They are the same. It is a matter of style. The term "data security" is an older mainframe-era description of the function, which generally meant that the individual promoted or administered the protection of physical, administrative, and technical safeguards over the computing environment and the application systems -- at that time almost exclusively a large-scale mainframe environment.
As computing applications moved from, or embraced, file server systems, desktops, and became more distributed, the "information security" moniker was more frequently used. EDP security became information security, or "IS security" and, more often, "IT security", for information technology security. With the ability to move information through all platforms (e.g., from Windows desktop applications through Internet attachments, and back to desktops)the risk was enterprisewide, and the requirement was to protect ALL information resources. The determination of the function's technicality is more frequently defined by the position's suffix; i.e., whether the individual is a "specialist", an "analyst", an "officer" -- versus the more technical title of "engineer".
Referencing the position with the term "data security" would appear to be a term not used as frequently today. If you were to go to Monster.com and type in "information security", you'd see literally hundreds of posts; if you typed "data security", I think you'd find only a handful still using this title. Good luck.