.WTW is an award-winning advisory, broking and solutions company that helps clients around the world turn risk into a path for growth.From the Titanic ship in 1912 to The Moon Buggy in 1971, WTW has a richness in insurance history dating back to 1828.Our WTW Regional Delivery Hub based in the heart of Lisbon encompasses a +175 strong global team who deliver operational excellence through innovation and streamlined solutions every single day.The RoleWe are seeking passionate people to grow the Cyber Security team within WTW and provide an excellent service and trusted expertise to all parts of our business. We have an exciting opening for a skilled and experienced L2 Insider Threat Analyst.As part of the Cyber Defence department, this role will investigate Insider Threat and Data Loss Prevention (DLP) cases that have been escalated by our L1 Insider Threat team. Reporting to the Global Head of Insider Threat, the L2 Insider Threat Analyst role is suited to someone who has strong Microsoft Purview DLP and Insider Risk Management (IRM) analyst experience. It is a business facing role and requires working proactively with stakeholders and colleagues to investigate Insider Threat and DLP cases.Primary ResponsibilitiesPerform advanced analysis and investigation of Insider Threat and DLP alerts across the various egress channels in both on-premise and cloud environments.Analyse event/alert patterns to properly interpret and prioritise threats with available DLP and IRM tools and other data protection devices.Help identify trends and drive requirements aimed at improving and enhancing existing DLP and IRM detection policies.Work closely with Cyber Defence teams such as the Global Security Operations Centre, as well as Legal, Privacy and HR teams if necessary, during investigations and incidents.Prepare detailed reports on security incidents, investigations, and mitigation efforts.Contribute to the fine-tuning of rules across the detection tools by highlighting pain points to the Global Head of Insider Threat and Insider Threat Engineering Manager.Contribute to the development, improvement and review of operational documents.Secondary ResponsibilitiesOther relevant tasks as designated by the Global Head of Insider Threat.Help coach and mentor L1 Insider Threat Analysts.Provide support to projects and initiatives that enhance Insider Risk and data protection policies and standards.QualificationsThe RequirementsIt is essential that you have in-depth experience within a Senior DLP or Insider Threat Analyst role in a global enterprise organisation.Relevant Microsoft Qualifications for Purview DLP, Defender and IRM.Excellent operational knowledge of Purview DLP, Defender and IRM.Excellent analytical and investigative skills to identify complex security issues and respond at the same level with a technical understanding of when to escalate impacting security events.Ability to identify trends and patterns in data usage behaviour