Job Specifications
Get to know Okta
Okta is The World’s Identity Company. We free everyone to safely use any technology, anywhere, on any device or app. Our flexible and neutral products, Okta Platform and Auth0 Platform, provide secure access, authentication, and automation, placing identity at the core of business security and growth.
At Okta, we celebrate a variety of perspectives and experiences. We are not looking for someone who checks every single box - we’re looking for lifelong learners and people who can make us better with their unique experiences.
Join our team! We’re building a world where Identity belongs to you.
Security Governance | Job Description | Principal Data Protection Analyst
If you want to be a part of a dynamic, forward-thinking Governance, Risk and Compliance organization focused on building a best-in-class, cutting edge governance program, come join the Security Governance Team at Okta. As a critical foundation of GRC, the Security Governance team’s mission is to provide the documentation, policy adherence, and advisory backbone needed to drive secure operations and behaviors at Okta and position the company as a global leader in security best practices. We are seeking a dedicated and detail-oriented Principal Data Protection Analyst to join our team. The ideal candidate will drive Okta’s internal data security strategy and uplift capabilities for safeguarding sensitive information throughout the company.
The Principal Data Protection Analyst will be the business owner of Okta’s data protection tool suite and will be responsible for envisioning, implementing, and maturing data security strategies across Okta, including enforcement of data retention, authoring and implementing data encryption and obfuscation minimums, establishing secure key management best practices, uplifting data handling controls and safeguards, and automating security workflows. This role demands a high level of technical expertise and deep experience with data security applications and services, such as Okta, Crowdstrike, and Palo Alto Networks. This role will work closely with a wide array of internal stakeholders, such as Data Loss Prevention (DLP) Engineering, Defensive Cyber Operations, Defensive Cyber Engineering, and Legal, as well as technology and cloud support teams. This role requires a thorough understanding of DLP technologies such as data security posture management (DSPM), endpoint detection and response (EDR), and cloud access security broker (CASB) as well as significant working experience in the data security and protection domain.
The right candidate will have experience operating in a mature security control environment, will have a strong background in managing mature data security and privacy functions in corporate settings, and will possess a proven track record of successfully implementing complex projects in cross-collaborative teams. The ideal Principal Data Protection Analyst will be able to identify and drive appropriate data security strategy that mitigates Okta’s key security risks, including recommending enhancements such as compensating controls and other preventative measures.
The Principal Data Protection Analyst will have strong familiarity with security compliance frameworks (e.g., NIST, ISO, PCI) and will be competent in summarizing complex scenarios for management review. If you are a self-starter who wants to make a difference in a global cloud security company, come help us lead the way.
Qualifications
Bachelor’s degree in Information Security, Computer Science, or equivalent experience
10+ years of experience in information security with a focus on data security and privacy
Strong understanding of data protection principles and technologies
Experience with network security, endpoint security, and cloud security solutions
Certifications such as CISSP, CISA, CISM, or CDPSE are preferred
Demonstrated experience working in commercial security roles aligned with security compliance frameworks (e.g., NIST, ISO, PCI)
Experience in building productive relationships and driving collaboration with both technical and non-technical teams
Clear ability to communicate the desired business outcomes and requirements to technologists building solutions
Ability to operate effectively in a remote environment
Self-starting, self-motivated, self-directed, and self-sufficient
Responsibilities
Serve as the business owner of Okta’s data protection tool suite
Evaluation and implementation of security tools and services
Design, establish, and implement the strategy for a multi-year data security maturity roadmap
Identify patterns and trends in data loss incidents to enhance preventative and detective measures
Collaborate with the Cyber Defense Team and Technology, Data & Intelligence (TDI) Team to realize data security controls within Okta’s data security technology stack
Oversee and manage the development, implementation, and uplift of DLP rules
Work closely with technology teams, Legal, Compliance,