LHH is working with a Financial Services client based in the Chicago Loop that is looking to hire a Sr. Encryption Engineer to join our team for a 12+ month project. The role will be 100% remote. The ideal candidate will have 3+ years of Encryption experience, some Cryptography, and PKI. Candidates MUST have Format-preserving encryption (FPE) with Voltage to be considered and be able to speak about it in your resume. Brief Overview of Position The Senior Encryption Engineer leads first line of defense Information Security services around data protection security and related matters. They review, design and develop security operational processes, standards, and procedures utilizing current and new technologies to improve security controls and business performance. The Senior Encryption Engineer will coordinate with internal teams to implement data security solutions and improve security that is aligned with corporate business objectives and regulatory requirements. Responsibilities • Subject Matter Expertise - Lead the design, implementation, and maintenance of enterprise encryption program/services solutions to business areas, project teams and vendors to apply and execute appropriate use of technology solutions and leads efforts to examine technology vision, opportunities, and challenges with regard to security standards and the impact of the technology. Create technical detailed implementation plan for desired state • Security Trends - Evaluate and understand current state of enterprise encryption capabilities/services. Continually works to enhance breadth and depth of knowledge and experience. Monitors and anticipates trends and investigates organizational objectives and needs. • Reporting -Create and maintain operational documentation and reports to support monthly trend analysis as well as project components • Business As Usual - Implement and monitor all online PKI server components, monitor, and troubleshoot PKI logs for errors and warnings and perform daily health-checks for PKI solution platforms. Will also be responsible for the day-to-day management and oversight on all on prem and cloud key management platforms to preserve separation of duty with teams leveraging symmetric, asymmetric keys and certificates. • Vendor/Tool Selection – Leads the research, evaluation, proof-of-concept, selection, and implementation of technology solutions. Provides detailed analysis of pros and cons and build vs buy options. • Process Improvement - Promotes implementation of new technology, solutions and methods to improve business processes, efficiency, effectiveness and value delivered to customers. Perform gap analysis between current state and desired state of enterprise encryption program/services and document findings • Incident Response – Is involved in security incident response activities and post-event reviews of security incidents. Additional Responsibilities • Lead implementation of the Voltage Data Protection Platform from design to deployment. • Oversee tokenization and encryption strategies using Voltage. • Evaluate and onboard 1000+ applications for sensitive data protection solutions. • Conduct data security and risk assessments and contribute to data protection policies. • Write, implement, and maintain data security standards aligned with regulatory and industry best practices. • Collaborate cross-functionally to support REST API integrations, CI/CD pipelines, and development in Java, C, or .NET. • Manage user testing workflows and tickets throughout implementation. • Document technical solutions and operational processes using Confluence and JIRA. • Apply expertise to secure data, manage digital certificates, and enforce cryptographic controls. • Provide architectural input and technical leadership on data protection strategies. The duties listed above are the essential functions, or fundamental duties within the job classification. The essential functions of individual positions within the classification may differ. Qualifications • 3+ years of operational experience is required; must have implemented and managed PKI, Key Management systems, Data Masking platforms, HSMs and other cryptographic technology platforms. Must possess strong technical knowledge of cryptographic platform architecture, system policies, rules, etc • MUST HAVE Format-preserving encryption (FPE) with Voltage • Understanding of concepts involving Hardware Security Modules (HSM), Enterprise Key Management, applying Encryption at various levels of granularity • Ability to understand requirements and problem-sets and design solutions to address their PKI or encryption needs • Experience with multiple CA (certificate authority) vendors and platforms • Experience with installing and configuring certificates in multiple application types • Familiarity with AWS, AWS Cloud HSM, AWS Certificate Manager (ACM), AWS Key Management Solution (KMS)AWS Private Certificate Authority (ACM PCA), Azure Electronic Key Management (EKM) Microsoft two or three tier PKI, managed PKI services • Experience with multiple cryptographic algorithms and cipher suites as well as up to date on deprecated algorithms for decommissioning. • Strong verbal and written communications skills; must be able to effectively communicate technical details and thoughts in non-technical/general terminology to various levels of the organization. • Knowledge of Data Security best practices and security solutions • Knowledge in a cloud-based environment (Azure, AWS, GCP) • Knowledge of common technologies, enterprise and network architecture • Understanding of: • Modern security tools and controls • Programming languages or other scripting languages • Financial industry regulations such as GLBA, PCI, and SOX • Knowledge of or demonstrated experience with defense in depth, trust levels, privileges and permissions Additional Required Skills: Deep knowledge of data security, encryption, tokenization. Hands-on experience with Voltage or similar data protection platforms. Strong background writing data security assessments and security standards. Familiarity with REST APIs, CI/CD tools, and programming in Java, C, or .NET. Experience with documentation tools like Confluence and JIRA. Excellent cross-functional collaboration and communication skills. Nice to Have: Experience with Thales/Voltage data protection solutions. Security or cloud certifications (e.g., CISSP, AWS/Azure security certs).