Senior Data Loss Prevention (DLP) Analyst at Collinson

Purpose of the job

• We are looking for a skilled and proactive Sr. Data Loss Prevention (DLP) Analyst to join our Security Operations team. This role focuses on protecting sensitive data across endpoints, cloud services, and email channels by managing and evolving our DLP technologies, policies, and controls.
• You will be a key influencer to the design and enforcement of security policies and conditional access, working closely with internal stakeholders to safeguard information and support regulatory compliance.

Key Responsibilities

• Monitor and investigate DLP alerts generated by Microsoft Purview, Egress, and endpoint agents across Intune (Windows) and JAMF (macOS).
• Administer and maintain DLP tools and technologies, ensuring they are configured correctly and functioning as intended.
• Analyze incidents to determine true positives, identify root causes, and recommend remediation actions.
• Define, implement, and review DLP policies, data classification, and conditional access rules to ensure alignment with business needs, regulatory requirements and to stay current with evolving threats and industry standards.
• Lead discussions with Information Security, Compliance, Legal, HR, and IT to identify and mitigate data handling risks.
• Conduct periodic reviews of data movement patterns and access controls to ensure ongoing policy effectiveness.
• Maintain security configurations in Microsoft Intune and JAMF Pro to support DLP enforcement at the endpoint level.
• Lead the development and execution governance and lifecycle of security policies, including documentation, change control, exception handling, and awareness efforts.
• Responsible for audit and compliance reporting for data protection controls and assist with incident investigations involving potential data exposure.
• Develop and maintain a playbook for data leakage scenarios, policy violations, and insider threat alerts.
• Training and Awareness: Develop and conduct training sessions and awareness programs to educate employees on data security best practices and the importance of adhering to DLP policies.
• Hybrid role, with occasional after-hours support for incident response or high-severity investigations.
• Participation in on-call rotations may be required for DLP-related incidents.

Knowledge, skills and experience required

• Bachelor’s degree in Cybersecurity, Information Technology, or a related field, or equivalent experience.
• 7+ years of experience in cybersecurity, with at least 5 years focused on Data Loss Prevention.
• Hands-on experience with Microsoft Purview DLP, Egress, Microsoft Intune, and JAMF Pro preferred.
• Strong understanding of data classification, endpoint protection, email encryption, and cloud DLP.
• Familiarity with conditional access policies, Microsoft Entra ID (Azure AD), and Zero Trust principles.
• Working knowledge of security frameworks and regulatory standards (e.g., GDPR, HIPAA, ISO 27001, PCI-DSS).
• Relevant security certifications (e.g., Microsoft SC-400, SC-300, CompTIA Security+, CISSP, CISM, CDPSE, GIAC) are highly desirable.
• 5+ years of experience in a Security Operations Center (SOC) or with SIEM integration for DLP events.
• Knowledge of insider risk detection, UEBA, or behavioral analytics.
• Experience collaborating in cross-functional global teams on policy development or risk mitigation.

Person Specification

• Strong analytical, communication, and incident investigation skills.
• Ability to manage sensitive information with discretion and professionalism.
• Ability to work effectively in a global team-oriented environment, collaborating with colleagues to achieve common goals.