The purpose of this position is to provide leadership in managing and leveraging Stanley Black & Decker’s investment in data loss prevention technologies. It must be able to demonstrate value to the business by showing a steady reduction in policy violations – thereby reducing overall risk to the business by protecting sensitive / proprietary information.
• Manage the DLP infrastructure – including the management server, Oracle server, and the monitoring servers. Ensure that all DLP infrastructure is kept up and running and that the DLP software is kept up to date.
• Monitor policy violations and report incidents to business process owners.
• Adjust policies to reduce the number of false-positives that a policy might produce.
• Create reports showing policy violations and deliver them to business process owners.
• Working with business process owners, develop remediation strategies to eliminate violations.
• Develop ongoing communications/education programs, targeted to employees, to reduce PII violations.
• Assist with security assessments for acquired companies as well as SBDK internal resources.
• Assist with the support and management of the web content filtering services – ie: Scansafe / anyconnect.
• Assist with the support and management of our event log management services – ie: AlertLogic
• Assist with the support and management of our user account management services – ie: MS FIM
• Expert knowledge in DLP techniques and technologies.
• Expert knowledge in compliance regulations such as SOX, HIPPA, PCI, and PII – both domestic and international.
• Must be able to work independently, must be self-motivated, and demonstrate initiative.
• Must have strong project planning/execution skills, verbal and written communications skills required.
• Must be able to work with all levels within the organization – from senior management to individual contributors.
• Working knowledge of vulnerability assessment tools like Rapid7’s Nexpose or similar products
• Working knowledge of Microsoft Forefront Identity Manager or similar Identity and access management solutions.
• Working knowledge of internet mail and the SMTP protocol and SSL/TLS.
• Working knowledge of Microsoft Exchange 2003and 2007.
• Working knowledge of Microsoft Active Directory, Windows 2003, Windows 2007. Windows XP, and Windows7 OS’s.
• Working knowledge of LDAP v3.0, including schema, editing tools, scripting tools, and export/import tools.
• Working knowledge of TCP/IP protocols, down to the packet level.
• Working knowledge of MS Outlook 2003 and Outlook 2007 including the configuration of LAN attached clients and mobile clients.
• 5 years of experience in an IT security role with practical experience in manage key components of an IT security infrastructure.
• BS degree in Information Technology or a related field and at least one IT security certification like the CISSP.
Since 1843, we’ve set the standard for excellence in everything we do. No company on earth has a stronger or more compelling history...