Principal Data Protection Analyst

Get to know Okta

Okta is The World’s Identity Company, dedicated to freeing everyone to safely use any technology, anywhere, on any device or app. Through our flexible and neutral products, Okta Platform and Auth0 Platform, we provide secure access, authentication, and automation, placing identity at the core of business security and growth.

At Okta, we value diverse perspectives and experiences. We seek lifelong learners who can enhance our team with their unique backgrounds.

Join our team and help us build a world where Identity truly belongs to you.

Security Governance | Principal Data Protection Analyst

Become a part of Okta's dynamic and forward-thinking Governance, Risk, and Compliance (GRC) organization, focused on building a best-in-class, cutting-edge governance program. As a foundational element of GRC, the Security Governance team ensures documentation, policy adherence, and advisory support to drive secure operations and position Okta as a global leader in security best practices.

We are seeking a dedicated and detail-oriented Principal Data Protection Analyst to join our team. The ideal candidate will be instrumental in driving Okta’s internal data security strategy and enhancing capabilities for safeguarding sensitive information across the company.

The Principal Data Protection Analyst will serve as the business owner of Okta’s data protection tool suite. This role involves envisioning, implementing, and maturing data security strategies across Okta, encompassing the enforcement of data retention policies, authoring and implementing data encryption and obfuscation minimums, establishing secure key management best practices, uplifting data handling controls and safeguards, and automating security workflows. This position demands a high level of technical expertise and deep experience with data security applications and services, including Okta, Crowdstrike, and Palo Alto Networks. You will collaborate closely with a wide array of internal stakeholders, such as Data Loss Prevention (DLP) Engineering, Defensive Cyber Operations, Defensive Cyber Engineering, and Legal, as well as technology and cloud support teams. A thorough understanding of DLP technologies like data security posture management (DSPM), endpoint detection and response (EDR), and cloud access security broker (CASB), alongside significant working experience in the data security and protection domain, is essential.

The successful candidate will demonstrate experience operating in a mature security control environment, possess a strong background in managing mature data security and privacy functions in corporate settings, and have a proven track record of successfully implementing complex projects within cross-collaborative teams. The ideal Principal Data Protection Analyst will identify and drive appropriate data security strategies to mitigate Okta’s key security risks, including recommending enhancements such as compensating controls and other preventative measures.

You will be highly familiar with security compliance frameworks (e.g., NIST, ISO, PCI) and competent in summarizing complex scenarios for management review. If you are a self-starter eager to make a significant impact within a global cloud security company, we invite you to help us lead the way.

Qualifications

• Bachelor’s degree in Information Security, Computer Science, or a related field
• 10+ years of experience in information security with a focus on data security and privacy
• Strong understanding of data protection principles and technologies
• Experience with network security, endpoint security, and cloud security solutions
• Certifications such as CISSP, CISA, CISM, or CDPSE are preferred
• Demonstrated experience working in commercial security roles aligned with security compliance frameworks (e.g., NIST, ISO, PCI)
• Experience in building productive relationships and driving collaboration with both technical and non-technical teams
• Clear ability to communicate desired business outcomes and requirements to technologists building solutions
• Ability to operate effectively in a remote environment
• Self-starting, self-motivated, self-directed, and self-sufficient

Responsibilities

• Serve as the business owner of Okta’s data protection tool suite
• Evaluate and implement security tools and services
• Design, establish, and implement the strategy for a multi-year data security maturity roadmap
• Identify patterns and trends in data loss incidents to enhance preventative and detective measures
• Collaborate with the Cyber Defense Team and Technology, Data & Intelligence (TDI) Team to realize data security controls within Okta’s data security technology stack
• Oversee and manage the development, implementation, and uplift of DLP rules
• Work closely with technology teams, Legal, Compliance, and other business units to ensure the execution of comprehensive data protection strategies
• Provide clear and concise reports and documentation on data loss incidents and resolutions
• Ability to manage complex projects, including identifying dependencies and evaluating impact

Must Haves

• Deep understanding of data security, data protection, and data privacy workstreams and related tooling (DSPM, DLP, CASB, etc.)
• Demonstrated experience managing projects and data security tool implementations at a large/comparably sized company, ideally in a regulated industry; and/or Big 4 candidates with related engagement experience
• Strong security background; security certification preferred (e.g., CISA, CISM, CISSP, CDPSE)
• Bachelor’s degree or higher in cybersecurity or a related technical focus area and/or equivalent practical experience
• Strategic thinker with strong analytical and critical thinking skills
• Experience managing small teams and/or more junior team members is strongly preferred

Key skills/competency

• Data protection
• Security governance
• Risk management
• Compliance frameworks
• DLP technologies
• DSPM solutions
• CASB solutions
• Project management
• Technical expertise
• Stakeholder collaboration