Data Protection Engineer

POSITION SUMMARY:The Data Protection Engineer is responsible for designing, implementing, and operating technical controls that safeguard sensitive data across the enterprise. The incumbent focuses on data discovery, classification, and governance, ensuring that sensitive information is accurately identified, labeled, protected, and handled in accordance with regulatory, legal, and business requirements.The Data Protection Engineer partners closely with Information Technology, Security Operations, Privacy, Compliance, and data owners to enforce risk based controls, reduce data exposure, and enable secure use of data across on premises, cloud, and SaaS environments. Through automation, policy tuning, and continuous monitoring, the incumbent helps maintain visibility into data flows, prevents data loss, sensitive data overexposures, and supports a scalable, auditable data governance program. PRINCIPAL RESPONSIBILITIES: • Lead the execution of enterprise wide data discovery & classification for both unstructured data (files, email, collaboration platforms, endpoints, SaaS) and structured data (databases, data warehouses, analytics and AI platforms). • Lead data protection controls for Generative AI platforms (e.g., Microsoft Copilot, enterprise chat, custom LLM solutions) to prevent unintended data disclosure and misuse. • Implement safeguards to ensure only appropriately classified and authorized data is available for AI prompts, responses, training, or retrieval augmented generation (RAG). • Identify and mitigate data overexposure risks, including: excessive permissions and oversharing in collaboration platforms, public or broadly accessible cloud storage, file servers and databases, sensitive data leakage through prompts or outputs, autonomous or agentic workflows acting beyond approved scope, and shadow AI and unsanctioned model usage • Support data lifecycle governance, including retention, archival, legal hold, and secure disposal for both human and AI accessible data. • Drafts configuration manuals, operating procedures, reports, and system hardening guidelines. • Provides guidance in the application and reporting of data protection technology performance metrics. • Establish and maintain continuous data mapping and inventory to understand where sensitive data resides, how it is accessed, and how it flows across systems and integrations. • Partner with cross-functional teams-including IT, Compliance, HR, and Legal-to ensure adherence to data protection standards. • Performs other job-related duties as assigned or apparent. QUALIFICATIONS: • Experience designing and operating enterprise data discovery & classification programs across both unstructured data (files, email, collaboration platforms, endpoints) and structured data (databases, data warehouses, analytics platforms). • Practical experience identifying and remediating data overexposure, such as: excessive permissions and oversharing in collaboration platforms, public or broadly accessible cloud storage and databases, and stale, orphaned, or business unused sensitive data • Hands on expertise with data classification and labeling technologies, including rule based, pattern based, and machine learning-driven classification for sensitive data types. • Awareness of AI related risks (e.g., data leakage in prompts, model training exposure, shadow AI usage) and the ability to help enforce safeguards and acceptable use standards. • Familiarity with Data Security Posture Management (DSPM) or data access governance tools (e.g., Varonis, BigID, OneTrust, Microsoft Purview, Symmetry, Wiz, Lacework, or similar). • Experience reducing data risk through policy automation, bulk remediation workflows, and continuous monitoring. • Knowledge of data lifecycle management, including retention, archival, legal hold, and secure disposal practices. • Relevant certifications such as CISSP, CISM, GSEC, Security+ or equivalent are highly desirable. • Exposure to privacy engineering concepts, including data minimization, purpose limitation, and least privilege access. • Strong understanding of industry frameworks such as CIS and NIST. • Excellent written and verbal communication skills. MINIMUM REQUIREMENTS: • 5+ years of experience in Information Security, Data Protection or Security Engineering roles. • Prior experience implementing or operating technology within at least three of the following: Data Access Governance, Data Classification, Data Discovery, Data Encryption, Data Loss Prevention. Rewarding Compensation and Benefits Eligible employees can elect to participate in: • Comprehensive medical benefits coverage, dental plans and vision coverage. • Health care and dependent care spending accounts. • Short- and long-term disability. • Life insurance and accidental death & dismemberment insurance. • Employee and Family Assistance Program (EAP). • Employee discount programs. • Retirement plan with a generous company match. • Employee Stock...