The Cybersecurity Operations Analyst - DLP is responsible for overseeing all aspects of Data Loss Prevention (DLP) within the organization. This role focuses exclusively on developing and maintaining DLP policies, tuning DLP systems for optimal performance, and continuously monitoring DLP activities to prevent and detect unauthorized data access or transfer. Key Responsibilities Security Monitoring - Lead the expansion and continuous improvement of Data Loss Prevention (DLP) initiatives across the organization, including international operations, ensuring robust policy enforcement and alignment with regulatory requirements - Monitor, investigate, and respond to potential data loss events from both internal and external sources, ensuring swift containment and remediation - Administer, tune, and maintain DLP technologies for on-premise, cloud, SaaS, and endpoint environments to ensure robust policy enforcement - Develop, update, and enforce DLP policies and operational playbooks to address evolving data protection risks and regulatory requirements - Utilize threat intelligence to adapt DLP controls in response to new tactics, techniques, and procedures (TTPs) that target sensitive or regulated data - Review and approve new system deployments to ensure integration with DLP monitoring and compliance requirements - Document DLP incidents, investigations, and remediation steps to support regulatory audits and continuous process improvement - Collaborate with IT and security teams to automate DLP alerts and responses for faster threat mitigation - Provide off-hours support to address urgent DLP incidents and maintain 24/7 data protection coverage Incident Response - Monitor and review DLP alerts across email, web, endpoint, and cloud. - Identify and prioritize real incidents vs. false positives. - Investigate user activity and data movement related to alerts. - Determine if incidents are accidental, negligent, or malicious. - Escalate high-risk cases to Legal, HR, or Security leadership. - Take action to contain active threats (e.g., disable sharing, isolate devices). - Document all findings, actions, and outcomes in the case tracking system. - Recommend user coaching or awareness training when needed. - Propose improvements to DLP rules to reduce noise and increase accuracy. Page 2 of 4 - Track and report incident trends and metrics (volume, type, resolution time). - Collaborate with IT, Legal, HR, and business units during investigations. - Support audits, compliance checks, and policy updates as needed. Emerging Threats Monitoring - Obtains information and stays up-to-date on the latest threats and security trends in a fast and efficient way to keep the enterprise environment protected. Service Desk and Incident Management - Assists in the investigation and resolution of security issues. Skills Professional Technology Skills (the professional technology skills you need to be able to do the job) Skill Follow Apply Advise Inspire Detail Security Monitoring Ability to: - Work with internal IT teams and external MSSPs for security monitoring of IDS, SIEM, DLP, AV, and Endpoint Security technologies. - Performs security event correlation, triage, and analysis. - Applies Security Threat Intelligence to respond appropriately to security events. - Recognize when a network/system has been compromised from and internal or external threat actor. - Works on projects to improve security monitoring and response capabilities. - Strong understanding of defense-in-depth security best practices. - Strong security engineering and architecture background to best understand how to employ the most effective and efficient security monitoring. - Demonstrate effective communication of security issues to management and others. - Maintain the security monitoring operational guidelines and standards for security. Incident Response Ability to: - Performs incident response and forensic activities for internal and external threats. - Works with internal IT teams, MSSPs, and external Page 3 of 4 forensic services to respond to incidents. - Ensure that all identified breaches in security are promptly and thoroughly investigated/remediated. - Ensure that security incidents are documented accurately and complete. Core Competencies Core Competency Detail Focus on Customers Promoting and living customer service as a value. Ensuring that the (internal or external) customer's needs are a driving force behind priorities, decisions, processes, and activities. Drive Results Setting high standards of performance for self and others; assuming responsibility and sense of urgency for successfully completing assignments or tasks; self-imposing standards of excellence rather than having standards imposed. Develop Self and/or Others Planning and supporting the development of knowledge, skills, and abilities to fulfil current or future job responsibilities more effectively. Champion Change Actively engaging and supporting change and innovation by communicating the future-state, trying new approaches, and collaborating with others to make the change successful. Value Others Gaining other people's trust by "doing the right thing," demonstrating openness and honesty, behaving consistently, supporting an inclusive work environment and acting in accordance with legal, moral, ethical, professional, and organizational guidelines in support of our Values. Build Relationships Building, leveraging and maintaining relationships within and across work groups. Knowledge, Experience & Qualifications Essential Desirable - Bachelor's degree in Computer Science, Information Security, or a related field - or an equivalent combination of education and relevant industry experience. - Hands-on experience in Information Security operations, including Security Monitoring, Incident Response, and Network Security fundamentals. - Understanding of Data Loss Prevention (DLP) concepts, frameworks, and technologies - Familiarity with data classification standards (e.g., PII, PCI, PHI, IP) - Knowledge of common DLP platforms: - Symantec DLP - Microsoft Purview DLP - Zscaler DLP - Forcepoint, McAfee, Digital Client, etc. - Basic understanding of network security, email Page 4 of 4 - Practical experience with Data Loss Prevention (DLP) tools and concepts, with exposure to one or more leading platforms such as Symantec, Microsoft Purview, Zscaler, Forcepoint, or Digital Client. - Working knowledge of industry-standard security technologies, including: - Firewalls, VPN, Intrusion Detection Systems (IDS) - Endpoint Detection & Response (EDR) - Antivirus (AV) - Secure Web Gateway/Proxy - Strong experience with SIEM event/log analysis and correlation security, and endpoint protection - Knowledge of regulatory and compliance standards: - HIPAA, GDPR, CCPA, SOX, PCI-DSS Specializations Endpoint DLP, Network DLP, Cloud data protection, Policy development and tuning, Insider threat detection, Compliance and regulatory, Incident response and forensics, DLP integration
