IT Operations Specialist I - 3RD Party Risk Review, DLP

Job Description

The IT Security Operations Analyst is responsible for conducting comprehensive application risk assessments, with a particular focus on third-party risk analysis. This involves evaluating the security posture of external vendors, partners, and their applications to ensure they meet organizational standards and regulatory requirements. The analyst reviews contracts, Statements of Work (SOW), and Data Processing Agreements (DPAs) to identify potential risks associated with third-party access or data handling and works closely with internal stakeholders to implement mitigation strategies. Additionally, the role manages Data Loss Prevention (DLP) activities using Microsoft Purview, which includes monitoring for unauthorized data transfers, configuring DLP policies to protect sensitive information, and responding to incidents where data security may be compromised. Through these efforts, the analyst helps maintain robust security controls and minimizes the risk of data breaches originating from both internal and external sources.

 This position will collaborate with internal IT teams, internal customers, and outside vendors.

Responsibilities:

• Conduct thorough risk assessments of new and existing applications, identifying potential vulnerabilities and security gaps
• Analyze and interpret security assessment findings, and provide actionable recommendations to mitigate identified risks
• Collaborate with software development teams to implement security best practices and ensure secure coding standards are followed
• Stay up-to-date with the latest threats, vulnerabilities, industry trends, and integrate this knowledge into the risk assessment process
• Participate in security reviews to evaluate and validate the effectiveness of security controls
• Provide technical expertise and guidance to support incident response efforts related to application security incidents
• Review and validate contracts, Statements of Work (SOW), and Data Processing Agreements (DPAs)
• Develop and maintain DLP policy standards, reusable templates, naming conventions, and engineering runbooks
• Partner with Legal, Privacy, HR, Compliance, and Security teams to translate requirements into actionable DLP controls, evidence collection, and defensible audit artifacts.
• Other duties as assigned

Basic Job Requirements

• Accredited four (4) year degree or global equivalent in applicable field of study and five (5) years of work-related experience or a combination of education and directly related experience equal to nine (9) years if non-degreed; some locations may have additional or different qualifications in order to comply with local requirements
• Ability to communicate effectively with audiences that include but are not limited to management, coworkers, clients, vendors, contractors, and visitors
• Job related technical knowledge necessary to complete the job
• Ability to learn and apply knowledge of applicable local, state/province, and federal/national statutes and guidelines
• Ability to attend to detail and work in a time-conscious and time-effective manner

Preferred Qualifications

• Bachelor’s degree in Computer Science, Information Technology, or a related field.
• Relevant industry certifications such as CISSP, CISM, or similar
• Proven experience (5 years) as an IT Security Analyst or similar role, with a focus on application security, Azure Active Directory, conditional access policies, and single sign-on (SSO) configurations
• Ability to effectively adapt to rapidly changing technology and apply it to business needs
• Demonstrated strong technical and non-technical communication skills, both oral and written
• Strong team-oriented interpersonal skills
• Strong understanding of software development processes and the ability to identify security issues in code and design
• Familiarity with OWASP Top Ten vulnerabilities and ability to assess and mitigate associated risks
• Proficiency in scripting or programming languages (e.g., Python, JavaScript, Java) is a plus
• Excellent communication skills to convey complex technical concepts to non-technical stakeholders
• Strong problem-solving skills
• Strong organizational skills and attention to detail, especially concerning note taking when evaluating applications and attending meetings
• Organize and prioritize a variety of projects and multiple tasks in an effective and timely manner, set priorities, and meet deadlines