Solo NetworkRemote
Data and Information Security Analyst
Brasil
Full Time
3 weeks ago
No Visa Sponsorship
Key skills
OKRs
About this role
Role Overview
- Work with Microsoft Information Protection, Microsoft Purview and Data Loss Prevention (DLP) to identify, classify and protect sensitive data across data estates, devices, e-mail, SharePoint, Teams, OneDrive, etc.;
- Configure DLP policies based on financial, contractual and regulatory information (LGPD, SOX, PCI-DSS);
- Continuously improve DLP policies based on events, false positives and exception cases;
- Monitor DLP alerts, perform analyses and collaborate with incident response teams;
- Support investigations led by other teams by providing technical inputs and context about DLP policies, classification rules and potential leakage vectors;
- Collaborate with offensive and defensive security teams to ensure prevention use cases are integrated with detection and response mechanisms;
- Support the development and maintenance of the Data Governance program aligned with frameworks such as DAMA-DMBOK;
- Work together with Data Stewards — professionals designated within business areas who act as focal points to ensure data quality, proper use, security and correct classification;
- Conduct mapping, categorization and classification of critical/sensitive data, aligning with the owners of each data domain (e.g., finance, legal, HR);
- Implement and maintain taxonomies, glossaries and information labeling using Purview and MIP;
- Ensure data is classified according to its value, criticality and sensitivity;
- Promote formal classification and continuous updates as inputs for policies, audits and technical controls;
- Define and maintain OKRs and maturity indicators related to the technical activities of data governance and leakage prevention, ensuring alignment with the area’s strategic objectives;
- Assess the evolution of processes and controls based on maturity levels (e.g., NIST, ISO 27001, DAMA), proposing continuous improvements and prioritizing initiatives based on risk;
- Participate in the development and tracking of information security and data protection maturity roadmaps, focusing on technical evolution and governance;
- Lead periodic maturity reviews and propose strategic continuous improvement initiatives;
- Demonstrate results through dashboards, executive reports and technical evidence;
- Develop, review and maintain Information Classification, Acceptable Use, Retention and Data Security policies;
- Ensure compliance with regulations and standards such as LGPD, GDPR, SOX, HIPAA, PCI-DSS, ISO 27001:2022 and NIST;
- Support internal/external audits with evidence of compliance in DLP, classification and governance;
- Conduct training, workshops and awareness campaigns on secure use and information classification;
- Architect and support the implementation of technical and procedural governance and data protection controls;
- Participate in sensitive data mapping projects and recommend strengthening preventive controls;
- Integrate and enhance monitoring in SIEMs (e.g., Microsoft Sentinel), creating rules, use cases and effectiveness reports;
- Propose and implement continuous improvement cycles based on incidents, recurring events and coverage gaps.
Requirements
- Degree in Computer Science, Computer Engineering, Information Systems or related fields;
- Mandatory certifications: SC-900, SC-400
- Preferred certifications: SC-200, SC-100, DP-500