Senior Analyst - Data Protection (Remote)

Join our Cybersecurity and Digital Risk (CDR) team to help us also lead the airline industry in cyber-safety. United’s CDR team is tasked with keeping our customers’ and employees’ information safe and secure. Our primary mission is to embed cybersecurity into the DNA of United Airlines by reducing business risk through implementation of strong cybersecurity standards.

Job overview and responsibilities

The Data Protection Senior Analyst is responsible for building, executing, and enhancing the Data Protection and Data Loss Prevention (DLP) program strategy and contributing to related cybersecurity initiatives. The Data Protection Senior Analyst works closely with Legal, HR, Business, Digital Technology, and other Cybersecurity associates and is part of a strategic and comprehensive cybersecurity team that is accountable for ensuring compliance in accordance with regulatory expectations, risk appetite, organizational risk practices, and evolving business needs.

• Lead the implementation of the Data Protection and DLP strategy and program.
• Develop and execute a comprehensive DLP program strategy, collaborating with Legal, HR, Business, Digital Technology, and other Cybersecurity teams.
• Strengthen governance by updating policies, defining sensitive information types, and creating clear data handling guidelines for employees.
• Design and implement a risk assessment framework targeting egress vectors to identify and mitigate risks effectively.
• Deploy DLP tools to prevent data exfiltration, establish defect management processes, and mitigate risks associated with sensitive data movement.
• Equip employees with tools and solutions to protect data, ensuring controls focus on the secure movement of sensitive information types.
• Work closely with internal stakeholders to evaluate potential compliance areas, identify gaps, and ensure full compliance with regulations.
• Interpret and apply relevant laws, regulations, policies, and related guidance to enhance processes, policies, standards, or programs in support of cybersecurity responsibilities.
• Facilitate discussions with business teams to educate them about applicable data protection requirements, including those relevant to cybersecurity controls.
• Coach team members.

• Bachelor’s degree required.
• 4+ years in a STEM-related field.
• Strong understanding of Data Protection standards, DLP best practices, and regulations (local, domestic, and global) to manage risks related to the use, processing, storage, and transmission of information or data.
• Experience developing and executing a Data Loss Prevention program strategy.
• Skill in communicating with all levels of management (e.g., interpersonal skills, approachability, effective listening skills, appropriate use of style and language for the audience).
• Ability to perform in a dynamic environment to strict deadlines, with the ability to address multiple activities concurrently.
• Hands-on experience with DLP and Data Protection tools, vendors, and product capabilities.
• Must be legally authorized to work in the United States for any employer without sponsorship.
• Successful completion of interview required to meet job qualification.
• Reliable, punctual attendance is an essential function of the position.

• Master's degree
• CISSP, CISA, CIPP, CIPT, or CISM
• Knowledge of computer networking concepts and protocols, and network security
• Knowledge of security engineering and architecture concepts
• Expertise in designing and implementing a risk assessment framework targeting egress vectors.
• Knowledge of cryptography and cryptographic key management concepts

Job post expiration 7/15/2025