Lead Data Security Engineer, Information Security
Lowe's
- Charlotte, NC
- Permanent
- Full-time
- Lead the discovery process to identify data security risks, vulnerabilities, and compliance requirements across the organization.
- Design and implement a robust data security program encompassing use case identification, customer-managed encryption keys (CMEK), and sensitive data protection mechanisms.
- Develop and implement data security policies, standards, and procedures in alignment with industry best practices and regulatory requirements.
- Collaborate with cross-functional teams to integrate data security controls into existing systems, applications, and workflows.
- Design and implement security monitoring and incident response mechanisms to detect, respond to, and mitigate data security incidents in a timely manner.
- Provide technical expertise and guidance to internal teams on data security best practices, encryption technologies, and secure development methodologies.
- Stay abreast of emerging threats, vulnerabilities, and technologies in the field of data security, and recommend proactive measures to mitigate risks and enhance security posture.
- Participate in vendor evaluations and selection processes to procure security tools, technologies, and services that support the data security program.
- Serve as a subject matter expert on data security matters, representing the organization in industry forums, conferences, and working groups.
- Bachelor's degree in Computer Science, Information Security, or a related field; advanced degree preferred.
- Proven experience 7+ years in data security engineering, with a focus on designing and implementing enterprise-wide security programs.
- Strong understanding of data security principles, encryption technologies, and regulatory requirements (e.g., GDPR, CCPA, HIPAA).
- Hands-on experience with data security tools and technologies, such as encryption, data loss prevention (DLP), hardware security modules, and managing a hybrid environment inclusive of public cloud, private cloud, and traditional on-prem.
- Proficiency in programming and scripting languages (e.g., Python, Java, PowerShell) for automation and tool development.
- Excellent analytical and problem-solving skills, with the ability to assess complex security issues and develop effective solutions.
- Strong communication skills, with the ability to convey technical concepts to non-technical stakeholders and influence decision-making at all levels of the organization.
- Relevant certifications (e.g., CISSP, CISM, etc.) are a plus.
- Bachelor's Degree in Computer Science, CIS, Engineering, Cybersecurity, or a related field (or equivalent work or military experience in a related field).
- 7 Years of experience in technology system support, software development, or a related field
- 5 Years of experience with information security applications and systems
- 4 years of experience evaluating complex application and hosting environments to identify potential weaknesses and provide remediation plans to reduce risk.
- 5 Years of experience designing complex application and infrastructure systems.
- Masters Degree in Computer Science, CIS, Business Administration, or related field
- 6 years of experience working on project(s) involving the implementation of solutions applying development life cycles (SDLC)
- 3 Years of DevOps experience
- 1 Year of experience with Cloud technologies
- 4 Years of experience designing application pipelines with secure configuration parameters to remove or reduce known threat vectors.
- 5 Years of experience working with diverse application and infrastructure environments to identify and provide technical guidance on threat reduction at both the application and supporting infrastructure layer.
- Relevant information security certifications (e.g., CISSP, CISM, CEH, PCI ISA, CRISC, CISA, OSCP, GPen).
- Advanced understanding of information security practices and policies.
- 6 Years of IT experience developing and implementing business systems within an organization.
- 6 Years of experience working with defect or incident tracking software.
- 6 Years of experience writing technical documentation in a software development environment.
- 4 Years of experience working with an IT Infrastructure Library (ITIL) framework.
- 4 Years of experience leading teams, with or without direct reports.
- 6 Years of experience working with source code control systems.
- Experience working with Continuous Integration/ Continuous Deployment tools.