L2 Insider Threat Engineer - IRM

This role would suit those with a background in troubleshooting, administering and implementing IRM technologies, and with technical experience of the Microsoft Security stack with a focus on Purview DLP, IRM and Defender.
As the L2 Insider Threat Engineer (IRM), the primary responsibilities will be:
•    Responsible for implementing, maintaining, and troubleshooting the IRM technologies, policies and rules used in WTW.
•    Work closely with the L3 Insider Threat Engineering Lead (IRM) to develop, implement, and refine rules and policies to help prevent data loss and protect sensitive information across the organisation.
•    Ensure that IRM policies are fine-tuned and matured to reduce the number of false positives.
•    Collaborate with cross-functional teams, including IT, Cyber Security, HR, legal, and compliance, to define data protection and insider risk requirements, policies and standards.
•    Act as an escalation point for the L1 Insider Threat Engineers.
•    Contribute to regular assessments of the Insider Threat Engineering function to identify areas for continuous improvement.
•    Contribute to regular reports and updates to management on the performance and effectiveness of the IRM technologies.
•    Identify trends and requirements aimed at improving and enhancing existing IRM policies, and report this upward through the security management chain.
•    Provide guidance, coaching and support to L1 Insider Threat Engineers.
•    Stay current with emerging IRM technologies in the cyber security landscape.
Secondary responsibilities
•    Be an integral part of projects that enhance insider threat and data protection policies and standards.
•    Other relevant tasks as designated by the Global Head of Insider Threat and L3 Insider Threat Engineering Leads.
Qualifications
What you will need:
•    It is essential that you have experience implementing, troubleshooting and administering Insider Threat and DLP technologies in a global enterprise organisation.
•    A solid engineering knowledge of the Microsoft Security stack, in particular Purview DLP, IRM and Defender.
•    Relevant Microsoft qualifications in Purview DLP, IRM and Defender.
•    Understanding of data protection laws, regulations, and compliance requirements (e.g., GDPR, CCPA, HIPAA).
•    Strong analytical problem-solving skills.
•    Excellent communication and interpersonal skills, with the ability to effectively collaborate with stakeholders at all levels of the organization.
•    Must be self-motivated and capable of independent work.

Beneficial:
•    Previous experience of deploying the Microsoft Insider Risk Management module within a global enterprise organisation.
•    Hands-on experience with KQL and PowerShell.
•    Industry certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or Certified Information Privacy Professional (CIPP)

-