Senior Information Security Analyst

• Follow the DLP incident response process, collaborating with stakeholders (HR, Privacy, Business Units) to investigate, contain, and remediate data loss incidents
• Develop and maintain DLP incident playbooks and ensure timely response to alerts
• Provide detailed analysis and reporting on data loss incidents, root causes, and corrective measures
• Conduct post-incident reviews and recommend improvements to prevent future incidents
• Design and implement DLP policies to protect sensitive data across identified channels, aligning with business needs, regulatory requirements, and industry best practices
• Continuously improve and optimize DLP processes to enhance accuracy, reduce false positives, and improve efficiency
• Support the expansion of DLP capabilities into emerging technologies and egress channels
• Collaborate with Legal, Compliance, Risk, and other departments to ensure DLP policies align with regulatory requirements (e.g., GDPR, PIPEDA, PCI-DSS, HIPAA)
• Evaluate and implement new DLP technologies, tools, and enhancements to strengthen data protection capabilities
• Stay current with industry trends, emerging threats, and new technologies to ensure the organization remains ahead of evolving data loss risks
• Regularly assess the effectiveness of DLP controls through testing, audits, and continuous monitoring
• Report identified DLP gaps and drive initiatives to close them
• Work collaboratively with DLP team members, managers, and stakeholders to enhance teamwork and efficiency
• Prepare and present regular updates, metrics, and program status
• Define, track, and report on key performance indicators (KPIs) to measure control effectiveness and risk posture
• Provide detailed reporting on DLP incidents, policy violations, and progress achieved
• Adhere to corporate workstyle policies, including a minimum of three days working from the office each week
• Participate in developing and delivering DLP awareness and training programs to educate employees on data protection, acceptable use policies, and secure data handling practices

• Bachelor’s degree from an accredited college or university or equivalent experience
• Minimum five years’ experience as an information technology professional with at least three of those in information security
• In-depth knowledge of DLP technologies, frameworks, and platforms (specifically Microsoft Purview, IRM and MDCA)
• Strong understanding of data classification, encryption, regulatory requirements, and standards
• Proven experience managing DLP incidents, governance forums, and program expansion initiatives
• Familiarity with cybersecurity frameworks such as NIST, ISO 27001, and CIS Controls
• Experience collaborating with cross-functional teams and senior stakeholders
• Exceptional analytical, problem-solving, and investigative skills
• Holds at least one information security certification or actively working towards at least one security certification (e.g. CISSP, CISM)
• Excellent communicator including demonstrated presentation and negotiation skills
• Experience with security solutions for multi-tier cloud-based applications
• Experience interpreting and consulting around meeting the requirements of the Information Security Policies and Standards for a large organization
• Working knowledge of IT Audit processes, including design of control test procedures
• Demonstrated ability to foster relationships and build trust
• Ability to work independently and deliver on commitments
• Strong analytical and problem-solving skills
• Experience in risk assessment methodologies
• Reliability Status security clearance

Experience with Microsoft Purview, IRM and MDCA

Hybrid role with 3 days in office