The Information Security Risk Management (ISRM) group protects the information assets of Thomson Reuters through managing risk, deploying effective security risk framework and ensuring regulatory compliance.
The Lead Information Security Analyst – DLP will sit within the Data Loss Protection (DLP) Operations group which is part of the Information Security Risk Management group. The DLP Operations group provides oversight to the Data Leakage Protection (DLP) Program and processes. The group is also the focal point within the DLP Program for the DLP Governance Group and is the key relationship manager between the Managed Security Service Provider (MSSP) and the ISRM Strategic Business Unit (SBU) Leads.
This is accomplished through the following responsibilities:
- Management of the DLP rule lifecycle processes
- Working internally and with external consultants to undertake business analysis for new rules for both Cloud Access Security Broker(s) + Internal DLP tools
- Lead and Facilitate discussions with the DLP Governance group re approval of new rules and other DLP events.
- Creating, testing of DLP rules prior to full deployment
- Management of review and retirement of existing rules
- Lead testing teams in the translation of requirements into test cases
- Manage Data Loss events
- Working with data owners and the DLP Governance Group to undertake 3rd level triage of DLP events
- Working with the SBU Leads to track remediation of Broken Business Processes
- Program governance and oversight
- Own the overall DLP documentation is maintained, accurately and regularly reviewed
- Drives creation of process documents, functional requirements and validations of solutions
- Management of the DLP service, including entitlement reviews, target deployment lists AD groups and training for participants
- Promoting the DLP Program throughout the Thomson Reuters campus
- Manage the preparation and maintenance of metrics
- BS/BA degree in Computer Science/ Information Technology/ Information Security or related field or equivalent work experience
- Minimum of 3 years experience within either Risk Management or Technology. Ideally with an emphasis on IT Information Security, business applications, and security best practices.
- Experience with Cloud Access Security Brokers, their implementation and management.
- Experience with DLP tools, such as Symantec, Trend, and or McAfee
- Strong oral and written communication skills with ability to understand technology sufficiently to clearly communicate the complexity in simple terms for key stakeholders
- Detail oriented, with proven ability to mobilize and energize cross-functional teams to implement solutions and complete tasks.
- Demonstrated success participating in complex technology projects with an emphasis on high customer satisfaction
- Demonstrated Customer service supporting the overall customer experience.
- Ability to build relationships and influence all levels within an organization
- Certification such as CISSP andor CISACISM a plus
At Thomson Reuters, we believe what we do matters. We are passionate about our work, inspired by the impact it has on our business and our customers. As a team, we believe in winning as one – collaborating to reach shared goals, and developing through challenging and meaningful experiences. With more than 45,000 employees in more than 100 countries, we work flexibly across boundaries and realize innovations that help shape industries around the world. Making this happen is a dynamic, evolving process, and we count on each employee to be a catalyst in driving our performance – and their own.