As an InfoSec Security Engineer (Data Security), you will support and enhance First American's existing Data Security processes, standards, and tools across the enterprise. You will work with the Data Security team to reduce the risk for the organization by securing data through detection of sensitive data, classifying and labeling detected data, and applying encryption or other security controls to protect and ensure appropriate access to and use of sensitive data to fully comply with all applicable laws and regulatory guidance. Additionally, you will work with internal information security and business groups to identify opportunities for continuous improvement and maturity of the Data Security function.

You will be joining a team that is looking to mature the tools and technology that is being utilized, as well as the end-to-end data remediation processes. Under the leadership of the manager, you would help develop programs to further secure our sensitive information in both structured and unstructured data environments.

HOW YOU'LL CONTRIBUTE:

• Under general supervision, oversee small to medium scale projects or phases of a larger project. Such initiatives include expanding the use of Microsoft 365 Information Protection (MIP) and Purview Data Loss Prevention (DLP) for cloud-based collaboration services.
• Participate in identifying business process requirements and related business/application solutions for a specific business need, for example, remediation of an audit finding or enhancing our data security capabilities.
• Identify/receive problem, research alternatives, prepare presentations, drive solutions, tests to confirm and gain consensus, and implement solutions for defined business processes.
• Generate and create reports; research and analyze data and report trends to management/business partner-metrics such as user adoption/labeling activity, high risk users/business units, or risk exposure/risk remediation.
• Assist with the creation, maintenance, and updates of Data Security process documents, including Data Remediation, sensitivity labeling, and process/workflows with ServiceNow integration.
• Interface with Business Units and data stewards to support Data Security initiatives across the enterprise.
• Responding in a timely manner as a subject matter expert to questions from end users and business stakeholders by sharing accurate information about data security policies, standards, and business processes.
• Support the team with resolution of alerts triggered by the automated detection of sensitive information stored as unstructured data residing on the First American network.
• Anticipate, identify, and escalate appropriate issues to Manager/Director.
• Keep abreast of industry advancements and incorporate that knowledge into daily work activities.
• Participate in evaluation and selection of new technology.

WHAT YOU'LL BRING:

• Bachelor's Degree or equivalent experience
• Minimum 5 years of relevant work experience in Information Security, IT Risk Management
• Experience working in enterprise-sized environments is desirable

KNOWLEDGE, SKILLS & TECHNOLOGY

• M365 EMS E5 stack of online services, including but not limited to, Purview DLP, Microsoft Information Protection (MIP), and how these interact with Exchange, SharePoint, OneDrive, and Microsoft Defender (Cloud Apps & Endpoint)
• Extensive experience working with Microsoft technologies and infrastructure, with an emphasis on Active Directory/AAD
• Working knowledge of IT and Information Security control standards and frameworks (CIS, NIST, ISO27001, etc.) as well as financial services regulatory requirements (CCPA, PCI-DSS, etc.)
• Familiarity with RegEx formulas, Sensitive Information Types (SITs), NPI/PI
• Team player with positive energy and good customer service skills
• Ability to work independently, demonstrates initiative, and is a self-starter
• Understanding of modern cyber security methodologies and protocols
• Excellent verbal and written communication skills
• Experience in documenting processes, technical writing, and flow charts
• Manage multiple initiatives simultaneously, with strong ability to prioritize
• Customer focused in the context of balancing risk reduction with business needs
• High attention to detail to manage, analyze and finalize artifacts and documents
• Highly flexible, adapting to changes in priorities and requirements
• Ability to quickly learn, communicate and apply technical concepts
• Demonstrated judgement in effectively dealing with highly sensitive information

This role is hybrid 2 days per week onsite in Santa Ana, CA.

For out of area applicants, we are open to remote for the right candidate.

Pay Range: $87,950- $162,360 Annually

This hiring range is a reasonable estimate of the base pay range for this position at the time of posting. Pay is based on a number of factors which may include job-related knowledge, skills, experience, business requirements and geographic location.

#LI-BR1