Help shape the next generation of ecommerce for the next generation of consumer.
Senior Data Protection Engineer
Our mission requires that users have deep trust in the company where they store their personal information. We are looking for a Senior Data Protection Engineer to join us on this mission. You will report directly to the Senior Director of Data Protection.
The candidate will demonstrate drive, intelligence, maturity, and energy, and will be a proven change leader. They will be responsible for leading tactical and strategic initiatives and coordinate projects within Security, Engineering, IT, Product, Legal, Compliance, and other teams throughout the company. The ideal candidate will be a thought leader throughout the design, development, integration, testing, and implementation of appropriate security & data protection controls during the lifecycle. Candidates must have proven experience leading teams in a matrix environment.
The candidate will possess a high degree of business acumen and must have a “real world” perspective in order to effectively interact with the technical leaders across the company. Because you will identify and mitigate risks, you will have experience with Cloud Security, Enterprise Security, Security Engineering, and Data Protection in large server environments. You will have a strong presence, drive a sense of urgency, can effectively dive into the technical details, and advise cross functional teams. You will be passionate about the people and the business. You will review and assess technology, processes, and controls; utilizing industry best practices and applicable regulatory, standards and benchmarking frameworks to ensure effective security coverage.
Role and Responsibilities:
- Drives data protection efforts across the company to address regulatory and security reqs.
- Is a proven innovator and creative problem-solver. Navigates ambiguity and exercises a moderate degree of autonomy in decision making.
- Defines, delivers, and supports strategic plans for implementing information security.
- Understands, evaluates, and responds to data protection incidents and events.
- Implements strategies, policies, and procedures by evaluating trends, identifying problems, and anticipating requirements.
- Stays abreast of emerging data privacy regulations and conducts research on emerging products, services, protocols, and standards in support of security improvement.
- Monitors risk and tracks exceptions to policies, standards, and procedures to ensure effective security governance and operational efficiencies.
- Provides timely reporting & analytics of product and engineering design and how it relates to security & data protection postures & the threat landscape.
- Facilitates the development and implementation of appropriate security configurations, policies, processes, and procedures.
- Identifies risk of impeded work and provides proposed solutions to the management.
- Ensures the following services meet regulatory security requirements and standards: mgmt, data protection impact assessment, and data loss prevention
- Strong understanding of information security operations and the relationship between threats, vulnerabilities, and risk management.
- Develops and maintains a global information security incident response plan that will identify, contain and resolve information security incidents; and meet compliance requirements.
- Excellent verbal, written and interpersonal communications skills, including the ability to communicate risk-related concepts to both technical and non-technical audiences.
- Ability to maintain a high level of discretion and personal integrity in the exercise of duties, including the ability to professionally address confidential matters.
- Ability to establish and maintain a high level of trust and confidence in the group's knowledge of, and concerns for, business, legal and regulatory requirements.
- Proven experience leading global teams, projects and implementations.
- Knowledge of operating in a complex, global environment.
- Ability to coach, motivate and develop careers of others within a global team.
- Certifications: PMP, CISSP, CISM, ITIL, TOGAF, SANS/GSEC, CIPP, CRISC, CPA/CA, CFE
- Bachelor’s degree in an engineering or similar discipline, or equivalent work experience.
- Minimum of 10-12 years of experience in Information Security and/or Data Protection space spanning Pseudo anonymization, de-identification, PII retention & destruction, PII minimization & reduction, records management, data classification, data discovery (semi/structured/physical), data mapping, privacy due diligence, access and entitlement.
- Experience developing, implementing or creating information security systems with a strong understanding of information security regulatory requirements and compliance issues such as GDPR, PCI, SOX, CCPA, and NIST CSF.
- Strong understanding of VPN, anti-virus software, intrusion detection, firewalls, and content filtering, endpoint security solutions to include file integrity monitoring and data loss prevention, AWS security tools: SecurityHub, GuardDuty, CloudTrail, CloudWatch, and Crowdstrike, Lacework, DataDog, Cortex, Snyk.
- Technical understanding of how threats like Spam, Phishing, Bots, DDoS Attacks, Brute Force Attacks, SQL Injections, XSS, Trojan Horses are executed and how to protect our resources.
- Experience to design approaches to continuously monitor organization's networks and systems for security breaches or intrusions.
- Experience in designing best practices for protecting critical customer data.
Our global platform offers unprecedented access to current culture while our data-driven, bid-ask model provides buyers with the real-time visibility to know they’re getting a fair price. And, unlike other ecommerce sites, StockX hand-checks every purchase (20,000+ daily trades) at one of our regional authentication centers.
StockX’s special formula has rocketed the company to a multibillion dollar valuation, with 10M+ lifetime trades on the platform—more than half of those coming in the last year. And we’re just getting started.