Information Risk & Data Protection Analyst

About The Position

Requirements

• Bachelor’s degree in Information Technology, Cybersecurity, or related field (or equivalent experience).
• 3+ years of experience in information security, data protection, or insider risk management.
• 2+ years of hands-on experience with Microsoft Purview (DLP, Information Protection, Insider Risk Management) or equivalent enterprise platforms.
• Proven knowledge of data governance and compliance frameworks (NIST, ISO 27001, SOX, NERC CIP).
• Strong understanding of data lifecycle management, cloud data security, and insider threat detection.
• Demonstrated ability to analyze and tune DLP policies to reduce false positives and improve incident response efficiency.
• Excellent verbal and written communication skills; ability to translate technical risks into business impact.
• Strong collaboration skills for working across IT, Legal, Compliance, and HR teams.

Responsibilities

• Develop, implement, and maintain data protection policies, procedures, and controls to prevent unauthorized data movement or exfiltration.
• Configure, tune, and monitor Microsoft Purview DLP, Insider Risk Management, and Information Protection policies.
• Analyze DLP and insider risk alerts, escalating incidents as necessary to SOC/Incident Response.
• Conduct risk and gap assessments on data handling practices, cloud applications, and third-party data sharing – turning assessment results into action plans.
• Collaborate with Compliance, Legal, and IT to ensure data classification, retention, and protection requirements are met.
• Track and report metrics on DLP/Insider Risk effectiveness (e.g., number of true vs. false positives, incidents investigated, SLA closure rates).
• Lead the rollout of security awareness initiatives related to data handling and insider risk mitigation.
• Assist in responding to regulatory audits and customer security requests related to data protection and privacy.
• Partner with other business units and cross-functional teams to guide and support the implementation of their data protection and classification plans, ensuring alignment with enterprise standards and regulatory requirements.
• Maintain up-to-date knowledge of data security regulations (e.g., NIST, CCPA, SOX, NERC CIP, ISO 27701) and ensure alignment with industry best practices.
• Recommend and assist with the implementation of new data security and governance tools to strengthen enterprise-wide controls.

Benefits

• Employees (and their families) are eligible for medical, dental, vision, basic life and disability insurance.
• Employees can enroll in our company’s 401(k) plan and are provided vacation, sick and holiday pay.