Job Description

Title - SENIOR DATA SECURITY ANALYST

Duration - Full Time Permanent Role

Location - New York City, Washington DC, San Francisco, Palo Alto, San Diego, Los Angeles, Boston, MA and Denver, CO

Shift - Hybrid

ABOUT THE ROLE

The Senior Data Security Analyst will lead the ground-up development of a firm-wide data compliance function within the Information Security team. This greenfield role is ideal for someone eager to take ownership of design, implementation, and continuous improvement of controls that protect sensitive information across its lifecycle. The analyst will have the opportunity to shape tooling, process, and policy interfaces in partnership with Legal, Privacy, Compliance, and IT. The analyst will work across business, legal, compliance, and technical teams to ensure sensitive data is adequately classified, accessed, retained, and protected. This individual will serve as the first operational lead for data compliance within Information Security and is expected to work independently to establish foundational processes, tools, and reporting mechanisms. Ensures client service and satisfaction are attained in all areas of position. This position plays a mission-critical role in shaping how Information Security enables trusted, policy-aligned, and auditable data practices across the firm.

Data Compliance Oversight

• Design and implement technical and procedural safeguards for firm-wide data classification, monitoring, and protection.
• Develop and maintain workflows to support data lifecycle policies and retention rules.
• Conduct data protection risk assessments to identify and mitigate risks related to access, sharing, and policy enforcement.
• Maintain operational documentation related to technical controls, exception processes, and compliance monitoring.

Program Implementation and Enablement

• Serve as the operational lead for establishing and running the firm’s first dedicated data compliance capability, including control development, tooling integration, and cross-functional coordination.
• Define control effectiveness criteria, metrics, and benchmarks.
• Partner with IT to evaluate and implement tooling that supports classification, DLP, and data visibility.
• Establish and maintain triage and remediation workflows for data protection incidents or policy violations.

Incident & Risk Support

• Respond to and lead investigations involving potential data handling or protection violations.
• Contribute to root cause analysis and future-proofing of technical controls.
• Maintain logs and documentation to support internal audit or legal inquiries.

Cross-Functional Engagement

• Act as liaison between Information Security and other departments (e.g., Legal, Privacy, Compliance) to ensure cohesive execution of firm data policies.
• Provide technical input and operational support for data-focused initiatives or assessments.

Reporting & Analytics

• Create and maintain dashboards and compliance metrics for reporting to senior leadership and risk committees.
• Document control performance and identified risk decisions for audits, assessments, and external disclosures.

ABOUT YOU

• Bachelor’s degree or higher in Information Security, Computer Science, Engineering, or related field.
• Minimum 5–7 years of experience in information security, privacy operations, or data risk management.
• Demonstrated ability to build or significantly contribute to a data compliance or protection function.
• Familiarity with regulatory and contractual data handling standards (e.g., GDPR, HIPAA, CCPA).
• Hands-on experience with classification frameworks, access controls, and technical enforcement strategies.
• Experience implementing or managing DLP, file monitoring, or data classification tools preferred.
• Experience supporting compliance efforts tied to large-scale regulatory requirements (e.g., NIST 800-53, NIST 800-171, CJIS, HIPAA, or equivalent) preferred.
• CISSP, CISA, CIPP/US, or equivalent certifications.

Teamwork and Applied Skills

• Strong sense of ownership and follow-through with the ability to work independently in a high-responsibility role.
• Proven ability to translate complex regulatory and legal requirements into practical technical controls.
• Excellent organizational and project management skills.
• High client service orientation and ability to balance competing priorities.
• Strong interpersonal and cross-functional communication skills.
• Ability to analyze risk, anticipate compliance gaps, and recommend forward-looking solutions.
• High degree of integrity, discretion, and judgment in handling sensitive information.
• Comfortable navigating ambiguity and building structure in greenfield environments.
• Collaborative team player with the ability to influence without authority.
• Commitment to continuous improvement and scalable program design.

Job Tags

Similar Jobs