Are you ready to make an impact at DTCC?
Do you want to work on innovative projects, collaborate with a dynamic and supportive team, and receive investment in your professional development? At DTCC, we are at the forefront of innovation in the financial markets. We are committed to helping our employees grow and succeed. We believe that you have the skills and drive to make a real impact. We foster a thriving internal community and are committed to creating a workplace that looks like the world that we serve.
The Information Technology group delivers secure, reliable technology solutions that enable DTCC to be the trusted infrastructure of the global capital markets. The team delivers high-quality information through activities that include development of essential, building infrastructure capabilities to meet client needs and implementing data standards and governance.
Pay and Benefits:
- Competitive compensation, including base pay and annual incentive
- Comprehensive health and life insurance and well-being benefits, based on location
- Pension / Retirement benefits
- Paid Time Off and Personal/Family Care, and other leaves of absence when needed to support your physical, financial, and emotional well-being.
- DTCC offers a flexible/hybrid model of 3 days onsite and 2 days remote (onsite Tuesdays, Wednesdays and a third day unique to each team or employee).
The Impact You Will Have in This Role
The Senior Data Protection Analyst plays a critical role in ensuring the governance, measurement, and defensibility of DTCC’s Data Protection Program. This role sits within the first line of defense, ensuring that management reporting, audit evidence, and risk narratives accurately reflect how data protection controls operate in practice.
While this role does not configure technical tools, it requires a strong working understanding of technical data protection controls, enabling the analyst to confidently articulate control intent, coverage, limitations, and effectiveness to internal stakeholders, auditors, and regulators.
The Senior Analyst partners closely with Data Protection Engineering and Operations, as well as second-line Risk Management and Internal Audit, to ensure the data protection program remains transparent, consistent, and regulator‑ready as it scales across DLP, DSPM, CASB, and AI‑driven data protection capabilities.
Your Primary Responsibilities:
Data Protection Program Governance
- Own day‑to‑day governance activities for the Data Protection Program, ensuring alignment with DTCC control standards, regulatory expectations, and enterprise risk frameworks.
- Maintain authoritative program artifacts, including:
- Control inventories and control mappings
- Operating procedures and governance documentation
- Centralized repositories for evidence and program records
- Manage policy review cycles, control attestations, and exception tracking related to data protection obligations.
Operational Procedures & Runbooks
- Develop, maintain, and govern standard operating procedures (SOPs) and runbooks supporting data protection activities, including:
- Alert triage and escalation
- Exception handling and approvals
- Remediation tracking and validation
- Ensure procedures are current, consistently applied, and aligned with how controls operate in production.
- Coordinate updates following control changes, incidents, or audit findings.
Exception & Issue Management
- Own centralized tracking of data protection exceptions, issues, and management actions arising from:
- Operational constraints
- Business requests
- Audit or regulatory findings
- Manage exception intake, documentation, approvals, and periodic review to ensure items remain time‑bound and risk‑appropriate.
- Validate remediation actions with Engineering and Operations teams and track issues through closure.
Audit & Evidence Pack Development
- Serve as a primary first‑line coordinator for data protection‑related audits and reviews.
- Develop and maintain audit‑ready evidence packs, including:
- Control design descriptions
- Operating procedures
- Metrics and effectiveness evidence
- Exception and remediation records
- Ensure evidence is complete, consistent, version‑controlled, and defensible.
Metrics, Reporting & Risk Articulation
- Own production of operational, management‑level, and executive‑level reporting on data protection effectiveness and risk posture.
- Translate technical control signals (e.g., detections, coverage, exceptions) into clear, decision‑useful risk narratives.
- Ensure metrics are consistent, repeatable, and aligned to enterprise data risk reporting standards.
Audit, Risk & Regulatory Engagement
- Serve as a first‑line point of contact for Internal Audit, second‑line Risk, and regulatory examinations related to data protection.
- Coordinate collection, validation, and presentation of audit‑quality evidence.
- Track audit issues, management actions, and remediation commitments through to closure.
Cross‑Functional Coordination
- Act as a governance liaison across:
- Data Protection Engineering & Operations (first line)
- Data Risk Management and Technology Risk (second line)
- Privacy, Legal, and Cyber Governance teams
- Ensure alignment between technical protection outcomes and broader enterprise data risk narratives
Program Maturity & Continuous Improvement
- Identify opportunities to strengthen governance processes, reporting quality, and evidence consistency.
- Support scaling of governance as new capabilities are introduced (e.g., expanded DSPM coverage, AI data controls).
- Contribute to improving regulator and auditor understanding of modern, data‑centric protection models.
Technical Control Understanding & Oversight
- Maintain a strong working understanding of:
- Data Loss Prevention (DLP) across email, endpoint, web, SaaS, and AI environments
- Data classification and labeling models
- Data Security Posture Management (DSPM)
- CASB and AI proxy enforcement patterns
- Partner with Engineering and Operations teams to:
- Understand control intent, dependencies, and limitations
- Validate that reporting reflects real‑world control behavior
- Identify gaps between control design, deployment, and outcomes
Qualifications
- 5–8+ years of experience in cybersecurity governance, technology risk, compliance, audit support, or data protection programs within a regulated environment.
- Bachelor’s degree preferred or equivalent practical experience
Talents Needed for Success
- Demonstrates a strong commitment to integrity, transparency, and accountability in all aspects of work.
- Proven ability to understand, govern, and effectively challenge technical security controls without serving in a direct hands‑on engineering capacity.
- Strong analytical, documentation, and executive‑level communication skills, with the ability to distill complex technical concepts into clear, decision‑ready narratives.
- Experienced in engaging with Internal Audit, second‑line risk functions, and/or regulatory stakeholders.
- Maintains current knowledge of data protection, security governance, and evolving risk and regulatory expectations.
- Builds and sustains trusted partnerships across engineering, risk, compliance, and governance teams.
- Communicates clearly and confidently with both technical and non‑technical stakeholders.
- Contributes to a collaborative, high‑trust working environment that encourages openness and shared responsibility.
The salary range is indicative for roles at the same level within DTCC across all US locations. Actual salary is determined based on the role, location, individual experience, skills, and other considerations. We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, sex, gender, gender expression, sexual orientation, age, marital status, veteran status, or disability status. We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.
