Information Protection Analyst (Data Security)

The Analyst will support the Project Manager to deliver enterprise Information Protection change initiatives. The role focuses on stakeholder and user engagement, detailed requirements analysis (technology and process), backlog management with impact assessment, user testing coordination, and progressing governance to enable compliant, risk-reducing delivery., Stakeholder & User Engagement: Partner with IT, Compliance, and Business stakeholders (via SDOs) and end users to elicit needs, validate usability, align priorities, and secure decisions; facilitate workshops, interviews, user forums, and working groups.

Backlog Management: Maintain and prioritize the change backlog using transparent criteria; drive refinement, readiness, and clear acceptance criteria for delivery.

Impact Assessment: Evaluate each change for business value, risk reduction, effort to deliver, and operational/user impact; document assumptions, dependencies, and measurable outcomes.

Requirements Definition (Tech & Process): Produce detailed, testable requirements and user stories covering controls, data flows, roles/responsibilities, operating procedures, integration points, and user experience; ensure traceability from business need to acceptance criteria.

User Testing Coordination: Plan, coordinate, and execute user testing (UAT, pilot, and usability testing), including test scenarios, scripts, and data; manage defect triage, feedback capture, and sign-off, ensuring control effectiveness and positive user experience.

Governance Progression: Navigate and advance required governance (e.g., design authorities, risk/compliance reviews, data protection assessments, control sign-offs) to unblock delivery and ensure auditability.

Delivery Support: Collaborate with engineering and operations to clarify scope, support solution design, and validate implementation against requirements and user feedback; prepare readiness materials for adoption.

Adoption & Change Readiness: Work with change/communications teams to craft user-centric guidance, FAQs, and training; track adoption metrics and drive remediation actions where needed.

Measurement & Reporting: Define success metrics, track risk reduction, usability outcomes, and business benefits; provide concise status reporting to the Project Manager and stakeholders.

Do you have experience in User acceptance testing?, Life Sciences/Pharma Context: Familiarity with Pharma data use cases and cross-border data transfer controls.

Information Protection Expertise: Practical experience with the concepts of (but no hands-on experience needed) data classification, DLP, encryption/key management, identity and access management, data loss monitoring, and secure collaboration; understanding of information risk methodologies.

Regulatory & Compliance Awareness: Working knowledge of privacy/security obligations and control frameworks (e.g., GDPR, SCCs, ISO 27001, NIST), and how they translate into enterprise controls and testing.

Business Analysis: Strong elicitation, process mapping, requirements writing (epics/stories/use cases), and acceptance criteria; proficiency with traceability and documentation.

Backlog & Impact Management: Ability to prioritize using structured criteria (value, risk, effort, user impact), run backlog refinement, and prepare changes for gated delivery.

User Testing & Adoption: Experience planning and coordinating UAT/pilots, writing test cases, managing defects, synthesizing feedback, and enabling adoption with minimal friction.

Governance Navigation: Experience moving changes through design authority, security/compliance reviews, risk assessments (e.g., PIA/eRID), and operational readiness, with clear evidence for audit.

Stakeholder Management: Confident communicator able to balance IT, Compliance, Business, and user needs; skilled in facilitation and consensus building.

Delivery Orientation: Comfortable working in agile/hybrid environments, aligning iterative delivery with compliance checkpoints.

Analytical & Communication

Skills: Clear written and verbal communication; data-driven decision making; concise reporting to senior stakeholders.

Desirable

Tooling Exposure: Experience with workflow tools (e.g., Azure DevOps/Jira, Confluence, Airfocus).

Risk & Data Assessments: Hands-on with DPIAs, TRA/RA, control testing, and evidence collection for audits.

User Research Methods: Ability to run lightweight usability studies, surveys, and feedback cycles to inform control design.