DLP Specialist-Data Privacy

About Us:

Infosys is a global leader in next-generation digital services and consulting. We enable clients in more than 56 countries to navigate their digital transformation. With over four decades of experience in managing the systems and workings of global enterprises, we expertly steer our clients through their digital journey. We do it by enabling the enterprise with an AI-powered core that helps prioritize the execution of change. We also empower the business with agile digital at scale to deliver unprecedented levels of performance and customer delight. Our always-on learning agenda drives their continuous improvement through building and transferring digital skills, expertise, and ideas from our innovation ecosystem.

Visit to see how Infosys (NYSE: INFY) can help your enterprise navigate your next.

Salary Range: AUD Annual Gross

Please Note:- The above salary range is only indicative and maybe subject to suitable enhancements, based on internal company processes

Short Description: This role operates within a fast-paced agile environment in Data Strategy & Transformation Tribe, working at the frontier of data innovation. The Data & ID Transformation Tribe enables next-generation data management capabilities across the full data lifecycle. The Tribe's responsibilities include:

• Creating, owning, and implementing a cohesive data transformation strategy across governance and execution streams.
• Designing and deploying enterprise-wide data governance and data management solutions.
• Delivering data products that meet business needs while actively reducing enterprise data risk.

As a DLP Specialist / Tech Lead, you will design, implement, and optimize Data Loss Prevention (DLP) controls—primarily on Microsoft Purview—and champion privacy-by-design practices across the enterprise.

Location :SYDNEY

Roles and Responsibilities:

DLP Implementation & Tuning

• Implement and enhance DLP controls (Email, Web uploads, SharePoint, OneDrive, Teams, Endpoint) including monitoring and blocking rulesets.
• Roll out initial document classification/labelling and email classification/labelling practices, with corresponding policy-based controls.
• Translate insights from DLP alerts (e.g., false positives, policy collisions, user overrides) to continuously refine posture, thresholds, and user experience (policy tips, justifications).

Operations, Monitoring & Reporting

• Own the operational review of DLP alerts and incidents, ensuring timely triage, escalation, and stakeholder communication.
• Produce metrics and dashboards on policy efficacy, alert volumes, and control coverage; recommend remediation to reduce risk and noise.

Data Privacy & Governance

• Embed privacy-by-design in DLP and information protection workflows; support PIAs/DPIAs, data classification schemas, retention schedules, and lawful-basis mappings.
• Partner with Legal, Risk, Security, and the Data Office to align controls to the Australian Privacy Act (APPs) and relevant global standards (e.g., GDPR principles where applicable).

Stakeholder Engagement & Enablement

• Collaborate with Enterprise IT, Security, Data Office, product owners, and business units to prioritize use cases, manage change, and drive adoption.

Conduct enablement sessions and create artefacts (runbooks, SOPs, user guides) to improve compliance and usability.

Technical Leadership

• Serve as a hands-on Tech Lead: set patterns and guardrails, mentor engineers/analysts, review designs, and ensure quality, resilience, and scalability of controls.
• Contribute to Agile ceremonies; ensure transparent delivery against milestones and risk management commitments.

Skill / Competencies / Experience:

ESSENTIAL

Qualifications:

• Experience in workplace technology management, ideally within an agile enterprise setting.
• Background in Data Loss Prevention and implementation of DLP controls (highly desirable).
• Hands-on experience with Microsoft Purview or similar DLP platforms (desirable).
• Self-starter with a track record of delivering technology controls and services.

Data Privacy (Must‑Have)

• Operational experience with privacy-by-design, data minimisation, purpose limitation, consent, and transparency.
• Familiarity with the Australian Privacy Act and APPs, OAIC guidance, and the Notifiable Data Breaches (NDB) scheme; awareness of GDPR principles beneficial.
• Experience supporting PIAs/DPIAs, handling DSARs, designing retention & disposal policies, and applying de-identification/pseudonymisation techniques.

Data Loss Prevention

• Hands-on delivery of DLP controls in enterprise environments—preferably with Microsoft Purview (Information Protection & Governance).
• Proficiency with sensitivity labels, auto-labelling, sensitive info types, EDM/classifiers, policy tips, user overrides, and incident workflows.

Workplace Technology & Collaboration

• Experience implementing controls across M365 workloads (Exchange Online, SharePoint, OneDrive, Teams) and Endpoint DLP.
• Understanding of related capabilities (eDiscovery, Insider Risk, Conditional Access) and integration patterns.

Delivery & Ways of Working

• Proven delivery in agile environments; strong documentation, stakeholder management, and change management skills.
• Analytical mindset for alert tuning, root-cause analysis, and measurable risk reduction.

PREFERRED

• Microsoft: SC-400 (Information Protection Administrator), SC-200, SC-100
• Privacy: CIPP/E or CIPP/A, CIPM, CIPT (IAPP)
• Security/Governance: ISO/IEC 27001 Lead Implementer/Auditor, CISM, CISA

ADDITIONAL

• Microsoft Purview (Information Protection, Data Loss Prevention, Records/Retention)
• Data Privacy
• M365 workloads (Exchange Online, SharePoint, OneDrive, Teams), Endpoint DLP
• Incident/case management tools, SIEM dashboards, Jira/Confluence, Power BI for reporting

At Infosys, we recognize that everyone has individual requirements. If you are a person with disability, illness, or injury and require adjustments to the recruitment and selection process, please contact our Recruitment team for adjustment either via the following email or call Alternatively, you can include your preferred method of communication in email, and someone will be in touch.

Please note in order to protect the interest of all parties involved in the recruitment process, Infosys does not accept any unsolicited resumes from third-party vendors. In the absence of a signed agreement, any submission will be deemed as non-binding and Infosys explicitly reserves the right to pursue and hire the submitted profile. All recruitment activity must be coordinated through the Talent Acquisition department.

"All aspects of employment at Infosys are based on merit, competence and performance. We are committed to embracing diversity and creating an inclusive environment for all employees. Infosys is proud to be an equal opportunity employer."

Infosys ANZ: Check out why you should join Infosys