Information Risk & Data Protection Analyst

Job Description Summary

As the Information Risk & Data Protection Analyst at SOLV Energy, you will own the company’s data loss prevention (DLP), insider risk, and information governance programs. Leveraging Microsoft Purview and other enterprise tools, you will design, implement, and manage controls to protect sensitive data, reduce insider risk, and ensure compliance with evolving regulatory requirements. You will partner with IT, Cybersecurity, Compliance, and Legal to ensure that data protection policies are not only enforced but also understood and adopted across the enterprise.

This role can be fully remote or based full-time in the San Diego, CA or Bend, OR office. Specific location details and expectations will be discussed during the interview process.

Position Responsibilities and Duties

• Develop, implement, and maintain data protection policies, procedures, and controls to prevent unauthorized data movement or exfiltration.
• Configure, tune, and monitor Microsoft Purview DLP, Insider Risk Management, and Information Protection policies.
• Analyze DLP and insider risk alerts, escalating incidents as necessary to SOC/Incident Response.
• Conduct risk and gap assessments on data handling practices, cloud applications, and third-party data sharing – turning assessment results into action plans.
• Collaborate with Compliance, Legal, and IT to ensure data classification, retention, and protection requirements are met.
• Track and report metrics on DLP/Insider Risk effectiveness (e.g., number of true vs. false positives, incidents investigated, SLA closure rates).
• Lead the rollout of security awareness initiatives related to data handling and insider risk mitigation.
• Assist in responding to regulatory audits and customer security requests related to data protection and privacy.
• Partner with other business units and cross-functional teams to guide and support the implementation of their data protection and classification plans, ensuring alignment with enterprise standards and regulatory requirements.
• Maintain up-to-date knowledge of data security regulations (e.g., NIST, CCPA, SOX, NERC CIP, ISO 27701) and ensure alignment with industry best practices.
• Recommend and assist with the implementation of new data security and governance tools to strengthen enterprise-wide controls.

Minimum Skills or Experience Requirements

• Bachelor’s degree in Information Technology, Cybersecurity, or related field (or equivalent experience).
• 3+ years of experience in information security, data protection, or insider risk management.
• 2+ years of hands-on experience with Microsoft Purview (DLP, Information Protection, Insider Risk Management) or equivalent enterprise platforms.
• Proven knowledge of data governance and compliance frameworks (NIST, ISO 27001, SOX, NERC CIP).
• Strong understanding of data lifecycle management, cloud data security, and insider threat detection.
• Demonstrated ability to analyze and tune DLP policies to reduce false positives and improve incident response efficiency.
• Excellent verbal and written communication skills; ability to translate technical risks into business impact.
• Strong collaboration skills for working across IT, Legal, Compliance, and HR teams.

Key skills/competency

• Data Loss Prevention (DLP)
• Insider Risk Management
• Information Governance
• Microsoft Purview
• Data Security Policies
• Regulatory Compliance
• Risk Assessment
• Cloud Data Security
• Incident Response
• Cross-functional Collaboration