Information Security Engineer - Data Protection & Insider Risk

OVERVIEW

We are seeking an experienced dynamic Information Security Engineer with expertise in data leakage prevention (DLP) insider risk management and identity and access governance (IAG). This role is responsible for protecting sensitive data across endpoints cloud services and SaaS platforms by designing implementing and operating security controls that identify classify monitor and govern access to enterprise data.

This position also plays a hands-on role in securing Microsoft Copilot for M365 and other emerging AI-enabled tools focusing on technical controls data protection enforcement and security logging. The ideal candidate has experience managing data classification and labeling programs insider risk detection identity governance platforms and modern security tooling and is comfortable working across IT security and compliance functions to enable the business securely.

RESPONSIBILITIES

Data Protection & Leakage Prevention

• Designs implements and operates Data Loss/Leakage Prevention (DLP) controls across endpoints email cloud services and SaaS platforms;
• Leads and maintains data identification classification and labeling strategies for structured and unstructured data;
• Monitors investigates and responds to data exfiltration and misuse events including both accidental and malicious activity;
• Tunes detection policies to reduce false positives while maintaining effective risk coverage.

Insider Risk Management

• Operates and enhances insider risk detection and response programs including behavioral analytics and user activity monitoring;
• Partners with IT/IS management on insider risk investigations ensuring appropriate governance and privacy controls;
• Develops workflows for escalation evidence handling and remediation of insider risk incidents.

Identity & Access Governance

• Manages and optimizes identity and access governance (IAG) platforms including access reviews entitlement management and lifecycle automation;
• Supports least-privilege access models role-based access control (RBAC) and segregation of duties (SoD) initiatives;
• Integrates identity signals with data protection and insider risk tooling to enable contextual risk-based controls.

Security Tooling & Operations

• Serves as a subject matter expert for security platforms related to DLP insider risk data classification and identity governance;
• Evaluates onboards and operationalizes new security tools and features;
• Creates and maintains runbooks procedures dashboards and metrics to demonstrate program effectiveness.

Governance Risk and Collaboration

• Supports regulatory and compliance requirements related to data protection and access control (e.g. SOX HIPAA GDPR CCPA etc. as applicable);
• Provides guidance to IT and business teams on secure data handling and access practices;
• Contributes to security awareness efforts related to data handling insider risk and acceptable use.

AI & Generative AI Security (Technical Controls & Monitoring)

• Implements and operates security controls for Microsoft Copilot for M365 using Purview Defender and Entra ID to enforce access boundaries and reduce data exposure;
• Configures DLP sensitivity labels permissions logging and alerting to ensure AI-assisted access aligns with data classification and authorization models;
• Investigates and responds to data exposure or misuse involving Copilot or other AI-enabled workflows and support secure onboarding of additional AI/LLM tools; and
• Performs additional duties as assigned.

QUALIFICATIONS

REQUIRED CANDIDATE QUALIFICATIONS:

• 5+ years of experience in information security with direct focus on data protection insider risk or identity governance;
• Hands-on experience with one or more DLP and data classification platforms (e.g. Microsoft Purview Symantec Forcepoint Netskope etc.);
• Experience managing identity and access governance solutions (e.g. Microsoft Entra ID Governance SailPoint Saviynt Okta IGA);
• Strong understanding of data classification schemes sensitive data types and data handling controls;
• Experience investigating security alerts and incidents involving user behavior and data misuse;
• Familiarity with endpoint cloud and SaaS security architectures;
• Strong documentation communication and cross-functional collaboration skills; and
• Ability to work additional hours as needed.
   

PREFERRED / NICE-TO-HAVE QUALIFICATIONS:

• Experience with Microsoft security ecosystem (Purview Defender for Endpoint Defender for Cloud Apps Entra ID Sentinel);
• Experience with User and Entity Behavior Analytics (UEBA) or insider risk platforms;
• Knowledge of privacy-by-design principles and employee monitoring considerations;
• Scripting or automation experience (PowerShell Python KQL etc.);
• Security certifications such as CISSP CISM CCSP GIAC or vendor-specific certifications;
• Bachelor’s degree in Information Security Computer Science Information Technology or a related technical field.
   

This position is located in our New York office and currently has a hybrid work schedule but that is subject to change. The estimated salary range for this position is $160000 to $180000. The actual salary offered will be based on a wide range of factors including relevant skills training experience education and where applicable licensure or certification obtained. Market and Firm factors are also considered. In addition to base salary and discretionary bonus(es) we offer a generous employee benefits package including but not limited to paid time off medical dental vision care 401(k) and substantial health club discounts.

What We Do

Cravath has been known as one of the premier U.S. law firms for two centuries. Each of our practice areas is highly regarded and our lawyers are recognized around the world for their commitment to the representation of our clients'​ interests. Our primary areas of practice include: corporate litigation tax executive compensation and benefits and trusts and estates.