Ulta Beauty is the largest specialty beauty retailer in the United States and the place for the true beauty enthusiast who gets butterflies as she shops for beauty and experiments throughout our store. We are the only one to provide our guests prestige, mass and salon products and services under one roof – All Things Beauty, All in One Place™. We put our guests at the center of all we do, committing to offer her unrivaled ways to be beautiful in an environment that provides the thrill of exploration and delight of discovery.

POSITION SUMMARY:

Data Protection Senior analyst will assist in establishing and executing data protection program. Assist in developing and maintaining data protection policies and procedures; undertake routine data protection control monitoring and awareness. Provide demonstrable assurance that data protection controls are operating effectively.  

Advice IT project teams to ensure data protection controls are being implemented and followed. Additionally, develop and implement data leakage prevention rules; identify enterprise solutions tools and processes for data protection initiatives.

REQUIRED JOB SKILLS:

• Information Management: Drafts and maintains the policy, standards and procedures for compliance with relevant legislation. Assesses the implications of information, both internal and external, that can be mined from business systems and elsewhere and makes business decisions based on that information, including the need to make changes to systems. Reviews proposals for new initiatives and provides specialist advice on information management,
• Information security: Contributes advice and guidance on security strategies to manage identified risks and ensure adoption and adherence to standards. Assesses and acts on vulnerability information and undertakes security risk assessments, business impact analysis and accreditation on complex information systems. Investigates major breaches of security and recommends appropriate control improvements. Contributes to development of information security policy, standards and guidelines.
• Relationship management:  Facilitates open communication and discussion between stakeholders, acting as a single point of contact by developing, maintaining and working to stakeholder engagement strategies and plans.  Negotiates with stakeholders at senior levels and ensures that organizational policy and strategies are adhered to.
• Innovation: Manages, monitors, and seeks, opportunities, new methods, trends, capabilities and products to the advancement of the organization. Clearly articulates, and formally reports potential benefits from both structural and incremental change.  
• Business process improvement: Analysis business processes; identifies alternative solutions, documents feasibility, and recommends new approaches.  Helps establish requirements for the implementation of changes in the business process.

PRINCIPAL DUTIES & RESPONSIBILITIES:

Data Protection:

• Assist in establishing and executing on the data protection strategy (e.g. risk-based application inventory, data classification, access and encryption controls, data loss monitoring etc.).
• Develop and improve the data protection policies and standards to manage data risks.
• Establish program for documenting and monitoring data security controls to ensure safeguards are appropriate.
• Document business process flows to have insight on where data resides, how it’s processed, stored, shared and accessed across the organization.
• Educate and raise awareness to end users on best practices for data protection.
• Partner with key business units in proactively identifying security risks and building solutions, controls and processes for data protection program.
• Perform privacy impact assessments for business and IT Projects.
• Establish and report relevant metrics and KPIs to communicate status, demonstrate progress of the data protection strategy.

Security Advising:

• Interface with IT and business units to implement data protection safeguards.
• Work with enterprise architecture team in identifying enterprise solutions, tools for data protection initiatives.  

Data Leakage Prevention

• Develop and maintain Data Leakage Prevention (DLP) rules to enhance data protection controls.
• Develop processes for enforcement and monitoring of data leakage violations.

Requirements

• Min. 5 years of experience in implementing and advising projects on data protection controls across the enterprise.
• Proficient knowledge of data protection laws and awareness of relevant guidelines
• Experience in implementing a data leakage prevention program.
• Experience in developing data protection policies and standards
• Developed business process flows to identify confidential data.
• Has experience in socializing data protection awareness across the organization
• Assisted in identifying solutions and tools for data protection initiatives.
• Demonstrate a working knowledge of NIST, ISO 27001 or ISO 27018, SOC security and privacy principles and provide practical examples of their application across the technical domain.
• Knowledge of IT security and privacy risks and best practice controls across multiple technologies and processes
• Experience performing IT security and privacy risk assessments / audits, using defined risk management approaches and processes
• Excellent communication skills; feels comfortable working with non-technical business partners
• Highly motivate, proactive and ability to work independently
• Excellent interpersonal skills and the ability to interact well with both internal and external stakeholders
• Able to prioritize and execute tasks in a high-pressure environment

Preferred Qualifications:

• Bachelor’s degree in Computer Science, a related field, or applicable work experience
• CISSP, CISM, CIPT ,CIPP or other officially recognized certification would be desirable