Sr Director Data Protection

Exceed the expectations of our residential mortgage borrowers & business partners through superior service, simple processes, and effective communications.

We deliver on this mission by empowering our employees by encouraging and recognizing superior performance and innovative solutions, by promoting teamwork and divisional cooperation.
 

The Sr Director Data Protection is a senior leader within the Cyber Defense organization responsible for defining, executing, and maturing the enterprise Data Loss Prevention (DLP) strategy across traditional, cloud, and emerging technology environments. This role oversees all aspects of data protection policy development, technology architecture, operational monitoring, and incident response as it relates to sensitive data.

This leader will drive a holistic data protection program aligned to regulatory requirements (GLBA, NYDFS, CCPA, SOX), support enterprise AI/ML adoption, guide secure data handling within container and serverless platforms, and partner closely with engineering, cloud, architecture, legal, compliance, fraud, and business units to ensure data is protected wherever it resides or moves.

Essential Functions, Duties, and Responsibilities

• Strategic Leadership & Program Ownership
  • Define and own the enterprise Data Protection & DLP strategy, roadmap, and maturity targets across endpoints, cloud services, email, network, SaaS, and data center environments.
  • Establish a unified framework for data classification, handling standards, and protection controls across the lifecycle of sensitive/regulated data.
  • Collaborate with enterprise architecture, engineering, cloud, data, and application security to embed data protection-by-design across initiatives, including AI/ML and containerized workloads.
  • Partner with the Chief Data Office and Privacy teams on data governance integration and enterprise data hygiene improvements.
• DLP Operations & Technology Management
  • Lead day-to-day operations for enterprise DLP platforms (endpoint, cloud/SaaS, network, email, CASB, DSPM) ensuring high accuracy and low business friction.
  • Expand DLP capabilities to protect emerging workloads including:
    • AI systems & copilots (prompt risk, data exposure, model leakage prevention)
    • Containerized and microservice architectures (Kubernetes, serverless, API-driven controls)
    • Multi-cloud infrastructure (Azure primary, AWS secondary)

• Ensure consistent tuning, rule optimization, detection refinement, and incident management across all platforms.

• Risk, Compliance & Incident Response
  • Ensure adherence to GLBA, NYDFS, SOX, CCPA, and other state or federal data protection requirements.
  • Lead investigations and incident response for DLP events, data leakage, policy violations, insider threat-related data movement, and third-party exposure.
  • Provide reporting and metrics to senior leadership, audit, and regulators; drive continuous improvement across detection, response, and prevention capabilities.
  • Leadership & Cross-Functional Collaboration
  • Manage a team of managers, analysts, and engineers responsible for DLP engineering, operations, and analytics.
  • Develop a high-performance culture rooted in collaboration, accountability, and proactive risk reduction.
  • Work closely with Legal, Compliance, Chief Data Office, Privacy, Fraud, Cloud Engineering, Infrastructure, and Cyber Defense teams to align on data protection objectives and shared responsibilities.
  • Provide executive-level communication on program health, risks, and investment needs.
• Emerging Technology & Innovation
  • Evaluate and adopt modern data protection technologies including DSPM, DDEM, AI governance tools, secret scanning, and data lineage platforms.
  • Partner with AI/ML stakeholders to establish secure patterns for prompt engineering, model access, training data handling, and LLM governance.
  • Guide the integration of data protection controls into DevOps workflows for container and microservices ecosystems.

• Ability to effectively and accurately convey information to others.
• Performs related duties as assigned by management.

Qualifications and Education Requirements

Required

• Bachelor’s degree in Information Technology, or a related field.
• 8-10 years of cybersecurity leadership experience, with 5+ years overseeing enterprise DLP or data protection programs.
• Deep expertise in DLP technologies (e.g., Microsoft Purview DLP, Skyhigh/McAfee, Symantec/Broadcom, Netskope, CASB, DSPM).
• Strong understanding of cloud security (Azure required; AWS/Azure hybrid a plus).
• Experience securing AI workloads, copilot platforms, generative AI, or similar emerging data-intensive technologies.

