Information Security Analyst II
Arrowhead Pharmaceuticals · Madison, WI · 2 wk ago
On-siteInformation Technology$85k/yrFull-time
Responsibilities
- Administer and maintain Microsoft Purview sensitivity labels, label policies, and auto-labeling configurations.
- Develop and refine classification taxonomies appropriate to pharmaceutical data types, including research data, regulatory submissions, and patient data.
- Review and tune auto-classification rules to minimize false positives and ensure accurate labeling across Microsoft 365 and connected data sources.
- Build, maintain, and continuously tune DLP policies across Exchange, SharePoint, OneDrive, Teams, and endpoints.
- Investigate DLP policy matches and alerts, differentiate true policy violations from false positives, and work with business stakeholders to refine rules without disrupting legitimate business workflows.
- Document DLP incidents and escalate confirmed violations per the incident response process.
- Support legal hold requests and eDiscovery collections.
- Work with Legal and HR to scope, execute, and export content searches accurately and in accordance with chain-of-custody requirements.
- Administer Purview Insider Risk Management policies, review alerts, and coordinate with HR, Legal, and Security leadership on confirmed or suspected insider risk cases.
- Maintain clear documentation (runbooks, diagrams, standards, exceptions) and contribute to a knowledge base.
- Triage security alerts and escalate as necessary.
Requirements
- Bachelor's degree in Information Security, Information Technology, Computer Science, or a related field, or equivalent practical experience.
- 3+ years of experience in Information Security, IT compliance, or data governance role.
- Demonstrated hands-on experience administering Microsoft Purview or its predecessor Microsoft 365 Compliance Center, including at least two of the following areas: sensitivity labels, DLP, retention policies, eDiscovery, or Insider Risk Management.
- Strong analytical and problem-solving skills with the ability to investigate alerts, interpret audit logs, and distinguish signal from noise.
- Effective written and verbal communication skills, with the ability to explain technical concepts to non-technical stakeholders.
- Preferred Microsoft certifications relevant to security and compliance, such as SC-401.
- Experience with Microsoft Defender for Cloud Apps (MCAS) and its integration with Purview.
- Prior experience in the pharmaceutical, biotech, or life sciences sector.
- Experience supporting eDiscovery or legal hold workflows in collaboration with Legal teams.
- Exposure to SIEM tools, endpoint detection and response (EDR) platforms, or identity and access management systems.
- Comfortable working across functional teams including Legal, Compliance, HR, and IT, and possesses the judgment to handle sensitive data and insider risk information with appropriate discretion.
Qualifications
- Candidates must have current, valid authorization to work in the country where this role is located.
Benefits
- Competitive salaries and an excellent benefit package.
Pay
- Wisconsin pay range: $85,000 USD - $100,000 USD
- California pay range: $95,000 USD - $110,000 USD