Information Risk & Data Protection Analyst

About SOLV Energy

SOLV Energy is an engineering, procurement, construction (EPC) and solar services provider for utility solar, high voltage substation and energy storage markets across North America.

Job Summary

As an Information Risk & Data Protection Analyst at SOLV Energy, you will be instrumental in safeguarding the company's sensitive information. This role involves taking ownership of data loss prevention (DLP), insider risk, and information governance programs. You will leverage advanced tools like Microsoft Purview to design, implement, and manage controls that protect data, mitigate insider threats, and ensure adherence to evolving regulatory standards. Collaborating closely with IT, Cybersecurity, Compliance, and Legal teams, you will ensure data protection policies are not only effectively enforced but also widely understood and adopted throughout the organization.

This position offers flexibility, allowing you to work fully remote or from our San Diego, CA or Bend, OR offices. Specific arrangements will be discussed during the interview process.

Position Responsibilities and Duties

• Develop, implement, and maintain robust data protection policies, procedures, and controls to prevent unauthorized data movement or exfiltration.
• Configure, tune, and actively monitor Microsoft Purview DLP, Insider Risk Management, and Information Protection policies to optimize effectiveness.
• Analyze DLP and insider risk alerts, ensuring timely escalation of incidents to the SOC/Incident Response team as needed.
• Conduct comprehensive risk and gap assessments on data handling practices, cloud applications, and third-party data sharing, translating findings into actionable plans.
• Collaborate with Compliance, Legal, and IT departments to ensure all data classification, retention, and protection requirements are consistently met.
• Track and report key metrics on DLP/Insider Risk program effectiveness, including true vs. false positives, incidents investigated, and SLA closure rates.
• Lead the rollout of targeted security awareness initiatives focused on best practices for data handling and effective insider risk mitigation.
• Assist in responding to regulatory audits and customer security requests pertaining to data protection and privacy.
• Partner with various business units and cross-functional teams to guide and support the implementation of their data protection and classification plans, ensuring alignment with enterprise standards and regulatory mandates.
• Maintain up-to-date knowledge of critical data security regulations (e.g., NIST, CCPA, SOX, NERC CIP, ISO 27701) and proactively ensure alignment with industry best practices.
• Recommend and assist with the strategic implementation of new data security and governance tools to continuously strengthen enterprise-wide controls.

Minimum Skills or Experience Requirements

• Bachelor’s degree in Information Technology, Cybersecurity, or a related field, or equivalent practical experience.
• A minimum of 3 years of experience in information security, dedicated data protection, or insider risk management roles.
• At least 2 years of hands-on experience configuring and managing Microsoft Purview (DLP, Information Protection, Insider Risk Management) or comparable enterprise platforms.
• Demonstrated knowledge of established data governance and compliance frameworks such as NIST, ISO 27001, SOX, and NERC CIP.
• Strong foundational understanding of data lifecycle management, cloud data security, and insider threat detection methodologies.
• Proven ability to effectively analyze and tune DLP policies to significantly reduce false positives and enhance incident response efficiency.
• Excellent verbal and written communication skills, with the ability to clearly articulate technical risks in terms of business impact.
• Strong collaborative abilities for seamless cross-functional teamwork with IT, Legal, Compliance, and HR teams.

Key skills/competency

• Data Loss Prevention (DLP)
• Insider Risk Management
• Microsoft Purview
• Information Governance
• Cybersecurity
• Regulatory Compliance
• Risk Assessment
• Data Classification
• Incident Response
• NIST, ISO 27001, SOX, NERC CIP