Security Analyst (Data Protection & Governance)
Role details
Job location
Tech stack
Job description
We are seeking a diligent and analytical Security Analyst to strengthen our agency's cybersecurity and data protection posture. In this role, you will be at the forefront of protecting sensitive information by monitoring security risks and managing critical controls, including Data Loss Prevention (DLP), Insider Risk Management, and AI/Copilot security. You will serve as a key collaborator, working across technical and business teams to investigate incidents, conduct security audits, and drive compliance initiatives. Key Responsibilities Data Protection & Governance: Monitor and optimize DLP policies, investigate sensitive data exposure, and support Data Security Posture Management (DSPM) and AI/Copilot data governance. Incident Response: Triage and investigate security alerts from SIEM, DLP, and Insider Risk platforms; lead documentation, escalation, and remediation efforts. Insider Risk Management: Analyze user behavior for potential policy violations, conduct confidential investigations, and recommend risk mitigation strategies. Vendor Security: Participate in third-party security assessments, review SOC reports, and collaborate with procurement and legal teams on vendor risk requirements. Auditing & Compliance: Assist with internal and external audits, validate security controls, and ensure adherence to regulatory requirements and industry best practices. Reporting & Collaboration: Develop security metrics and dashboards, facilitate awareness training, and provide recommendations to enhance overall security policies and procedures. Required Qualifications
Requirements
Experience: Minimum of 3 years of enterprise-level experience in cybersecurity operations, specifically in threat monitoring, incident response, risk analysis, and security investigations. Technical Proficiency: Minimum of 3 years of hands-on experience with: Data Loss Prevention (DLP) Insider Risk Management solutions Data Security Posture Management (DSPM) technologies Education: Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or a related field (equivalent experience considered). Required Certifications: CompTIA Security+, GIAC Security Essentials (GSEC), or an equivalent foundational cybersecurity certification. Preferred Qualifications Technical Expertise: Experience with Microsoft Security (Purview/Entra ID/Azure Security), AI-driven security platforms (e.g., Cortex), and security automation (PowerShell/Python). Certifications: Microsoft Certified Cybersecurity Architect Expert (SC-100), Microsoft Security Operations Analyst (SC-200), Certified Ethical Hacker (CEH), or CISSP/Associate CISSP. Required Competencies Strong analytical, investigative, and documentation skills. Deep knowledge of cybersecurity frameworks and control validation. Exceptional integrity and the ability to maintain confidentiality regarding sensitive information. Proven ability to manage competing priorities in a fast-paced environment and engage effectively with stakeholders.