Manager, Data Security

Sr. Manager, Data Security Program

Schedule: M-F (onsite 4 days/week)

Location: Atlanta or Birmingham

Southern Company is seeking an experienced cybersecurity leader to own and drive the enterprise Data Security Program across multiple disciplines and functions. This role is responsible for end‑to‑end leadership, execution, and evolution of data protection capabilities, ensuring sensitive data is identified, classified, governed, monitored, and protected across on‑premises, cloud, SaaS, and hybrid environments.

This position directly supports Southern Company’s mission to mitigate real and potential cyber risks to its critical electric and gas utility infrastructure, operational technology environments, enterprise IT systems, personnel, customers, and brand. Positioned between executive strategy and technical execution, this role drives large‑scale, cross‑functional data security initiatives that reduce risk while enabling secure and efficient business operations.

The Senior Manager will lead a multi‑discipline team responsible for enterprise‑wide data security, including encryption strategy (data at rest and in transit, databases, cloud, and on‑prem), Data Loss Prevention (DLP), Data Security Posture Management (DSPM), data discovery and classification, data labeling governance, and data misuse detection and response. A significant component of this role is forward‑looking cryptographic strategy, including planning, preparing, and executing the company’s transition to post‑quantum cryptography (PQC), defining both pre‑ and post‑quantum approaches in partnership with enterprise stakeholders.

This leader owns day‑to‑day operational accountability for data security tooling and controls, including policy design, deployment, tuning, alert monitoring and response, and lifecycle management (upgrades, patching, and change management). The role also serves as a trusted advisor to business and technology leaders, shaping data protection strategy, enabling secure innovation, and preparing the enterprise for data management and protection in the age of AI, including policy and guardrails for agentic AI interactions with enterprise data.

The ideal candidate brings strong people leadership, deep data security and cryptography expertise, and the ability to influence across a complex enterprise. This role requires a proven track record of building sustainable, multi‑discipline security programs and delivering measurable risk reduction in highly regulated, mission‑critical environments.

• Provide leadership focused on building, mentoring, and developing a high‑performing, multi‑discipline data security team spanning governance, engineering, operations, and consulting functions.
• Own and execute the enterprise Data Security Program strategy and roadmap, aligning outcomes with business priorities, regulatory requirements, and evolving technologies.
• Translate strategic objectives into actionable operating models, execution plans, and measurable KPIs across multiple functional domains.
• Lead enterprise efforts to identify, define, and govern sensitive data, including development and adoption of data classification and labeling standards.
• Own data labeling policy and governance, including label taxonomy, usage standards, enforcement expectations, and adoption improvement.
• Oversee deployment and ongoing operations of Data Loss Prevention (DLP) capabilities across email, endpoints, SaaS, cloud services, and data repositories.
• Define and manage DLP policies, detection rules, and enforcement actions (e.g., block, quarantine, encrypt, alert), balancing risk reduction with business usability and driving continuous tuning and improvement.
• Mature the evolution and operational use of Data Security Posture Management (DSPM) to maintain visibility into sensitive data locations, access pathways, and exposure risks.
• Monitor, triage, investigate, and respond to DLP and DSPM alerts and findings in partnership with Security Operations, Incident Response, Insider Threat, Identity, and related teams.
• Drive remediation of data security risks, including over‑permissive access, unprotected or misclassified data,…