Role description
Data Protection Analyst June 1, 2026 Position Summary The data protection analyst is a practitioner responsible for securing and monitoring all data accessed, transmitted and stored throughout the business and third parties. The data protection analyst is involved throughout the entire data lifecycle, from inception through disposal, ensuring access to data is managed and maintained following rigorous security, engineering and governance principles. The analyst works closely with business units and stakeholders to help with data access, ownership and enforcement of policies, rules and safeguards. The analyst works closely with IT team members, cybersecurity operations/responders and third parties, and must be technically proficient with data protection technologies, including data loss prevention (DLP), data classification, privacy, behavior analytics, encryption and GRC. The analyst must collaborate with technical and non-technical teams to design, implement and manage data protection processes that reduce risks from insider threats and data breaches. The role is expected to be knowledgeable about data storage and identity and access management, and adept at understanding security architecture with internal and hosted services. Continual assessment and validation of controls is required to ensure protection aligns with policies, procedures and risk oversight. Analysts support senior management to help maintain a safe and secure enterprise technical operation. Additionally, analysts work closely with incident response and security operations center (SOC) personnel when events and suspected incidents surface. Essential Job Duties
- Utilize the Varonis Data Security Platform to monitor sensitive data, user activity, permissions, and data security risks across on-premises and cloud data repositories.
- Assist with the discovery and classification of sensitive data using Varonis Data Classification Engine, helping identify regulated and business-critical information such as PII, financial data, and intellectual property.
- Review and analyze Varonis-generated s, risk assessments, and access reports to identify excessive permissions, data exposure risks, unusual user activity, and potential insider threats.
- Support data access governance activities by performing entitlement reviews, validating access requests, and assisting with remediation efforts to reduce excessive or inappropriate access.
- Monitor data security posture metrics and assist in tracking remediation activities related to overexposed data, stale data, orphaned accounts, and permission risks.
- Investigate data security incidents and suspicious data access events, escalating findings to senior security personnel and incident response teams as appropriate.
- Assist with the administration and maintenance of Varonis policies, s, reports, dashboards, and workflows to support data protection objectives.
- Support data governance initiatives by helping maintain documentation, standards, procedures, and audit evidence related to data protection controls.
- Generate regular reports and metrics on data security posture, risk trends, access governance activities, and compliance-related initiatives.
- Collaborate with business stakeholders, data owners, IT teams, and security personnel to improve data protection practices and reduce organizational risk.
- Participate in continuous improvement efforts focused on data security, access governance, automation, and operational efficiency. Skills and Experience
- 1-3 years of experience in information security, cybersecurity operations, identity and access management, or data governance.
- Familiarity with the Varonis Data Security Platform or similar data security and data governance technologies.
- Basic understanding of data classification, data protection, DSPM, access governance, insider risk, and least-privilege access principles.
- Working knowledge of Microsoft 365, SharePoint Online, OneDrive, Teams, Windows file systems, and Active Directory/Entra ID environments.
- Ability to analyze user access, permissions, security events, and system-generated s to identify potential security risks.
- Experience working with security reporting, dashboards, metrics, and documentation.
- Strong analytical and investigative skills with attention to detail and the ability to identify patterns, anomalies, and risk indicators.
- Understanding of security and compliance concepts related to sensitive data protection and privacy requirements.
- Ability to communicate technical findings clearly to both technical and non-technical audiences.
- Proficiency with Microsoft Excel, reporting tools, and general data analysis techniques. Education Requirements Bachelor's degree preferred in information assurance, computer science, engineering or related technical field. Experience Requirements 3-5+ years of cybersecurity or information technology practitioner experience. 2+ years of related security systems administration with data protection management solutions and preferably some experience with endpoint, network or application security solutions. Certification Requirements One or more of CISSP, CIPP, CISA CRISC, CDPSE and GSEC is preferable, but not required
Skills
data security,data protection,varonis,data access governance,data loss prevention,
About UST
UST is a global digital transformation solutions provider. For more than 20 years, UST has worked side by side with the world’s best companies to make a real impact through transformation. Powered by technology, inspired by people and led by purpose, UST partners with their clients from design to operation. With deep domain expertise and a future-proof philosophy, UST embeds innovation and agility into their clients’ organizations. With over 30,000 employees in 30 countries, UST builds for boundless impact—touching billions of lives in the process.
