Role Summary:

The Guardium Data Analyst transforms database activity monitoring (DAM) and data protection telemetry into actionable insights that reduce data- exfiltration risk and strengthen compliance. This role builds analytics and dashboards, tunes policies with engineering, and drives measurable improvements in data security posture across databases, data warehouses/lakes, and cloud data stores.

Key Responsibilities:

Data Ingestion & Modeling:

- Ingest, cleanse, and normalize Guardium activity logs, policy events, exceptions, and anomalies; design robust data models for analysis and reporting.

- Correlate Guardium events with CMDB/asset inventory, IAM (users/roles), and business service context to prioritize risk.

Analytics & Detection Tuning:

- Analyze query patterns, access anomalies, exfil indicators (e.g., large result sets, after- hours access), and privileged user behavior; propose policy/rule tuning to reduce false positives.

- Identify gaps in monitoring coverage (unprotected databases, missing agents/gateways) and partner with engineering to close them.

Reporting & Metrics:

- Build operational and executive dashboards (e.g., policy violations, top users/assets at risk, MTTR for investigations, coverage & health of collectors/agents).

- Define and track KPIs/KRIs (policy violation trends, alert fidelity, coverage %, SLA adherence, investigation throughput).

Compliance & Audit Support;

- Produce evidence and reports for control testing (SOX, PCI, HIPAA, GDPR, etc.); maintain lineage and retention of monitoring data.

- Support periodic user access reviews (UAR) and privileged activity attestations using Guardium insights.

Stakeholder Enablement:

- Translate findings into clear narratives and prioritized actions for DBAs, data owners, security operations, and compliance teams.

- Contribute requirements and backlog items for platform improvements (new data sources, policies, automations, dashboards).

Required Qualifications:

Experience:

- 3-6+ years in data security analytics, database activity monitoring, DLP/data protection, or security operations with strong data analysis responsibilities.

Technical Skills:

- Proficiency with SQL for complex querying; strong data transformation skills (e.g., Python or equivalent).

- Hands- on experience with IBM Guardium (DAM, policies, classifiers, reports; Guardium Insights preferred) or equivalent DAM/DLP platforms.

- BI/Visualization expertise (Power BI/Tableau/Looker) with ability to design performant semantic models and measures (e.g., DAX).

- Familiarity with relational and cloud data platforms (e.g., Oracle, SQL Server, PostgreSQL, MySQL, Snowflake, BigQuery, Azure/AWS managed databases).

- Understanding of IAM concepts (privileged access, service accounts, role- based access) and integration with SIEM/UEBA.

Domain Knowledge:

- Knowledge of data protection requirements and controls (e.g., encryption, masking, tokenization, segregation of duties).

- Awareness of regulatory/compliance frameworks impacting data security (SOX, PCI DSS, HIPAA, GDPR/CCPA).

Soft Skills: Strong communication, data storytelling, stakeholder management, and the ability to turn analysis into pragmatic recommendations.

Preferred Qualifications:

- Experience with Guardium policy/rule design, S- TAP agents, collectors, aggregators, and health/coverage monitoring.

- Familiarity with ServiceNow (incident, problem, change, CMDB), ticket routing, and SLA reporting.

- Experience integrating Guardium with SIEM (e.g., Splunk, Microsoft Sentinel) and SOAR for alert enrichment/automation.

- Knowledge of data classification and discovery, sensitive data types (PCI, PHI, PII), and data lineage/metadata practices.

- Exposure to cloud data security controls and DSPM tools (e.g., Cyera, Securiti, BigID, Varonis).

Core Competencies:

- Analytical Rigor: Comfortable with large, noisy telemetry; adept at correlation, trend analysis, and outlier detection.

- Detection Quality Mindset: Focus on improving signal- to- noise ratio via policy tuning and context enrichment.

- Data Governance Orientation: Emphasizes accuracy, completeness, lineage, and consistent definitions/metrics.

- Outcome Driven: Prioritizes actions that reduce risk and meet compliance obligations.

Tooling (Illustrative):

Security/Data: IBM Guardium (DAM, Insights), SQL, Python, Power BI/Tableau, Excel (advanced), Git.

Ecosystem: ServiceNow (CMDB/ITSM), SIEM (Splunk/Sentinel), IAM sources (Entra/AD, PAM), cloud platforms (AWS/Azure/GCP), data platforms (Oracle, SQL Server, Snowflake, BigQuery).

Automation/ETL: ADF/Databricks/dbt or equivalent for scheduled data pipelines and API integrations.