Director Data Protection, Third Party & Privacy

Are you ready to make an impact at DTCC?

Do you want to work on innovative projects, collaborate with a dynamic and supportive team, and receive investment in your professional development? At DTCC, we are at the forefront of innovation in the financial markets. We are committed to helping our employees grow and succeed. We believe that you have the skills and drive to make a real impact. We foster a thriving internal community and are committed to creating a workplace that looks like the world that we serve.

The Information Technology group delivers secure, reliable technology solutions that enable DTCC to be the trusted infrastructure of the global capital markets. The team delivers high-quality information through activities that include development of essential, building infrastructure capabilities to meet client needs and implementing data standards and governance.

Pay and Benefits:

• Competitive compensation, including base pay and annual incentive
• Comprehensive health and life insurance and well-being benefits, based on location
• Pension / Retirement benefits
• Paid Time Off and Personal/Family Care, and other leaves of absence when needed to support your physical, financial, and emotional well-being.
• DTCC offers a flexible/hybrid model of 3 days onsite and 2 days remote (onsite Tuesdays, Wednesdays and a third day unique to each team or employee).

The Impact you will have in this role:

The Head of Data Protection will lead the execution of enterprise-wide data protection strategies in a highly regulated financial services environment. This leader will be responsible for preventing data leakage, implementing technical privacy controls, and securing data shared with third parties and service providers. This role ensures that the firm's most sensitive customer and financial data is safeguarded in compliance with regulatory obligations and internal risk tolerances.

Your Primary Responsibilities:

• Lead the design, deployment, and operations of DLP technologies across endpoint, email, web, and cloud.
• Continuously tune policies, rules, and thresholds to align with evolving insider threat patterns and business workflows.
• Partner with Insider Risk, SOC, and Legal to triage and investigate data movement alerts and incidents.
• Drive implementation of data classification, encryption, tokenization, and redaction technologies across the data lifecycle.
• Enforce technical safeguards aligned with GLBA, NYDFS Part 500, GDPR, CCPA, SOX, and PCI-DSS.
• Collaborate with Privacy, Legal, and Data Governance to ensure controls support data retention, residency, and subject rights.
• Oversee implementation of access controls, session monitoring, and data segmentation for external suppliers, fintech partners, and managed service providers.
• Collaborate with Vendor Risk Management and 2LOD functions to operationalize security requirements defined in contracts and due diligence assessments.
• Ensure compliance with NIST 800-161, FFIEC Guidance, and SEC third-party risk expectations.
• Develop and track KPIs for data protection control effectiveness and operational maturity.
• Lead remediation efforts for data-related security findings and audit observations.
• Serve as the accountable executive for data protection elements of cyber incident response.
• Mitigates risk by following established procedures, spotting key errors and demonstrating strong ethical behavior.

Qualifications:

• Minimum of 10 years of related experience
• Bachelor's degree preferred or equivalent experience

Talents Needed for Success:

• Bachelor's degree in Cybersecurity, Computer Science, Information Risk Management, or equivalent.
• 10+ years in information security or privacy, with 5+ years of leadership in a regulated industry.
• Strong hands-on experience with DLP technologies (e.g., Microsoft Purview, Symantec, Forcepoint), encryption platforms, and CASB/IRM solutions.
• Demonstrated success operating within a 3 Lines of Defense model, with clear understanding of the roles of Internal Audit and Enterprise Risk Management.
• Familiarity with frameworks such as NIST CSF, ISO/IEC 27001, 27701, and financial regulations such as GLBA, SEC cyber risk guidance, and NYDFS 500.

The salary range is indicative for roles at the same level within DTCC across all US locations. Actual salary is determined based on the role, location, individual experience, skills, and other considerations. We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, sex, gender, gender expression, sexual orientation, age, marital status, veteran status, or disability status. We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.