Data Security Specialist / Data Security Analyst

Job Description

Job-Specific Skills

The Data Security & Privacy Specialist is responsible for managing and protecting enterprise data across systems, ensuring compliance with privacy policies and security standards. This role involves implementing technical controls, conducting risk assessments, and collaborating with stakeholders to maintain a robust data protection framework.

Key Responsibilities

Facilitate workshops with stakeholders to identify data domains, critical data elements (CDEs), owners / stewards, and associated business processes.

Build, maintain, and update the data inventory / catalog, including systems, datasets, flows, and lineage.

Define and operationalize data taxonomy (classification levels, handling rules) and ensure labels propagate across systems.

Perform data discovery and gap assessments to locate sensitive data (e.g., PII, SPI) and reconcile scan results with the catalog.

Translate privacy and policy requirements into technical and administrative controls (access models, masking, retention, encryption) and maintain control mappings.

Design and enforce access control models (least privilege, RBAC / ABAC, purpose-based access) including periodic access reviews.

Establish data protection baselines for storage, transfer, and processing (encryption, key hygiene, segregation).

Configure and tune DLP and egress policies across endpoints, email, web / cloud, and storage systems while reducing false positives.

Implement data masking / tokenization strategies for production, analytics, and non-production environments; manage detokenization approvals.

Define and monitor security telemetry (authentication, data access, key usage, admin events) and create detections for anomalous activity.

Lead or assist in data-related incident response, including scoping, containment, evidence handling, root cause analysis, corrective actions, and lessons learned.

Implement retention and disposal controls, align backups / archives with policy, and verify secure deletion.

Assess third-party and SaaS data risks, review contracts / DPAs, and track remediation with vendors and owners.

Produce dashboards and KPIs / KRIs (coverage, data classification completeness, DLP precision, access review closure, incident MTTR).

Develop and maintain documentation, training materials, playbooks, runbooks, and provide regular briefings to stakeholders.

Requirements

Minimum Qualifications

Bachelor’s degree in Computer Science, Information Security, IT, or equivalent hands-on experience.

Relevant certifications such as ISO / IEC 27701 Lead Implementer / Auditor, CISSP, CIPM, or other applicable certifications.

Clear written and verbal communication skills.

Minimum Experience

4+ years of experience in information security, with at least 2 years focused on data security and privacy, including :

Data discovery, classification / taxonomy

Data Loss Prevention (DLP), masking / tokenization

Data retention / disposal

Data Protection Impact Assessments (DPIA / PIA)

Records of Processing Activities (RoPA)

Submission date : Please submit CV's on or before 02nd December 2025.