Job Description

At Zscaler, we’re committed to ensuring that all of our customers’ data is protected and that our work complies with data protection legislation. We’re seeking a data security officer to help improve our management of potentially sensitive information by leading technology and policy improvements as well as conducting regular internal security audits. The Data Security Architect will serve as the main point of contact between internal security, compliance, application engineering teams and data protection authorities. The ideal candidate will have excellent organizational, technical, communication, and management skills, along with an ability to lead training sessions and workshops for staff members. This individual will often be asked to independently identify policy, process, and technology gaps and lead all employees to promote data protection compliance within the organization.

Objectives of this role

• Serve as the main point of contact within the organization for staff members, compliance, product architecture & engineering teams, regulators, and relevant public authorities on issues related to data protection
• Evaluate the existing data classification and protection framework to identify gaps and remediate any issues
• Stay current on data security best practices and frameworks 
• Lead data discovery, classification and protection technical capabilities and improvements
• Identify ways to integrate and leverage new IT technologies and ZScaler product lines to assist in data security processes
• Work with engineering teams to ensure appropriate technical controls are leveraged consistently
• Evaluate new data security technologies to continue improving enterprise data security standards
• Develop an annual data security roadmap
• Maintain subject matter expertise in GDPR, HIPAA, CCPA, PIPEDA, APP, and other relevant data protection laws
• Maintain internal data protection frameworks with the assistance of legal and compliance teams to ensure alignment with data protection laws
• Participate in regular impact assessments to evaluate and advise on potential data security risks
• Develop role-specific data protection training plans for various staff members
• Inform and advise the data controller or data processor on all matters related to data protection
• Promote a culture of data protection across all units of the organization

Responsibilities

• Provide expert advice and educate employees on important data compliance requirements
• Draft new and amend existing internal data protection policies, guidelines, and procedures, in consultation with key stakeholders
• Continuously review and lead improvements for technical controls for both data discovery and protection
• Deliver training across all business units to staff members who are involved in data handling or processing
• Conduct audits to ensure compliance and to address potential issues
• Maintain records of all data processing activities of the company
• Serve as point of contact for data protection authorities

Qualifications

• Seven or more years of experience in related information security fields
• Three or more years of experience in data protection compliance or related field
• Expertise in data protection laws and practices, including deep understanding of GDPR, HIPAA and other regulatory requirements
• Proven ability to diagnose and troubleshoot technical issues in various data discovery and data protection technologies
• Experience in a legal, audit, or risk management role 
• Demonstrated experience of being a data security and data protection leader in managing and growing a security operations center competency for the organization.
• Strong project management skills
• Ability to work effectively under pressure and to manage sensitive and confidential information
• Excellent verbal and written communication skills, with strong attention to detail