Data Privacy Analyst

Position Summary We are seeking a skilled and motivated Data Loss Prevention (DLP) & Data Privacy Engineer to join our Information Security team. In this mid-level role, you will be responsible for designing, implementing, and maintaining enterprise DLP solutions and data privacy frameworks to protect sensitive organizational and customer data. You will work cross‑functionally with IT, Legal, Compliance, and business stakeholders to ensure data handling practices align with regulatory requirements and corporate security policies.

Key Responsibilities DLP Program Management Design, deploy, configure, and tune DLP policies across endpoints, networks, email, and cloud environments (Microsoft Purview, Symantec DLP, Forcepoint, or equivalent) Monitor DLP alerts, investigate policy violations, and coordinate remediation with data owners and business units Develop and maintain DLP rule sets, data classifiers, and content inspection policies tailored to organizational risk tolerance Perform regular DLP policy reviews and effectiveness assessments, report metrics to security leadership Data Privacy & Compliance Support the implementation and maintenance of data privacy programs aligned with GDPR, CCPA/CPRA, HIPAA, and other applicable regulations Conduct data mapping, data flow analysis, and records of processing activities (RoPA) to identify sensitive data repositories Assist with Privacy Impact Assessments (PIAs) and Data Protection Impact Assessments (DPIAs) for new projects and systems Collaborate with Legal and Compliance teams to respond to data subject access requests (DSARs) and privacy incidents Technical Implementation & Integration Integrate DLP tools with SIEM platforms (Splunk, Microsoft Sentinel) and SOAR solutions for automated incident response workflows Configure and manage data classification solutions (Microsoft Information Protection, Varonis, or similar) to enforce sensitivity labeling Support cloud DLP implementations across SaaS, IaaS, and PaaS environments including Microsoft 365, Google Workspace, AWS, and Azure Develop scripts and automation (Python, PowerShell) to enhance DLP workflows and reporting capabilities Stakeholder Collaboration & Training Provide guidance and advisory support to IT teams, developers, and business units on secure data handling practices Develop and deliver data privacy and DLP awareness training materials for employees Participate in security incident response activities related to data exfiltration and unauthorized disclosure events Document policies, procedures, runbooks, and technical configurations related to the DLP and privacy program Required Qualifications Education Bachelor’s degree in computer science, Information Security, Information Systems, or a related technical field; or equivalent practical experience Experience 3–5 years of hands‑on experience in information security with a focus on DLP, data classification, or data privacy engineering Demonstrated experience configuring and managing enterprise DLP platforms such as Microsoft Purview, Symantec DLP, McAfee Total Protection, or Forcepoint DLP Experience implementing or supporting data privacy programs under one or more regulatory frameworks (GDPR, CCPA/CPRA, HIPAA, PCI‑DSS) Proficiency in data classification tooling and sensitivity label governance (Microsoft Information Protection preferred) Familiarity with cloud security controls and DLP capabilities in Microsoft 365, Azure, AWS, or Google Cloud Platform Working knowledge of scripting languages (Python, PowerShell, or Bash) for automation and log analysis Experience with SIEM platforms and the ability to write correlation rules related to data exfiltration indicators Preferred Qualifications Experience with CASB solutions (Microsoft Defender for Cloud Apps, Netskope, or Zscaler) to extend DLP controls to cloud applications Familiarity with zero trust architecture principles and their application to data security Knowledge of data tokenization, encryption, and masking techniques Experience supporting or leading Privacy Impact Assessments and coordinating with external auditors or regulators Background in endpoint DLP and removable media control policies Exposure to eDiscovery, legal hold processes, or forensic investigations involving sensitive data CompTIA Security+ is a requirement. CIPP a HUGE PLUS!!!! #J-18808-Ljbffr