Data Security Lead

About the position Here at Discount Tire, we celebrate the spirit of our people with extraordinary pride and enthusiasm. Our business has been growing for more than 60 years and now is the best time in our history to join us. We are opening more locations every year and we are always looking for qualified individuals to join us in our growth. We are a company that promotes from within, both in our retail and corporate operations. Under minimal supervision, the Senior Data Security Engineer is responsible for protecting the organization's sensitive data across all platforms, ensuring compliance with regulatory requirements, and mitigating data security risks. Leads the design, implementation, and management of data protection program and strategy, including data classification, encryption, data loss prevention (DLP), and secure data governance. Collaborates with cross-functional teams, including IT, compliance, and risk management, to establish a data security framework that aligns with business objectives and industry best practices. Responsibilities • Help establish and own Discount Tire Data Security Program. • Develop and lead the organization's data security strategy to ensure protection of sensitive, regulated, and proprietary data. • Implement data classification, data governance, and lifecycle management policies. • Ensure alignment with NIST CSF 2.0 and CIS TOP18 cybersecurity frameworks and data privacy regulations (CCPA and PCI DSS). • Plan and develop security measures to safeguard information against accidental or unauthorized modification, destruction, or disclosure. • Lead the deployment and management of Data Security tools (MS Purview, Cyera Omni DLP and Cyera DSPM), encryption, and tokenization solutions. • Monitor for data exfiltration, leakage, or unauthorized access across on-premises and cloud environments. • Partner with cloud security and infrastructure teams to ensure secure storage, transfer, and access to data. • Serve as the subject matter expert for data protection in support of internal and external audits. • Collaborate with compliance teams to maintain adherence to regulatory requirements and industry certifications. • Maintain records of data security incidents and oversee the investigation and remediation process. • Provide technical guidance and mentorship to cybersecurity analysts and engineers focusing on data security. • Partner with business units (Information Lifecycle Management - ILM) to integrate data security controls into projects and initiatives. • Conduct data security training and awareness sessions to reduce the risk of human error. • Performs other related responsibilities and special projects as assigned, which may include cross-functional initiatives, process improvements, or temporary assignments to support organizational goals and evolving business needs. • Architects, designs, implements, maintains and operates information system security controls and countermeasures. • Analyzes and recommends security controls and procedures in acquisition, development, and change management lifecycle of information systems, and monitors for compliance. • Analyzes and recommends security controls and procedures in business processes related to use of information systems and assets, and monitors for compliance. • Monitors information systems for security incidents and vulnerabilities; develops monitoring and visibility capabilities; reports on incidents, vulnerabilities, and trends. • Responds to information system security incidents, including investigation of, countermeasures to, and recovery from computer-based attacks, unauthorized access, and policy breaches; interacts and coordinates with third-party incident responders, including law enforcement. • Administers authentication and access controls, including provisioning, changes, and deprovisioning of user and system accounts, security/access roles, and access permissions to information assets. • Analyzes trends, news and changes in threat and compliance environment with respect to organizational risk; advises organization management and develops and executes plans for compliance and mitigation of risk; performs risk and compliance self-assessments and engages and coordinates third-party risk and compliance assessments. • Analyzes and develops information security governance, including organizational policies, procedures, standards, baselines and guidelines with respect to information security and use and operation of information systems. • Develops and administers, or provides advice, evaluation, and oversight for, information security training and awareness programs. • Coaches and mentors' level, I and II. • Other duties as assigned Requirements • This position requires a minimum of 5 years' experience in information security with a focus on data security or data protection. • Proven experience with DSPM and DLP, encryption technologies, data governance, and cloud security solutions. • Excellent communication and collaboration skills with the ability to influence technical and non-technical stakeholders. • Demonstrated ability to operate independently in a greenfield or rapidly maturing environment. • Proficiency with Microsoft Purview, Cyera DSPM and Cyera Omni DLP (or similar). • Experience with cloud data security controls in AWS and Azure environments. • Strong understanding of data privacy regulations and compliance frameworks. • Strategic thinking with a risk-based approach to data protection. • Strong problem-solving and incident response capabilities. • Effective communication and ability to influence stakeholders at all levels. • Detail-oriented with excellent organizational skills. • This position requires a minimum of 5 years progressively responsible information technology experience. • Minimum of 5 years hands-on experience with security tools including, but not limited to, reverse proxies, intrusion prevention, malware detection, and vulnerability management. Corporate retail experience is preferred. • Proven expertise with any combination of the following: secure coding, threat modeling, identity management and authentication, cryptography, penetration testing, authentication and security protocols, system administration and network security is necessary. • An understanding of Web services and experience with multiple programming languages (such as, JSON, Java, C++, Ruby, Python, Perl, etc.) is preferred. Expert knowledge of TCP/IP, common protocols and standards is necessary. • Demonstrated experience analyzing large data sets and unstructured data for the purpose of identifying trends and anomalies indicative of malicious activity, as well as demonstrated capability to learn and develop new techniques is crucial. • Proven ability to manage productive relationships with vendors and internal stakeholders. Ability to proactively educate stakeholders on security best practices. Expert ability to communicate across all levels of IT, present complex ideas concisely and clearly articulate technical ideas both verbally and in writing is necessary. • Intermediate skills with Microsoft office, including skills with Word, Excel, PowerPoint and Visio is necessary. • Ability to identify complex problems, review information to develop and evaluate options then recommend solutions is essential. • Expert collaboration, influencing and negotiation skills are required. • Able to work efficiently and accurately under pressure, meet deadlines, present a professional demeanor and work well independently is essential. • In addition, troubleshooting and organizational skills with a can-do attitude and the ability to adjust to changing requirements are essential • Superior customer service skills are essential including the ability to manage and respond to different customer situations while maintaining a positive and friendly attitude. • Maintaining confidentiality, treating others with respect and upholding Company values are key attributes. Nice-to-haves • Master's degree or MBA preferred. • Professional certifications are a plus. Preferred Certifications: CISSP, CISM, CCSP, or CDPSE (ISACA Data Privacy Solutions Engineer) • Corporate retail experience is preferred. Apply tot his job