Senior Director Data Protection

## Exceed the expectations of our residential mortgage borrowers & business partners through superior service, simple processes, and effective communications.## We deliver on this mission by empowering our employees by encouraging and recognizing superior performance and innovative solutions, by promoting teamwork and divisional cooperation.
** POSITION SUMMARY
** The Sr Director Data Protection is a senior leader within the Cyber Defense organization responsible for defining, executing, and maturing the enterprise Data Loss Prevention (DLP) strategy across traditional, cloud, and emerging technology environments. This role oversees all aspects of data protection policy development, technology architecture, operational monitoring, and incident response as it relates to sensitive data.

This leader will drive a holistic data protection program aligned to regulatory requirements (GLBA, NYDFS, CCPA, SOX), support enterprise AI/ML adoption, guide secure data handling within container and serverless platforms, and partner closely with engineering, cloud, architecture, legal, compliance, fraud, and business units to ensure data is protected wherever it resides or moves.
** DESCRIPTION
* *** Essential Functions, Duties, and Responsibilities
*** Strategic Leadership & Program Ownership  + Define and own the enterprise Data Protection & DLP strategy, roadmap, and maturity targets across endpoints, cloud services, email, network, SaaS, and data center environments.  + Establish a unified framework for data classification, handling standards, and protection controls across the lifecycle of sensitive/regulated data.  + Collaborate with enterprise architecture, engineering, cloud, data, and application security to embed data protection-by-design across initiatives, including AI/ML and containerized workloads.  

+ Partner with the Chief Data Office and Privacy teams on data governance integration and enterprise data hygiene improvements.
* DLP Operations & Technology Management  + Lead day-to-day operations for enterprise DLP platforms (endpoint, cloud/SaaS, network, email, CASB, DSPM) ensuring high accuracy and low business friction.  + Expand DLP capabilities to protect emerging workloads including:
- AI systems & copilots (prompt risk, data exposure, model leakage prevention)    - Containerized and microservice architectures (Kubernetes, serverless, API-driven controls)    - Multi-cloud infrastructure (Azure primary, AWS secondary)
* Ensure consistent tuning, rule optimization, detection refinement, and incident management across all platforms.
* Risk, Compliance & Incident Response  + Ensure adherence to GLBA, NYDFS, SOX, CCPA, and other state or federal data protection requirements.  + Lead investigations and incident response for DLP events, data leakage, policy violations, insider threat-related data movement, and third-party exposure.  + Provide reporting and metrics to senior leadership, audit, and regulators; drive continuous improvement across detection, response, and prevention capabilities.  

+ Leadership & Cross-Functional Collaboration  + Manage a team of managers, analysts, and engineers responsible for DLP engineering, operations, and analytics.  + Develop a high-performance culture rooted in collaboration, accountability, and proactive risk reduction.  + Work closely with Legal, Compliance, Chief Data Office, Privacy, Fraud, Cloud Engineering, Infrastructure, and Cyber Defense teams to align on data protection objectives and shared responsibilities.  

+ Provide executive-level communication on program health, risks, and investment needs.
* Emerging Technology & Innovation  + Evaluate and adopt modern data protection technologies including DSPM, DDEM, AI governance tools, secret scanning, and data lineage platforms.  + Partner with AI/ML stakeholders to establish secure patterns for prompt engineering, model access, training data handling, and LLM governance.  + Guide the integration of data protection controls into Dev Ops workflows for container and microservices ecosystems.
* Ability to effectively and accurately convey information to others.
* Performs related duties as assigned by management.
** Qualifications and Education Requirements
**** Required
* ** Bachelor’s degree in Information Technology, or a related field.
* 8-10 years of cybersecurity leadership experience, with 5+ years overseeing enterprise DLP or data protection programs.
* Deep expertise in DLP technologies (e.g., Microsoft Purview DLP, Skyhigh/McAfee, Symantec/Broadcom, Netskope, CASB, DSPM).
* Strong understanding of cloud security (Azure required; AWS/Azure hybrid a plus).
* Experience securing AI workloads, copilot platforms, generative AI, or similar emerging data-intensive technologies.
* Experience with containerized environments (Kubernetes, Docker) and data controls for microservice architectures.
* Familiarity with GLBA, NYDFS, CCPA, SOX, state breach notification laws, and general U.S. privacy requirements.
* Demonstrated ability to influence…