DLP Senior Engineer/Analyst in New York, NY at Vaco

Date Posted: 10/11/2019

Job Snapshot

Job Description



Vaco is a private-equity backed solutions company that provides consulting, managed services, staffing, and placement services globally. Established in 2002 by "Big 4" consulting veterans, Vaco now has over 40 offices and has worked with over 9,000 clients. We have over 6,000 consultants and been named to Inc. magazine's list of fastest-growing private companies for the past 12 years. Vaco offers boutique services with global reach.

The Vaco Cyber Security team's success relies on the trusted relationships built with our clients. We recognize the challenge organizations encounter improving security, restructuring operations and handling risk while maintaining compliance and keeping costs down. Our information security specialists work closely with organizations to provide the solutions that best match business and security objectives. As a member of the team, you will have the opportunity to utilize and expand your skills through client experience and industry training while collaborating with security professionals across industries. Our team provides the full spectrum of security services to clients including, Strategy & Advisory, Identity & Access Management, Security Operations, Managed Services, Governance, Risk, and Compliance.


The Cyber Security & Technology Risk organization protects the information assets of the company through managing risk, deploying effective security risk framework and ensuring regulatory compliance. This role will sit within the Data Loss Prevention (DLP) Team which is part of the clients Security Operations group and will report to the Director, Data Loss Prevention Leader.

Responsibilities:

  • Implement new security tools and processes to enhance the DLP strategy
  • Execute DLP cloud & mobile initiatives
  • Manage DLP agent deployment, perform DLP entitlement reviews, maintain policies within DLP tools
  • Facilitate the DLP rule lifecycle processes including review and retirement of existing rules
  • Test DLP rules prior to full deployment
  • Liaise with the DLP Council regarding approval of new rules
  • Manage DLP events and elevate anomalous events of concern
  • Ensure DLP documentation is maintained, accurately and regularly reviewed
  • Prepare and maintain DLP metrics & reporting processes for business leadership
  • Assist in the creation of a new Insider Threat Program
  • Provide expertise and recommendation to incident triage process
  • Develop Insider Threat requirements that illustrate issues on computer misuse, various violations of policies, counterintelligence concerns, foreign influence, or other insider threat risks
  • Conduct case support to investigations, administrative or security inquiries, risk assessments, or other adjudicative assessments, to include support for investigations
  • Conduct and triage anomalous events of concern using industry data loss prevention tools to include User and Entity Behaviour Analytics

Qualifications/Requirements

  • BS/BA degree in Computer Science/ Information Technology/ Information Security or related field or significant equivalent work experience
  • Significant experience within either Risk Management or Technology. Ideally with an emphasis on Information Security, business applications, and security best practices.
  • Experience with DLP technologies (Network, Email, Endpoint, etc.) and processes.
  • Strong verbal and written communication and collaboration skills
  • Detail oriented, with proven ability to mobilize and energize cross-functional teams to implement solutions and complete tasks.
  • Demonstrated success participating in complex technology projects with an emphasis on high customer satisfaction
  • Ability to build relationships and influence all levels within an organization
  • Knowledge of general network, platform, enterprise, cloud and security technologies
  • Willingness and ability to travel domestically and internationally up to 15%

Desired Characteristics:

  • Certifications such as Security+, CISSP and\or CISM a plus
  • Experience implementing an Insider Threat Program
  • Experience with Cloud Access Security Broker (CASB) solutions
  • Experience working with data privacy officers, data privacy authorities, works councils, labor unions, etc. with respects to Data Loss Prevention and Data Protection Programs
  • Knowledge in various operating systems and enterprise platforms to include: Windows, Linux/Unix, Mac OS, iOS, Android, Active Directory, .Net framework, Oracle business products, SAP, etc.