Senior Data Protection Governance Analyst

dards and governance.

Pay and Benefits:

• Competitive compensation, including base pay and annual incentive

• Comprehensive health and life insurance and well-being benefits, based on location

• Pension / Retirement benefits

• Paid Time Off and Personal/Family Care, and other leaves of absence when needed to support your physical, financial, and emotional well-being.

• DTCC offers a flexible/hybrid model of 3 days onsite and 2 days remote (onsite Tuesdays, Wednesdays and a third day unique to each team or employee).

The Impact You Will Have in This Role

The Senior Data Protection Analyst plays a critical role in ensuring the governance, measurement, and defensibility of DTCC's Data Protection Program. This role sits within the first line of defense, ensuring that management reporting, audit evidence, and risk narratives accurately reflect how data protection controls operate in practice.

While this role does not configure technical tools, it requires a strong working understanding of technical data protection controls, enabling the analyst to confidently articulate control intent, coverage, limitations, and effectiveness to internal stakeholders, auditors, and regulators.

The Senior Analyst partners closely with Data Protection Engineering and Operations, as well as second-line Risk Management and Internal Audit, to ensure the data protection program remains transparent, consistent, and regulator-ready as it scales across DLP, DSPM, CASB, and AI-driven data protection capabilities.

Your Primary Responsibilities:

Data Protection Program Governance

• Own day-to-day governance activities for the Data Protection Program, ensuring alignment with DTCC control standards, regulatory expectations, and enterprise risk frameworks.

• Maintain authoritative program artifacts, including:

  • Control inventories and control mappings
  • Operating procedures and governance documentation
  • Centralized repositories for evidence and program records

• Manage policy review cycles, control attestations, and exception tracking related to data protection obligations.

Operational Procedures & Runbooks

• Develop, maintain, and govern standard operating procedures (SOPs) and runbooks supporting data protection activities, including:

  • Alert triage and escalation
  • Exception handling and approvals
  • Remediation tracking and validation

• Ensure procedures are current, consistently applied, and aligned with how controls operate in production.

• Coordinate updates following control changes, incidents, or audit findings.

Exception & Issue Management

• Own centralized tracking of data protection exceptions, issues, and management actions arising from:

  • Operational constraints
  • Business requests
  • Audit or regulatory findings

• Manage exception intake, documentation, approvals, and periodic review to ensure items remain time-bound and risk-appropriate.

• Validate remediation actions with Engineering and Operations teams and track issues through closure.

Audit & Evidence Pack Development

• Serve as a primary first-line coordinator for data protection-related audits and reviews.

• Develop and maintain audit-ready evidence packs, including:

  • Control design descriptions
  • Operating procedures
  • Metrics and effectiveness evidence
  • Exception and remediation records

• Ensure evidence is complete, consistent, version-controlled, and defensible.

Metrics, Reporting & Risk Articulation

• Own production of operational, management-level, and executive-level reporting on data protection effectiveness and risk posture.

• Translate technical control signals (e.g., detections, coverage, exceptions) into clear, decision-useful risk narratives.

• Ensure metrics are consistent, repeatable, and aligned to enterprise data risk reporting standards.

Audit, Risk & Regulatory Engagement

• Serve as a first-line point of contact for Internal Audit, second-line Risk, and regulatory examinations related to data protection.

• Coordinate collection, validation, and presentation of audit-quality evidence.

• Track audit issues, management actions, and remediation commitments through to closure.

Cross-Functional Coordination

• Act as a governance liaison across:

  • Data Protection Engineering & Operations (first line)
  • Data Risk Management and Technology Risk (second line)
  • Privacy, Legal, and Cyber Governance teams

• Ensure alignment between technical protection outcomes and broader enterprise data risk narratives

Program Maturity & Continuous Improvement

• Identify opportunities to strengthen governance processes, reporting quality, and evidence consistency.

• Support scaling of governance as new capabilities are introduced (e.g., expanded DSPM coverage, AI data controls).

• Contribute to improving regulator and auditor understanding of modern, data-centric protection models.

Technical Control Understanding & Oversight

• Maintain a strong working understanding of:
  • Data Loss Prevention (DLP) across email, endpoint, web, SaaS, and AI environments
  • Data classification and labeling models
  • Data Security Posture Management (DSPM)
  • CASB and AI proxy enforcement patterns
• Partner with Engineering and Operations teams to:

  • Understand control intent, dependencies, and limitations

  • Validate that reporting reflects real-world control behavior

  • Identify gaps between control design, deployment, and outcomes

Qualifications

• 5-8+ years of experience in cybersecurity governance, technology risk, compliance, audit support, or data protection programs within a regulated environment.

• Bachelor's degree preferred or equivalent practical experience

Talents Needed for Success

• Demonstrates a strong commitment to integrity, transparency, and accountability in all aspects of work.

• Proven ability to understand, govern, and effectively challenge technical security controls without serving in a direct hands-on engineering capacity.

• Strong analytical, documentation, and executive-level communication skills, with the ability to distill complex technical concepts into clear, decision-ready narratives.

• Experienced in engaging with Internal Audit, second-line risk functions, and/or regulatory stakeholders.

• Maintains current knowledge of data protection, security governance, and evolving risk and regulatory expectations.

• Builds and sustains trusted partnerships across engineering, risk, compliance, and governance teams.

• Communicates clearly and confidently with both technical and non-technical stakeholders.

• Contributes to a collaborative, high-trust working environment that encourages openness and shared responsibility.

The salary range is indicative for roles at the same level within DTCC across all US locations. Actual salary is determined based on the role, location, individual experience, skills, and other considerations. We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, sex, gender, gender expression, sexual orientation, age, marital status, veteran status, or disability status. We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.

About Us

With over 50 years of experience, DTCC is the premier post-trade market infrastructure for the global financial services industry. From 20 locations around the world, DTCC, through its subsidiaries, automates, centralizes, and standardizes the processing of financial transactions, mitigating risk, increasing transparency, enhancing performance and driving efficiency for thousands of broker/dealers, custodian banks and asset managers. Industry owned and governed, the firm innovates purposefully, simplifying the complexities of clearing, settlement, asset servicing, transaction processing, trade reporting and data services across asset classes, bringing enhanced resilience and soundness to existing financial markets while advancing the digital asset ecosystem. In 2024, DTCC's subsidiaries processed securities transactions valued at U.S. $3.7 quadrillion and its depository subsidiary provided custody and asset servicing for securities issues from over 150 countries and territories valued at U.S. $99 trillion. DTCC's Global Trade Repository service, through locally registered, licensed, or approved trade repositories, processes more than 25 billion messages annually. To learn more, please visit us at https://www.dtcc.com or connect with us on LinkedIn , X , YouTube , Facebook and Instagram .

DTCC proudly supports Flexible Work Arrangements favoring openness and gives people freedom to do their jobs well, by encouraging diverse opinions and emphasizing teamwork. When you join our team, you'll have an opportunity to make meaningful contributions at a company that is recognized as a thought leader in both the financial services and technology industries. A DTCC career is more than a good way to earn a living. It's the chance to make a difference at a company that's truly one of a kind.

Learn more about Clearance and Settlement by clicking here .

About the Team

Serves as a dedicated technology resource for advancing DTCC's business opportunities and providing industry thought leadership for leveraging new technology. The goal of this new department is to partner internally with IT, our business and regulatory divisions and externally with clients, regulators, and fintech vendors, to help build new platforms and business models to advance DTCC's mission to support the financial markets.