team within the Second Line of Defense (2LOD) and report directly to the 2LOD VP of Information Security Risk.

Essential Functions:

Data Security
  • Provide independent challenge and oversight of data protection practices across enterprise environments.
  • Define and maintain policies, standards, and controls for data classification, encryption, retention, and handling.
  • Challenge control validation and effectiveness testing of data security controls, including DLP and encryption.
  • Assess and challenge data access, data sharing, and data lifecycle decisions.
  • Deliver risk-based reporting on data exposure, control gaps, and trends.
  • Provide oversight of data security tooling to ensure coverage, configuration, and data integrity.

Access Control
  • Provide independent challenge and oversight of Identity and Access Management (IAM) and Privileged Access Management (PAM) programs.
  • Define and maintain policies, standards, and controls for authentication, authorization, and access governance.
  • Challenge control validation of provisioning, deprovisioning, access reviews, and segregation of duties (SoD).
  • Assess and challenge access decisions, entitlements, and privilege escalation risks.
  • Deliver reporting on access risks, excessive privileges, and control weaknesses.
  • Provide oversight of IAM/PAM tooling to ensure effectiveness and integrity.


Minimum Qualifications:

Data Security
  • Deep expertise in data security domains including encryption, tokenization, masking, and DLP.
  • Experience with data classification frameworks and data lifecycle management.
  • Strong understanding of data architectures across cloud, on-prem, and hybrid environments.
  • Ability to translate data risk into business impact and regulatory implications.

Access Control
  • Deep expertise in IAM, PAM, and access governance models.
  • Experience with identity systems, federation, and modern authentication (e.g., SSO, MFA, Zero Trust).
  • Strong understanding of least privilege, role-based and attribute-based access control models.
  • Ability to assess and communicate access-related risks at scale.

General Qualifications
  • 15+ years of IT experience with 8+ years in Information Security.
  • Experience operating in a Three Lines of Defense model and/or regulated environment (financial services preferred).
  • Ability to translate technical findings into business risk and executive-level insights.
  • Experience in fintech or highly regulated industries.
  • Familiarity with regulatory expectations for data protection and access control.
  • Background in risk management, audit, or control validation.
  • Background and drug screen


The above job description is not intended to be an all-inclusive list of duties and standards of the position. Incumbents will follow instructions and perform other related duties as assigned by their supervisor.

Physical Requirements

Working conditions consist of a normal office environment. Work is primarily sedentary and requires extensive use of a computer and involves sitting for periods of approximately four hours. Work may require occasional standing, walking, kneeling and reaching. Must be able to lift 10 pounds occasionally and/or negligible amount of force frequently. Requires visual acuity and dexterity to view, prepare, and manipulate documents and office equipment including personal computers. Requires the ability to communicate with internal and/or external customers.

Employee must be able to perform essential functions and physical requirements of position with or without reasonable accommodation.

The base pay scale for this position in:
Phoenix, AZ/ Chicago, IL / Washington, DC in USD per year is: $154,000 - $193,000.
New York, NY/ San Francisco, CA in USD per year is: $186,000 - $232,000.
Additionally, candidates are eligible for a discretionary incentive plan and benefits.

This pay scale is subject to change and is not necessarily reflective of actual compensation that may be earned, nor a promise of any specific pay for any specific candidate, which is always dependent on legitimate factors considered at the time of job offer. Early Warning Services takes into consideration a variety of factors when determining a competitive salary offer, including, but not limited to, the job scope, market rates and geographic location of a position, candidate's education, experience, training, and specialized skills or certification(s) in relation to the job requirements and compared with internal equity (peers). The business actively supports and reviews wage equity to ensure that pay decisions are not based on gender, race, national origin, or any other protected classes.

#Dice

#LI-AV

Some of the Ways We Prioritize Your Health and Happiness

  • Healthcare Coverage - Competitive medical (PPO/HDHP), dental, and vision plans as well as company contributions to your Health Savings Account (HSA) or pre-tax savings through flexible spending accounts (FSA) for commuting, health & dependent care expenses.
  • 401(k) Retirement Plan - Featuring a 100% Company Safe Harbor Match on your first 6% deferral immediately upon eligibility.
  • Paid Time Off - Flexible Time Off for Exempt (salaried) employees, as well as generous PTO for Non-Exempt (hourly) employees, plus 11 paid company holidays and a paid volunteer day.
  • 12 weeks of Paid Parental Leave
  • Maven Family Planning - provides support through your Parenting journey including egg freezing, fertility, adoption, surrogacy, pregnancy, postpartum, early pediatrics, and returning to work.


And SO much more! We continue to enhance our program, so be sure to check our Benefits page here for the latest. Our team can share more during the interview process!

About Early Warning Services

Early Warning Services is a financial services company that provides fraud prevention and risk management solutions to banks, credit unions, and other financial institutions. The company was founded in 1990 and is headquartered in Scottsdale, Arizona. Early Warning Services offers a variety of products and services, including identity verification, account verification, and payment authentication. The company's solutions are designed to help financial institutions reduce fraud and improve the customer experience.
Learn more about Early Warning Services
Size
1,000 employees
Industry

Similar Jobs

More Jobs at Early Warning Services

More Information Technology Jobs

Find similar Principal of Access and Data Security SME jobs: