Staff Data Security Engineer
You desire impactful work.
You’re RGA ready
RGA is a purpose-driven organization working to solve today’s challenges through innovation and collaboration. A Fortune 200 Company and listed among its World’s Most Admired Companies, we’re the only global reinsurance company to focus primarily on life- and health-related solutions. Join our multinational team of intelligent, motivated, and collaborative people, and help us make financial protection accessible to all.
The Staff Data Security Engineer will drive the design and implementation of enterprise data protection capabilities across Microsoft 365, endpoints, and cloud platforms. This position will play a key role in protecting sensitive data across its full lifecycle, discovering, classifying, and securing data while reducing enterprise risk. You will work across multiple technologies and teams to ensure data security controls are scalable, actionable, and aligned to business and regulatory requirements. The Staff Data Security Engineer will work cross-functionally with IT, Legal, Compliance, and business stakeholders to ensure sensitive data is identified, classified, and protected across all endpoints, cloud workloads, and collaboration platforms.
Principle Duties
Design, deploy, and tune DLP policies across Microsoft Purview DLP, covering Exchange Online, SharePoint, Teams, OneDrive, and endpoint devices
Configure and manage labeling policies, trainable classifiers, and exact data match (EDM) for sensitive data types
Integrate DLP capabilities with the Defender suite. Configure and manage Microsoft Defender for Endpoint and its Endpoint DLP component to monitor and control data on client devices.
Leverage Microsoft Defender for Cloud Apps (MDCAS) for cloud-based DLP and real-time monitoring of SaaS applications.
Configure data connectors and analytic rules in Sentinel for DLP alerts and email security events.
Monitor DLP incidents, conduct root-cause analysis, and drive policy refinement to reduce false positives while maintaining coverage
Extend DLP coverage beyond Microsoft 365 to third-party SaaS platforms, on-premises systems, and network egress points to reduce unauthorized data access and exfiltration
Collaborate with stakeholders to develop data handling standards and acceptable use policies and establish consistent policy frameworks, enforcement models, and automation for data protection
Create and maintain technical documentation, runbooks, and Standard Operating Procedures (SOPs) for the Data Security program.
Build automation and scalable processes to reduce manual effort
Data Security Posture Management (DSPM)
Deploy and manage DSPM tooling to provide continuous visibility into sensitive data discovery, risk exposure, and access patterns
Leverage Varonis for data access governance, entitlement reviews, and detection of abnormal data access behaviors across file shares, SharePoint, and cloud storage
Conduct regular data risk assessments, identify overexposed sensitive data, and drive remediation with data owners
Integrate DSPM findings into broader risk reporting and security metrics dashboards
Produce regular reporting on policy effectiveness, data risk posture, and key security metrics for leadership
Partner with data owners across business units to ensure proper classification of structured and unstructured data assets
Education
Bachelor’s Degree in Arts/Sciences (BA/BS) or equivalent experience - Required
Master’s degree in Arts/Sciences (MA/MS) or professional industry certification - Preferred
Work Experience
6+ years of experience in information security, with at least 4 years focused on data security, DLP or DSPM.
Skills and Abilities
Hands-on expertise with Microsoft Purview DLP, including policy creation, scoped deployments, adaptive protection, and incident management - Required
Strong proficiency with Microsoft Defender XDR suite: Defender for Endpoint, Defender for Cloud Apps, Defender for Identity, and Defender for Office 365 - Required
Demonstrated experience with Microsoft Sentinel, including custom analytic rules, KQL query development, workbooks, and SOAR playbooks - Required
Experience with Varonis Data Security Platform for data access governance, risk prioritization, and threat detection - Required
Familiarity with DSPM concepts and tooling, including sensitive data discovery and cloud data risk management - Required
Solid understanding of data classification frameworks and Microsoft Purview Information Protection (sensitivity labels, auto-labeling, trainable classifiers) - Required
Experience implementing DLP across multiple vectors: email, endpoint, cloud applications, and network - Required
Demonstrated capability to analyze, operationalize, and continuously improve security controls and business processes - Required
Knowledge of relevant compliance frameworks and regulations: ISO 27001/27701, SOC 2 and NIST‑aligned compliance and security frameworks, particularly as they relate to data protection and DLP - Required
Proven experience with email authentication standards (DMARC, SPF, DKIM) and their implementation in Microsoft 365.
Excellent analytical and problem-solving skills with a security-first mindset - Required
Microsoft certifications: SC-400 (Information Protection Administrator), SC-200 (Security Operations Analyst), SC-100 (Cybersecurity Architect), or AZ-500 - Preferred
Experience with additional DLP or CASB platforms (e.g., Symantec DLP, Forcepoint, Zscaler) - Preferred
Familiarity with cloud security posture management (CSPM) in Azure, AWS, or GCP environments - Preferred
#LI-CW1
#LI-Remote
What you can expect from RGA:
Gain valuable knowledge from and experience with diverse, caring colleagues around the world.
Enjoy a respectful, welcoming environment that fosters individuality and encourages pioneering thought.
Join the bright and creative minds of RGA, and experience vast, endless career potential.
We’re excited to get to know you and connect your unique skills with our global opportunities. To create a modern and seamless experience, we use artificial intelligence (AI) in parts of our preliminary screening process. This technology helps us personalize job recommendations, automate interview scheduling, evaluate candidates based solely on experience—without considering name, gender, or other personal details—and provide real-time answers through our chatbot. AI is used only during early screening and never makes hiring decisions. Your RGA recruiter will work closely with you every step of the way to ensure the process feels personal, thoughtful, and focused on you.
Compensation Range:
$126,710.00 - $188,840.00 AnnualBase pay varies depending on job-related knowledge, skills, experience and market location. In addition, RGA provides an annual bonus plan that includes all roles and some positions are eligible for participation in our long-term equity incentive plan. RGA also maintains a full range of health, retirement, and other employee benefits.
RGA is an equal opportunity employer. Qualified applicants will be considered without regard to race, color, age, gender identity or expression, sex, disability, veteran status, religion, national origin, or any other characteristic protected by applicable equal employment opportunity laws.