Washington DC

Data Loss Prevention Specialist

CM Legal

Data Loss Prevention Specialist
Summary: The Data Loss Prevention (DLP) Specialist is responsible for ensuring that the Firm designs and implements appropriate controls to protect sensitive and mission critical data at rest and in transit. The Specialist operates a focused, thematic risk and control program that sets expectations for all data security topics, including email security, data loss and leak prevention, labeling and classification, and data lifecycle management. This is a highly technical role with requires hands-on, collaborative work with stakeholders and IT implementers.

  • Bachelor's degree in Computer Science or Engineering preferred; advanced degree and CISSP certification preferred.
  • Requires 10+ years' experience in cybersecurity, with 3+ years’ experience executing security advisory or oversight programs.
  • Minimum 5 years of recent operational support experience with Security Email Gateways (SEG), Data Loss Preventions (DLP) tools.
  • Expert knowledge in M365 Security & Compliance and Microsoft Purview, Data Loss Prevention (DLP), Data Audit, Compliance Management or comparabledata governance, management, and security product.
  • Exceptional interpersonal skills; success in the role requires the ability to influence and persuade.
  • Effective written and oral communications skills.

Duties and Responsibilities:

  • Define, document, and manage the data risk oversight programs, including charters, roadmaps, plans, and milestones for risk assessments and control implementations.
  • Drive the operational support and maintenance of the M365 Data Security & Compliance including Information Governance & Protection, Insider Risk eDiscovery, Microsoft Cloud App Security (MCAS), Data Loss Prevention, and Audit and Data Lifecycle Management.
  • Implements a data protection strategy to ensure PII, PHI, and all sensitive data is adequately secured at rest and in transit.
  • Assess and implement data loss prevention (DLP) policies to meet compliance requirements.
  • Conduct Risk Assessments against email security configurations and practices; provide guidance to continuously improve data security.
  • Participate in Insider Threat investigations and other security/compliance related operations, problems, and incidents.
  • Drive organizational change through proactive risk identification, measurement, analysis, and reporting to improve data security posture.
  • Engage, liaise, and guide Business and Technology teams on data security risks of new platforms, applications, and tools.
  • Max. file size: 300 MB.

Every connection begins with a conversation. Begin the legal recruitment process now.