Data Loss and Prevention Analyst

About The Position

Requirements

• Bachelor’s degree in information technology (IT) or equivalent business experience.
• 5+ years of related work experience including 3+ years developing and managing Data Loss Prevention (DLP) for cloud, email, network, and/or endpoint systems.

Nice To Haves

• One or more security related professional certifications: CISSP, GIAC, CISM, CCSP, CISA, CRISC, AWS, Azure, CCSK.
• Knowledge and experience developing risk aligned DLP monitoring rules, knowledge of DLP systems and products or experience on a security assurance operations team performing DLP triage operations functions.
• Knowledge and experience with Data Classification policies and technologies to address data leakage.
• Knowledge and experience with security access administration systems and processes.
• Advanced knowledge and experience with Windows operating systems, Microsoft Office 365 security features, and Microsoft Active Directory.
• Advanced knowledge of Azure Information Protection and Microsoft Purview.
• Programming/scripting skills a plus.

Responsibilities

• Implement procedures aligned with Lubrizol’s policies and standards to protect data in support of a data classification program.
• Provide subject matter expertise for tools and services regarding current and proposed architectures, strategies, and systems that protect information and prevent data loss.
• Provide operational support and product lifecycle management of DLP and related security tools (e.g., CASB).
• Develop and support key usage reports and policy infringement alerts to support each business area and stakeholders (e.g. SOC, Legal, Ethics, Compliance, etc.).
• Demonstrate expertise with enterprise class DLP platforms including policy creation, tuning, incident analysis, and response workflows; Translating business requirements into effective DLP controls.
• Assist with investigational efforts related to data loss.
• Be proficient in data taxonomy design, labeling, and classification models.
• Providing the business with a solid understanding of relevant regulations (e.g., GDPR, HIPAA, PCI DSS) and how they influence data protection controls within an enterprise environment.
• Demonstrate the ability to propose enhancements, refine policies to reduce noise, and improve the maturity of the DLP program over time.