DLP Specialist-Data Privacy

About Us:

Infosys is a global leader in next-generation digital services and consulting. We enable clients in more than 56 countries to navigate their digital transformation. With over four decades of experience in managing the systems and workings of global enterprises, we expertly steer our clients through their digital journey. We do it by enabling the enterprise with an AI-powered core that helps prioritize the execution of change. We also empower the business with agile digital at scale to deliver unprecedented levels of performance and customer delight. Our always-on learning agenda drives their continuous improvement through building and transferring digital skills, expertise, and ideas from our innovation ecosystem.

Visit www.infosys.com to see how Infosys (NYSE: INFY) can help your enterprise navigate your next.

• Creating, owning, and implementing a cohesive data transformation strategy across governance and execution streams.
• Designing and deploying enterprise-wide data governance and data management solutions.
• Delivering data products that meet business needs while actively reducing enterprise data risk.

• Implement and enhance DLP controls (Email, Web uploads, SharePoint, OneDrive, Teams, Endpoint) including monitoring and blocking rulesets.
• Roll out initial document classification/labelling and email classification/labelling practices, with corresponding policy-based controls.
• Translate insights from DLP alerts (e.g., false positives, policy collisions, user overrides) to continuously refine posture, thresholds, and user experience (policy tips, justifications).

• Own the operational review of DLP alerts and incidents, ensuring timely triage, escalation, and stakeholder communication.
• Produce metrics and dashboards on policy efficacy, alert volumes, and control coverage; recommend remediation to reduce risk and noise.

• Embed privacy-by-design in DLP and information protection workflows; support PIAs/DPIAs, data classification schemas, retention schedules, and lawful-basis mappings.
• Partner with Legal, Risk, Security, and the Data Office to align controls to the Australian Privacy Act (APPs) and relevant global standards (e.g., GDPR principles where applicable).

• Collaborate with Enterprise IT, Security, Data Office, product owners, and business units to prioritize use cases, manage change, and drive adoption.

• Serve as a hands-on Tech Lead: set patterns and guardrails, mentor engineers/analysts, review designs, and ensure quality, resilience, and scalability of controls.
• Contribute to Agile ceremonies; ensure transparent delivery against milestones and risk management commitments.

• Experience in workplace technology management, ideally within an agile enterprise setting.
• Background in Data Loss Prevention and implementation of DLP controls (highly desirable).
• Hands-on experience with Microsoft Purview or similar DLP platforms (desirable).
• Self-starter with a track record of delivering technology controls and services.

• Operational experience with privacy-by-design, data minimisation, purpose limitation, consent, and transparency.
• Familiarity with the Australian Privacy Act (1988) and APPs, OAIC guidance, and the Notifiable Data Breaches (NDB) scheme; awareness of GDPR principles beneficial.
• Experience supporting PIAs/DPIAs, handling DSARs, designing retention & disposal policies, and applying de-identification/pseudonymisation techniques.

• Hands-on delivery of DLP controls in enterprise environments-preferably with Microsoft Purview (Information Protection & Governance).
• Proficiency with sensitivity labels, auto-labelling, sensitive info types, EDM/classifiers, policy tips, user overrides, and incident workflows.

• Experience implementing controls across M365 workloads (Exchange Online, SharePoint, OneDrive, Teams) and Endpoint DLP.
• Understanding of related capabilities (eDiscovery, Insider Risk, Conditional Access) and integration patterns.

• Proven delivery in agile environments; strong documentation, stakeholder management, and change management skills.
• Analytical mindset for alert tuning, root-cause analysis, and measurable risk reduction.

• Microsoft: SC-400 (Information Protection Administrator), SC-200, SC-100
• Privacy: CIPP/E or CIPP/A, CIPM, CIPT (IAPP)
• Security/Governance: ISO/IEC 27001 Lead Implementer/Auditor, CISM, CISA

• Microsoft Purview (Information Protection, Data Loss Prevention, Records/Retention)
• Data Privacy
• M365 workloads (Exchange Online, SharePoint, OneDrive, Teams), Endpoint DLP
• Incident/case management tools, SIEM dashboards, Jira/Confluence, Power BI for reporting