Developing and implementing security solutions to enhance efficiency and competitiveness is a key aspect of our company's strategy at Carl Zeiss Group. By working closely with various business units, we ensure that technological advancements and digital transformations are seamlessly integrated into business processes.
Your Role
* Develop and maintain a solution-agnostic, high-level data loss prevention framework that defines clear implementation guardrails and compliance criteria.
* Define and document standardized rules and decision trees for consistent handling of DLP exceptions.
* Monitor DLP alerts via the Security Information and Event Management dashboard, perform initial triage, and support risk-based prioritization.
* Analyze DLP incidents to assess severity and drive resolution or escalation in line with established workflows.
* Document and manage DLP-related incidents, ensuring alignment with the data loss prevention playbook.
* Review trends in DLP alerts and exceptions to identify systemic issues and propose process improvements.
* Collaborate with Security Operations Center, IT teams, and data owners to enhance detection logic, reduce false positives, and increase DLP coverage.
* Prepare and deliver regular and ad-hoc reports on DLP activities, exceptions, and long-term developments.
About This Job
* You will be responsible for shaping and operationalizing our data loss prevention framework to protect sensitive information and ensure compliance with internal policies and regulatory requirements.
* Your role focuses on monitoring, analyzing, and optimizing DLP processes and controls, while collaborating with cross-functional stakeholders such as the Security Operations Center, IT, Legal, and Data Governance.
Your Profile
* Degree in Information Security, Computer Science, or a related technical field.
* At least 3 years of experience in data loss prevention, information security monitoring, or cybersecurity operations.
* Experience with DLP platforms (e.g., Microsoft Purview), SIEM tools, and alert triage processes.
* Familiarity with data protection regulations (e.g., GDPR, NIS2) and internal compliance requirements.
* Strong understanding of data classification, sensitive data types, and protection mechanisms.
* Ability to analyze structured and unstructured alert data and identify anomalies or compliance gaps.
* Experience in documenting exception handling processes and building security decision trees.
* Excellent communication skills and ability to present findings to technical and non-technical audiences.