IT Manager Data Protection, Hybrid

OVERVIEW

Live the experience. From professional empowerment to continual learning opportunities. From ongoing investment in new and emerging technologies to a career of self-determination. At Ulta Beauty, our tech team is critical to our scalability-and is recognized that way. We've been defined as a "mature start-up." A place where interdepartmental exposure, open doors, and genuine collaboration is ubiquitous. Where challenges come fast and furious, requiring agility, mental dexterity, and creativity. Where our passion for better solutions drives us and is core to who we are.

We're engineering for the future of retail, and it's no-holds-barred. But for those motivated by continual change and ambiguity, by superior leadership, by whip smart colleagues who will press you daily for your very best, you'll find that virtually nothing's impossible at Ulta Beauty.

THE IMPACT YOU CAN HAVE:

Data Protection IT Manager is responsible for building the data protection strategy and managing the data protection program. Develop and maintain data protection policies and procedures; undertake routine data protection control monitoring and awareness. Provide demonstrable assurance that data protection controls are operating effectively. Lead and assist as needed on regulatory projects to ensure compliance with regulations.

Advice IT project teams to ensure data protection controls are being implemented and followed. Identify enterprise solutions tools and processes for data protection initiatives. Educate end users on best practices for data protection.

YOU'LL ACCOMPLISH THESE GOALS BY:

• Information Management: Drafts and maintains the policy, standards, and procedures for compliance with relevant legislation. Assesses the implications of information, both internal and external, that can be mined from business systems and elsewhere and makes business decisions based on that information, including the need to make changes to systems. Reviews proposals for new initiatives and provides specialist advice on information management,

• Information security: Directs the development, implementation, delivery, and support of an enterprise information security strategy aligned to the strategic requirements of the business. Ensures compliance between business strategies and information security and leads the provision of information security resources expertise, guidance, and systems necessary to execute strategic and operational plans across all of the organization's information systems.

• Relationship management: Develops long-term, strategic relationships with senior stakeholders. Facilitates open communication and discussion between stakeholders, acting as a single point of contact by developing, maintaining, and working to stakeholder engagement data protection strategies and plans. Negotiates with stakeholders at senior levels and ensures that organizational data protection policy and strategies are adhered to.

• Innovation: Manages, monitors, and seeks, opportunities, new methods, trends, capabilities, and products to the advancement of the organization. Clearly articulates, and formally reports potential benefits from both structural and incremental change.

• Business process improvement: Advises on significant enterprise level improvements and measurable business benefits by identifying, proposing, initiating, and leading significant programs of improvement. Champions a culture of continuous improvement.

ESSENTIALS FOR SUCCESS:

Data Protection:

• Build and execute on the data protection strategy (e.g., risk-based application inventory, data classification, access, encryption controls, data loss monitoring etc.).

• Develop and improve the data protection policies and standards to manage data risks.

• Establish program for documenting and monitoring data security controls to ensure safeguards are appropriate.

• Enhance and maintain data classification standards, data mappings on how data

Is processed, stored, shared, and accessed across the organization.

• Educate and raise awareness to end users on best practices for data protection.

• Partner with key business units in proactively identifying security risks and building solutions, controls, and processes for data protection program.

• Perform privacy and security impact assessments for business and IT Projects.

• Establish and report relevant metrics and KPIs to communicate status, demonstrate progress of the data protection strategy.

• Assist legal and procurement in reviewing and advising on the contract language pertaining to data protection controls as needed.

Security Advising:

• Interface with IT and business units to implement data protection safeguards.

• Work with enterprise architecture team in identifying enterprise solutions, tools for data protection initiatives.

SPECIAL POSITION REQUIREMENTS

• 8+ years of experience in implementing and advising projects on data protection controls across the enterprise.

• Proficient knowledge of data protection laws and awareness of relevant guidelines

• Experience in developing data protection policies and standards

• Developed business process flows to identify confidential data.

• Has experience in socializing data protection awareness across the organization.

• Assisted in identifying solutions and tools for data protection initiatives.

• Demonstrate a working knowledge of NIST, ISO 27001 or ISO 27018, SOC security and privacy principles and provide practical examples of their application across the technical domain.

• Knowledge of IT security and privacy risks and best practice controls across multiple technologies and processes

• Experience performing IT security and privacy risk assessments / audits, using defined risk management approaches and processes.

• Excellent communication skills; feels comfortable working with non-technical business partners.

• Highly motivate, proactive and ability to work independently.

• Excellent interpersonal skills and the ability to interact well with both internal and external stakeholders.

• Able to prioritize and execute tasks in a high-pressure environment.

Preferred Qualifications:

• Bachelor's degree in computer science, a related field, or applicable work experience
• CISSP, CISM, CIPT, CIPP or other officially recognized certification would be desirable.

ABOUT

At Ulta Beauty (NASDAQ: ULTA), the possibilities are beautiful. Ulta Beauty is the largest North American beauty retailer and the premier beauty destination for cosmetics, fragrance, skin care products, hair care products and salon services. We bring possibilities to life through the power of beauty each and every day in our stores and online with more than 25,000 products from approximately 500 well-established and emerging beauty brands across all categories and price points, including Ulta Beauty's own private label. Ulta Beauty also offers a full-service salon in every store featuring-hair, skin, brow, and make-up services.

We will consider for employment all qualified applicants, including those with arrest records, conviction records, or other criminal histories, in a manner consistent with the requirements of any applicable state and local laws, including the City of Los Angeles' Fair Chance Initiative for Hiring Ordinance, the San Francisco Fair Chance Ordinance, and the New York City Fair Chance Act.