Ulta Beauty is the largest specialty beauty retailer in the United States and the place for the true beauty enthusiast who gets butterflies as she shops for beauty and experiments throughout our store. We are the only one to provide our guests prestige, mass and salon products and services under one roof – All Things Beauty, All in One Place™. We put our guests at the center of all we do, committing to offer her unrivaled ways to be beautiful in an environment that provides the thrill of exploration and delight of discovery.

POSITION SUMMARY:

Data Protection IT Lead will assist in enhancing and executing data protection program. Develop and maintain data protection policies and procedures; undertake routine data protection control monitoring and awareness. Provide demonstrable assurance that data protection controls are operating effectively.  Lead and assist as needed on regulatory projects to ensure compliance with regulations.

Advice IT project teams to ensure data protection controls are being implemented and followed.   identify enterprise solutions tools and processes for data protection initiatives. Educate end users on best practices for data protection.

REQUIRED JOB SKILLS:

• Information Management: Drafts and maintains the policy, standards and procedures for compliance with relevant legislation. Assesses the implications of information, both internal and external, that can be mined from business systems and elsewhere and makes business decisions based on that information, including the need to make changes to systems. Reviews proposals for new initiatives and provides specialist advice on information management,

• Information security:  Develops and communicates corporate information security policy, standards and guidelines. Manages the provision of authoritative advice and guidance on the requirements for security controls in collaboration with experts in other functions e.g. legal, technical support. Ensures architectural principles are applied during design to reduce risk and drives adoption and adherence to policy, standards and guidelines.

• Relationship management:  Facilitates open communication and discussion between stakeholders, acting as a single point of contact by developing, maintaining and working to stakeholder engagement data protection strategies and plans.  Negotiates with stakeholders at senior levels and ensures that organizational data protection policy and strategies are adhered to.

• Innovation: Manages, monitors, and seeks, opportunities, new methods, trends, capabilities and products to the advancement of the organization. Clearly articulates, and formally reports potential benefits from both structural and incremental change.  

• Business process improvement: Analysis business processes; identifies alternative solutions, documents feasibility, and recommends new approaches.  Helps establish requirements for the implementation of changes in the business process.

         Data Protection:

• Enhance and execute on the data protection strategy (e.g. risk-based application inventory, data classification, access, encryption controls, data loss monitoring etc.).
• Develop and improve the data protection policies and standards to manage data risks.
• Establish program for documenting and monitoring data security controls to ensure safeguards are appropriate.
• Enhance and maintain data classification standards, data mappings on how data is processed, stored, shared and accessed across the organization.
• Educate and raise awareness to end users on best practices for data protection.
• Partner with key business units in proactively identifying security risks and building solutions, controls and processes for data protection program.
• Perform privacy and security impact assessments for business and IT Projects.
• Establish and report relevant metrics and KPIs to communicate status, demonstrate progress of the data protection strategy.
• Assist legal and procurement in reviewing and advising on the contract language pertaining to data protection controls as needed.

Security Advising:

• Interface with IT and business units to implement data protection safeguards.
• Work with enterprise architecture team in identifying enterprise solutions, tools for data protection initiatives.

Requirements

• 5+ years of experience in implementing and advising projects on data protection controls across the enterprise.
• Proficient knowledge of data protection laws and awareness of relevant guidelines
• Experience in developing data protection policies and standards
• Developed business process flows to identify confidential data.
• Has experience in socializing data protection awareness across the organization
• Assisted in identifying solutions and tools for data protection initiatives.
• Demonstrate a working knowledge of NIST, ISO 27001 or ISO 27018, SOC security and privacy principles and provide practical examples of their application across the technical domain.
• Knowledge of IT security and privacy risks and best practice controls across multiple technologies and processes
• Experience performing IT security and privacy risk assessments / audits, using defined risk management approaches and processes
• Excellent communication skills; feels comfortable working with non-technical business partners
• Highly motivate, proactive and ability to work independently
• Excellent interpersonal skills and the ability to interact well with both internal and external stakeholders
• Able to prioritize and execute tasks in a high-pressure environment
• Experience in cloud security assessments.

Preferred Qualifications:

• Bachelor’s degree in Computer Science, a related field, or applicable work experience
• CISSP, CISM, CIPT ,CIPP or other officially recognized certification would be desirable

#LI-68855203_DF1