• Experience with containerized environments (Kubernetes, Docker) and data controls for microservice architectures.
• Familiarity with GLBA, NYDFS, CCPA, SOX, state breach notification laws, and general U.S. privacy requirements.
• Demonstrated ability to influence senior leadership and drive cross-functional alignment.
• Strong analytical, communication, and executive presentation skills.

Preferred

• Experience in financial services, fintech, mortgage, or other highly regulated industries.
• Knowledge of insider threat programs and UEBA integrations (e.g., Exabeam).
• Experience implementing DSPM or AI risk governance frameworks.
• Relevant certifications: CISSP, CISM, CCSP, CDPSE, or similar.

Skills, Abilities, and Knowledge

• Strong verbal communication skills; strong writing and composition abilities.
• Strong interpersonal skills with the ability to develop and maintain effective and professional relationships across the organization.
• Strong influencing and negotiation skills; consultative and collaborative work style.
• High learning agility with the ability to learn and integrate business variables and learn new systems and platforms.
• Strong analytical skills & problem-solving abilities; solid decision-making abilities coupled with sound judgment.
• Effective at managing multiple priorities under tight deadlines in a fast-paced, dynamic environment.
• Strong project management and time management capability.
• Self-directed and comfortable working with ambiguity and uncertainty.
• High degree of professional maturity, integrity, ability to maintain confidential data and information.
• High degree of business acumen; strong technical aptitude.

Work Environment and Physical Requirements

• Working on-site at assigned office location.
• Regular and punctual attendance adhering to schedule established by leadership.
• Flexibility to work occasional adjusted work schedules, overtime, and evening and/or weekend hours to meet deadlines or as business needs demand.
• Working in a cubicle hub, maintaining focus on phone calls in a noisy environment within earshot of multiple other conversations.
• Sedentary work in a stationary position at a cubicle for prolonged periods of time.
• Constant repetitive motions required for operating a computer, such as typing and managing phone calls.
• Constantly communicating effectively verbally in English, including accurately exchanging information with others following identification of correct procedures.

Additional Information:

While this description is intended to be an accurate reflection of the position’s requirements, it in no way implies/states that these are the only job responsibilities. Management reserves the right to modify, add or remove duties and request other duties, as necessary.

All employees are required to have smart phones that meet Company security standards with the ability to install apps such as Okta Verify and Microsoft Authenticator. Employment will be contingent on this requirement.

Company Benefits:

Newrez is a great place to work but we are only as strong as our greatest asset, our employees, so we believe in rewarding them!

• Medical, dental, and vision insurance

• Health Savings Account with employer contribution

• 401(k) Retirement plan with employer match

• Paid Maternity Leave/Parental Bonding Leave

• Pet insurance

• Adoption Assistance

• Tuition reimbursement

• Employee Loan Program

• The Newrez Employee Emergency and Disaster Fund is a new program to support our team members

Newrez NOW:

• Our Corporate Social Responsibility program, Newrez NOW, empowers employees to become leaders in their communities through a robust program that includes volunteering, philanthropy, nonprofit grants, and more

• 1 Volunteer Time Off (VTO) day, company-paid volunteer day where all eligible employees may participate in a volunteer event with a nonprofit of their choice

• Employee Matching Gifts Program: We will match monetary employee donations to eligible non-profit organizations, dollar-for-dollar, up to $1,000 per employee

• Newrez Grants Program: Newrez hosts a giving portal where we provide employees an abundance of resources to search for an opportunity to donate their time or monetary contributions

Equal Employment Opportunity 
We're proud to be an equal opportunity employer- and celebrate our employees' differences, including race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, and Veteran status. Different makes us better.

CA Privacy Policy

CA Notice at Collection