DATA PROTECTION PROCESS STRATEGIST

SHRSS seeks a Data Protection and Security Process Strategist to drive the integration of data protection, privacy, and organizational resilience into the company’s operations and culture. The Data Protection & Security Strategist is responsible for designing, operationalizing, and optimizing  enterprise-wide data protection and cybersecurity processes that ensure compliance with regulatory, privacy, and security frameworks.

This role bridges strategic governance and hands-on process execution – driving alignment across data classification, privacy, risk, and security domains to protect the organization's information assets throughout the lifecycle. This individual will work at the intersection of information security, privacy governance, and process design, ensuring that enterprise data is managed, protected, and recoverable in accordance with organizational frameworks and global standards.

The ideal candidate is a process-minded strategist with deep experience in process engineering, data security, and resilience program development. The individual will operationalize privacy and data protection frameworks through scalable processes, effective controls, and continuous improvement initiatives.

Strategic Data Protection & Privacy Integration

• Align organizational practices with enterprise data protection frameworks, standards, and global regulatory requirements.
• Translate privacy and data protection policies into repeatable, measurable operational processes that reduce risk and support business objectives.
• Develop and optimize data handling workflows, ensuring compliance with corporate policies and enabling responsible innovation.
• Support data classification projects, lifecycle management, and retention initiatives by applying structured process methodologies (e.g., Lean, Six Sigma, BPM).
• Lead the design and documentation of end-to-end Data Protection & Security processes

Data Security & Posture Management

• Design and mature strategies for Data Loss Prevention (DLP), Data Security Posture Management (DSPM), and insider risk management across cloud and on-prem environments.
• Collaborate with security engineering and IT to strengthen data visibility, encryption, and access governance through process-driven improvement.
• Translate security and privacy requirements into operational control designs with defined inputs, outputs, and monitoring metrics.
• Conduct assessments to continuously improve the organization’s data protection posture, integrating automation and process optimization where feasible.

Organizational Resilience, Business Continuity & Disaster Recovery

• Develop and maintain enterprise frameworks that promote organizational resilience, ensuring continuity of critical operations during disruption.
• Collaborate with technology and operations teams to design, test, and improve Business Continuity (BC) and Disaster Recovery (DR) strategies.
• Facilitate exercises, scenario testing, and post-incident reviews to validate readiness and continuously enhance response capabilities.
• Integrate resilience and recovery processes into data protection and information governance programs.

Governance, Risk, and Compliance

• Develop and maintain policies, standards, and procedures supporting privacy, data protection, and resilience objectives.
• Support Data Protection Impact Assessments (DPIAs), Privacy Impact Assessments (PIAs), and continuity risk reviews.
• Align organizational controls with frameworks such as ISO 27001, ISO 22301, NIST CSF, and ISO 27701, ensuring continuous compliance and audit readiness.
• Serve as a key liaison between the Global Data Protection Office, IT, and business functions to drive unified data governance.

Design and Operational Integration

• Champion privacy-by-design, security-by-design, and resilience-by-design through structured process engineering and control design.
• Support process mapping, gap analysis, and redesign workshops to ensure consistent execution of data protection and continuity practices.
• Create and maintain operational playbooks, process documentation, and training materials to strengthen execution maturity across teams.
• Partner with business and technology stakeholders to embed control checkpoints and quality measures into existing workflows.

Required:

• Bachelor’s degree in Information Security, Process Engineering, Risk Management, or a related field (Master’s preferred).
• 5+ years of experience in data protection, information security, or business continuity, with demonstrated process ownership.
• Strong background in process engineering (Lean, Six Sigma, or equivalent), with experience mapping, optimizing, and automating business and security workflows.
• Proven experience implementing DLP, DSPM, or data governance solutions in large or complex environments.
• Knowledge of Business Continuity and Disaster Recovery frameworks (ISO 22301, NIST SP 800-34).
• Ability to collaborate with global privacy, legal, and compliance teams to operationalize frameworks and ensure alignment.
• Demonstrated success in developing and maintaining enterprise policies, standards, and technical-to-operational control structures.
• Ability to effectively operate both independently and as part of a team.
• Good written and verbal communication skills.

Preferred:

• Certifications such as CISSP, CBCP, Lean Six Sigma Black Belt, or ISO 22301 Lead Implementer.
• Familiarity with cloud resilience and security architectures (Azure, AWS, GCP).
• Experience leading process optimization or continuous improvement initiatives in regulated environments.
• Gaming experience is preferable but not mandatory.

Personal Attributes

• Analytical and process-driven thinker with a system-oriented mindset.
• Skilled collaborator who thrives in cross-functional, matrixed environments.
• Strong communicator capable of translating complex requirements into actionable designs.
• Passionate about building a culture of trust, accountability, and operational excellence.
• Acts proactively by taking initiatives to improve processes, anticipate potential roadblocks, and implement preventative measures to ensure timelines are met.
• Demonstrates a high degree of ownership over tasks and outcomes.