Sr Cybersecurity Engineer (DLP)

At Moody's, we unite the brightest minds to turn today’s risks into tomorrow’s opportunities. We do this by striving to create an inclusive environment where everyone feels welcome to be who they are-with the freedom to exchange ideas, think innovatively, and listen to each other and customers in meaningful ways. 

If you are excited about this opportunity but do not meet every single requirement, please apply! You still may be a great fit for this role or other open roles. We are seeking candidates who model our values: invest in every relationship, lead with curiosity, champion diverse perspectives, turn inputs into actions, and uphold trust through integrity. 

Skills and Competencies

* Minimum 3 years of experience in IT industry, preferably in a financial services or consulting organization.
* Experience with enterprise security software including data security, information security, digital rights management (DRM), encryption, key management, access control, cloud security and PKI technologies.
* Operational expertise in deploying data protection technologies.
* Experience with scripting using RESTful API, PowerShell and Python, VBA, RegEx and other rule build tools.
* Understanding of enterprise services such as firewalls, IDS/IPS, networks and endpoint security.
* Experience with Data Loss Prevention technologies like Symantec DLP, Microsoft O365 DLP, Cloud Access Security Brokers (CASB), etc.
* Experience with User Behavior Analytics tools.
* Experience working with response teams for security/DLP investigations.
* Knowledge of evolving DLP landscape and vision for future developments.
* Knowledge of regulatory standards (SOX, PCI, and state and federal privacy laws) and best practice standards (ISO, NIST and SANS) governing Information Security.
* Knowledge of and experience with current and emerging data loss prevention tools and methodologies.
* Ability to work in a high performing, motivated team and adapt to changing priorities.
* Process-driven approach to managing security controls and customer touchpoints.
* Attention to detail with effective analytical and problem-solving aptitude.
* Strong written and oral communication, and presentation skills.
* Relevant certifications such as CISSP, CISM, are a plus but not required.

Education
Bachelor’s degree and 4+ years of related experience. Four additional years of relevant work experience may substitute for a degree.

Responsibilities
The candidate will have a strong background in Data Loss Prevention (DLP), DLP risks, DLP technical controls, DLP technologies, security best practices standards (ISO, NIST), and audit and regulatory frameworks.

The candidate will execute the DLP program, implementing, monitoring, and providing analytics for a Cloud Access Security Broker and integrating the CASB solution with existing or new DLP capabilities

* Support DLP Programme in designing, implementing and maintaining data security solutions and mitigating potential threats of data compromise.
* Review and analyze complex data and information to provide insights, conclusions, and actionable recommendations.
* Provides direction and guidance on reports and analyses and ensures recommendations are aligned with business needs and capabilities.
* Develop and support data classification policies and strategies for addressing data encryption requirements, including DRM and advanced data protection techniques, such as data masking, tokenization, P2P encryption, etc.
* Evaluate existing technologies with the wider Moody’s InfoRisk Department, including developing technical requirements, evaluating solutions and developing architecture and design documents for data protection and data security solutions.
* Act as a primary point of contact for vendor support, managing escalated issues and ensuring timely resolution.
* Analyze cloud user traffic, identify anomalous activity and specify areas to strengthen protection of cloud data and applications.
* Partner with InfoRisk and other infrastructure technology teams to establish and define CASB-related parameters to be configured across the enterprise
* Document, maintain and manage DLP (Host, Network and Cloud) existing capability, software, and tools.
* Collaborate with internal infrastructure teams to resolve escalated support issues
* Collaborate with key stakeholders, including IT compliance and business units, to understand their needs and ensure that DLP and CASB solutions align with business requirements
* Work with internal and external resources to ensure technical rules, alerting thresholds, and response activities are effective.
* Coordinate resilience, disaster recovery, and effectiveness testing for DLP processes and technologies

About the team
Our Information Risk & Security Function provides technology solutions for Moody's Investors Service, Moody's Shared Services and Moody’s Analytics. By joining our team, you will be part of exciting work in The organization is going through an exciting period of growth and opportunity as we embark on a corporate-wide Transformation program and partner with the business to drive revenue growth, efficiency, risk management, and expansion of our client base via new solutions and application modernization.

Moody’s is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability, protected veteran status, sexual orientation, gender expression, gender identity or any other characteristic protected by law.

Candidates for Moody's Corporation may be asked to disclose securities holdings pursuant to Moody’s Policy for Securities Trading and the requirements of the position. Employment is contingent upon compliance with the Policy, including remediation of positions in those holdings as necessary.