Senior Data Loss Prevention Associate

Avant is looking for a Data Loss Prevention Specialist (DLP). The DLP Associate is a practitioner responsible for securing and monitoring all data accessed, transmitted and stored throughout Avant and our third party partners.You have experience engaging throughout the entire data lifecycle, from inception through disposal, ensuring access to data is managed and maintained following Avant's security, engineering and governance principles. The DLP Associate works closely with business units and stakeholders to help with data access, ownership and enforcement of policies, rules and safeguards. The engineer works closely with IT team members, cybersecurity threat operations and third party risk. This DLP specialist must be technically proficient with data protection technologies, including data loss prevention (DLP), cloud access security broker (CASB), data classification, privacy, encryption and have a firm understanding of GRC principles.
This candidate will collaborate with technical and non-technical teams to design, implement and manage data protection processes that reduce risk from insider threats and data breaches while also ensuring fair use of data for Avant's customers. The role is expected to be knowledgeable about data storage and identity and access management, and adept at understanding security architecture. Advisement and validation of controls to ensure protection aligns with policies, procedures and risk oversight as well as support senior management to help maintain a safe and secure enterprise technical operation. Additionally, engineers work closely with incident response and security operations center (SOC) personnel when events and suspected incidents surface.
**This is a hybrid opportunity in Chicago**
What you do at Avant:

• Key member of the information security team working on identifying, establishing and maintaining data protection technical controls in context of business and regulatory needs..
• Work closely with security leadership, teammates and stakeholders to evaluate and implement data protection controls that align with organizational risk posture and regulatory compliance requirements.
• Support and maintain a wide range of data protection technologies, including but not limited to DLP, CASB, data classification, data governance and encryption systems across a variety of technology ecosystems.
• Familiar with cloud infrastructure and with applications required to support a dispersed remote workforce.
• Manage and test business rules protecting data, as well as the use and handling of data assets.
• Conduct data discovery to locate data at risk.
• Document data protection policy exceptions, and periodically review with business units.
• Make recommendations for improvements to ensure least privilege to data and rigorous security practices, without negatively impacting end-user experience or leading to employees attempting to circumvent controls.
• Execute tactical requests supporting the strategic vision for rigorous and scalable data protection controls.
• Maintain understanding of business processes to aid in managing enterprise data protection.
• Frequently interact with business units to understand their plans, risk posture and tolerance, and how to share responsibility and support their vision and business obligations securely.
• Implement data protection projects from inception to completion on time and within budget.
• Analyze systems and data sources for accidental, malicious and unauthorized activities that may jeopardize the security and privacy of protected data.
• Develop relationships with engineering, IT, CTOC, business and dev engineering team members.
• Perform other duties as assigned.

Why you are a fit for Avant:

• 3-5+ years' experience in security systems administration, with 2+ years' technical hands-on data protection practitioner experience.
• Familiarity with administering security controls, databases, role-based access, DLP, data classification and governance solutions.
• Strong understanding of data protection principles and control frameworks.
• Ideally familiar with regulatory requirements and laws, such as Payment Card Industry (PCI), Sarbanes-Oxley Act (SOX), California Consumer Privacy Act (CCPA) and Gramm-Leach-Bliley Act (GLBA). Additionally, experience in NIST Cybersecurity Framework (CSF) and NIST Privacy Framework.
• Preferably some basic experience with one or more scripting languages (e.g., Python, PowerShell and Bash).
• Track record of acting with integrity, taking pride in your work, seeking to excel, and being curious and flexible.
• Strong written and oral communication skills across varying levels of the organization.
• Highly organized with the ability to prioritize and complete tasks within defined SLAs.
• Excellent judgment and the ability to make quick decisions when working within complex situations
• One or more of CISSP, CIPP, CISA CRISC, CDPSE and GSEC is preferable, but not required

Check out our Avant Blog!
We believe that a diverse set of backgrounds and experiences helps us create the most innovative solutions for our customers. We invite you to apply to our positions even if you do not meet 100% of the qualifications listed in the description. If you're passionate about our mission and aligned to our values, we hope you'll come contribute to our awesome culture.
Why Avant is the place for you:
At Avant, we believe our values make a difference:
Authenticity. We show up to work as our whole selves and make sure others can too.
Collaboration. We can only succeed when we do so as a team.
Problem-Solving. The harder the problem, the more satisfying the solution.
Customer. We are all owners of the customer experience.
Initiative. Plan. Adapt. Get Sh!t Done.
We believe that great ideas come from anyone and anywhere, that everyone is an owner who drives change, and that we have more fun when we work together. We're problem solvers who love collaborating with intelligent and highly-motivated people to reshape the face of digital banking. Avant offers terrific perks and benefits, fun social events with employees who actually like hanging out together, and a flexible growth environment where trying your hand at new projects and being the active owner of your career path is encouraged and supported.
Some of our benefits include:

• Choice of great Medical, Dental, and Vision Insurance Plan options
• 401(k) Match
• Unlimited Paid Time Off
• Flexible Work Environment
• Generous Paid Parental Leave
• Lunch Allowance (Fooda) and In-office Snacks
• WFH Stipends for our Remote Employees
• Access to LinkedIn Learning for Professional Development
• No Meeting Wednesdays - (a.k.a. planned time to Get Sh!t Done)
• Summer Fridays
• Fun In-Office and Virtual Social Events
• And who doesn't love the swag

This position may require you to be fully vaccinated against COVID-19. If required, you'll be asked to provide proof that you're fully vaccinated upon your start date or before working in or visiting our Chicago office. You're considered fully vaccinated two weeks after you receive the second dose of a two-dose vaccine series (e.g., Pfizer or Moderna) or two weeks after a single-dose vaccine (e.g., Johnson & Johnson/Janssen). Failure to provide proof of vaccination may result in termination. Subject to applicable law and requests for accommodation.