Key skills
AzureSplunkSaaSChange ManagementCommunicationCollaboration
About this role
Humana Inc. is a leading U.S. healthcare company, and they are seeking a Cyber Data Protection Engineer to support the operation of enterprise Data Security and Data Loss Prevention (DLP) controls. The role involves providing operational support, managing compliance activities, and ensuring the effectiveness and reliability of DLP controls across various platforms.
Responsibilities:
- Provide day-to-day operational support for enterprise Data Security and DLP controls across email, endpoint, cloud, and collaboration platforms
- Monitor and respond to inquiries received through the Data Security mailbox, including questions related to DLP alerts, data classification, control behavior, and approved exception handling
- Research and analyze DLP alerts to support end-user inquiries, validate policy behavior, and determine appropriate response and follow-up actions
- Troubleshoot and explain DLP and data classification control behavior to technical and non-technical stakeholders and end-users
- Perform DLP control testing and validation to ensure controls are functioning as designed and aligned with policy intent
- Implement minor DLP control tuning activities, including rule refinements and approved TLS domain updates, following change management standards
- Provide DLP operational support for subsidiary organizations as needed
- Assess and manage intake of Data Security and DLP-related requests, including: Control Review Committee (CRC) requests, Incident (INC) tickets, Problem (PRB) tickets, Security investigation requests and inquiries
- Evaluate Data Security and DLP control exception requests using a risk-based approach and generate documented recommendations regarding approval, implementation, or denial
- Perform regular audits of approved control exceptions to validate continued business justification, adherence to exception conditions, and expiration timelines
- Evaluate SaaS and Shadow IT cloud application usage to identify potential data exposure risks and support governance or remediation activities
- Support Control Compliance Activities (CCA) and Control Self-Assessments (CSA), including response coordination, evidence collection, and remediation tracking
- Gather, validate, and provide audit evidence to support internal and external compliance assessments such as SOC 2, HITRUST, and NIST
- Manage and maintain the Data Security policy and control lifecycle, including documentation upkeep and control mapping to regulatory and framework requirements
- Review and ensure operational alignment with Humana policies and standards related to Data Security and information protection
- Develop, update, and maintain Data Security and DLP documentation, including process documents, procedures, SOPs, runbooks, wikis, and knowledge base articles
- Gather, compile, and report operational metrics related to DLP alerts, control exceptions, compliance activities, and control effectiveness
- Support Application & Enterprise Platform (AEP) readiness activities for managed Data Security and DLP tools and solutions
- Assist Team Leads and Senior Engineers with Data Security and DLP maturity initiatives, optimization efforts, and continuous improvement projects as needed
Requirements:
- Bachelor's degree in Computer Science, Information Security, or a related field, or equivalent practical experience
- Minimum of 3–5 years of experience in cybersecurity, data protection, or security operations roles within an enterprise environment
- Hands-on experience supporting Data Loss Prevention (DLP) or information protection tools in an operational, alert-driven environment
- Working knowledge of data classification, data handling, and information protection concepts
- Familiarity with regulatory requirements such as HIPAA‑HITECH, PCI‑DSS, GLBA, etc., and security, compliance, and privacy frameworks such as NIST, SOC2, and HITRUST
- Strong analytical and investigative skills with the ability to assess risk and make sound operational decisions
- Effective written and verbal communication skills, with the ability to work across technical and business teams
- Experience supporting compliance activities such as control assessments, evidence collection, and audit response
- Demonstrated ability to assess and improve process efficiency, including identifying operational gaps, reducing manual effort, and contributing to repeatable and scalable workflows
- Experience developing, updating, and maintaining process and procedure documentation, including SOPs, runbooks, knowledge base articles, and operational guidance
- Strong experience providing end-user assistance and support, including responding to inquiries, explaining security control behavior, and guiding users through data protection requirements
- Effective written and verbal communication skills, with the ability to collaborate across technical teams, compliance partners, and business users
- 3+ years of experience with enterprise DLP, Data Classification, and SIEM platforms such as: Microsoft Purview Data Loss Prevention and Information Protection, Microsoft Defender for Cloud Apps, Zscaler Data Loss Prevention and CASB, CrowdStrike Falcon Data Protection, ProofPoint DLP, Symantec DLP, Splunk, Google Chronicle, Azure Sentinel, Cyera, Netskope DLP
- Experience supporting regulated environments (healthcare, insurance, or financial services)
- Security-related certifications (e.g., Security+, CISSP, CISM) or progress toward certification