Senior Information Security Engineer (DLP/Microsoft 365)

Who We Are

Join a team that puts its People First! Since 1889, First American (NYSE: FAF) has held an unwavering belief in its people. They are passionate about what they do, and we are equally passionate about fostering an environment where all feel welcome, supported, and empowered to be innovative and reach their full potential. Our inclusive, people-first culture has earned our company numerous accolades, including being named to the Fortune 100 Best Companies to Work For® list for nine consecutive years. We have also earned awards as a best place to work for women, diversity and LGBTQ+ employees, and have been included on more than 50 regional best places to work lists. First American will always strive to be a great place to work, for all. For more information, please visit www.careers.firstam.com.

What We Do

As an InfoSec Security Engineer (Data Security), you will support and enhance First American’s existing Data Security processes, standards, and tools across the enterprise.  You will work with the Data Security team to reduce the risk for the organization by securing data through detection of sensitive data, classifying and labeling detected data, and applying encryption or other security controls to protect and ensure appropriate access to and use of sensitive data to fully comply with all applicable laws and regulatory guidance.  Additionally, you will work with internal information security and business groups to identify opportunities for continuous improvement and maturity of the Data Security function.

You will be joining a team that is looking to mature the tools and technology that is being utilized, as well as the end-to-end data remediation processes.  Under the leadership of the manager, you would help develop programs to further secure our sensitive information in both structured and unstructured data environments.

HOW YOU'LL CONTRIBUTE:

• Under general supervision, oversee small to medium scale projects or phases of a larger project.  Such initiatives include expanding the use of Microsoft 365 Information Protection (MIP) and Purview Data Loss Prevention (DLP) for cloud-based collaboration services.
• Participate in identifying business process requirements and related business/application solutions for a specific business need, for example, remediation of an audit finding or enhancing our data security capabilities.
• Identify/receive problem, research alternatives, prepare presentations, drive solutions, tests to confirm and gain consensus, and implement solutions for defined business processes.
• Generate and create reports; research and analyze data and report trends to management/business partner—metrics such as user adoption/labeling activity, high risk users/business units, or risk exposure/risk remediation.
• Assist with the creation, maintenance, and updates of Data Security process documents, including Data Remediation, sensitivity labeling, and process/workflows with ServiceNow integration.
• Interface with Business Units and data stewards to support Data Security initiatives across the enterprise.
• Responding in a timely manner as a subject matter expert to questions from end users and business stakeholders by sharing accurate information about data security policies, standards, and business processes.
• Support the team with resolution of alerts triggered by the automated detection of sensitive information stored as unstructured data residing on the First American network.
• Anticipate, identify, and escalate appropriate issues to Manager/Director.
• Keep abreast of industry advancements and incorporate that knowledge into daily work activities.
• Participate in evaluation and selection of new technology.

WHAT YOU'LL BRING:

• Bachelor’s Degree or equivalent experience
• Minimum 5 years of relevant work experience in Information Security, IT Risk Management
• Experience working in enterprise-sized environments is desirable

KNOWLEDGE, SKILLS & TECHNOLOGY

• M365 EMS E5 stack of online services, including but not limited to, Purview DLP, Microsoft Information Protection (MIP), and how these interact with Exchange, SharePoint, OneDrive, and Microsoft Defender (Cloud Apps & Endpoint)
• Extensive experience working with Microsoft technologies and infrastructure, with an emphasis on Active Directory/AAD
• Working knowledge of IT and Information Security control standards and frameworks (CIS, NIST, ISO27001, etc.) as well as financial services regulatory requirements (CCPA, PCI-DSS, etc.)
• Familiarity with RegEx formulas, Sensitive Information Types (SITs), NPI/PI
• Team player with positive energy and good customer service skills
• Ability to work independently, demonstrates initiative, and is a self-starter
• Understanding of modern cyber security methodologies and protocols
• Excellent verbal and written communication skills
• Experience in documenting processes, technical writing, and flow charts
• Manage multiple initiatives simultaneously, with strong ability to prioritize
• Customer focused in the context of balancing risk reduction with business needs
• High attention to detail to manage, analyze and finalize artifacts and documents
• Highly flexible, adapting to changes in priorities and requirements
• Ability to quickly learn, communicate and apply technical concepts
• Demonstrated judgement in effectively dealing with highly sensitive information

This role is hybrid 2 days per week onsite in Santa Ana, CA.

For out of area applicants, we are open to remote for the right candidate.

Pay Range: $87,950- $162,360 Annually

This hiring range is a reasonable estimate of the base pay range for this position at the time of posting.  Pay is based on a number of factors which may include job-related knowledge, skills, experience, business requirements and geographic location.

#LI-BR1

What We Offer

By choice, we don’t simply accept individuality – we embrace it, we support it, and we thrive on it! Our People First Culture celebrates diversity, equity and inclusion not simply because it’s the right thing to do, but also because it’s the key to our success. We are proud to foster an authentic and inclusive workplace For All. You are free and encouraged to bring your entire, unique self to work. First American is an equal opportunity employer in every sense of the term.

Based on eligibility, First American offers a comprehensive benefits package including medical, dental, vision, 401k, PTO/paid sick leave and other great benefits like an employee stock purchase plan.