IT Operations Specialist I - 3RD Party Risk Review, DLP

At Fluor, we are proud to design and build projects and careers. We are committed to fostering a welcoming and collaborative work environment that encourages big‑picture thinking, brings out the best in our employees, and helps us develop innovative solutions that contribute to building a better world together. If this sounds like a culture you would like to work in, you’re invited to apply for this role. Fluor is a leading government contractor with a proven track record of delivering high‑value technical solutions around the world to U.S. government agencies such as the DOE, NNSA, the Department of Defense and the Intelligence Community.

The IT Security Operations Analyst is responsible for conducting comprehensive application risk assessments, with a particular focus on third‑party risk analysis. This involves evaluating the security posture of external vendors, partners, and their applications to ensure they meet organizational standards and regulatory requirements. The analyst reviews contracts, Statements of Work (SOW), and Data Processing Agreements (DPAs) to identify potential risks associated with third‑party access or data handling and works closely with internal stakeholders to implement mitigation strategies. Additionally, the role manages Data Loss Prevention (DLP) activities using Microsoft Purview, which includes monitoring for unauthorized data transfers, configuring DLP policies to protect sensitive information, and responding to incidents where data security may be compromised. Through these efforts, the analyst helps maintain robust security controls and minimizes the risk of data breaches originating from both internal and external sources. This position will collaborate with internal IT teams, internal customers, and outside vendors.

Responsibilities

• Conduct thorough risk assessments of new and existing applications, identifying potential vulnerabilities and security gaps.
• Analyze and interpret security assessment findings, and provide actionable recommendations to mitigate identified risks.
• Collaborate with software development teams to implement security best practices and ensure secure coding standards are followed.
• Stay up‑to‑date with the latest threats, vulnerabilities, industry trends, and integrate this knowledge into the risk assessment process.
• Participate in security reviews to evaluate and validate the effectiveness of security controls.
• Provide technical expertise and guidance to support incident response efforts related to application security incidents.
• Review and validate contracts, Statements of Work (SOW), and Data Processing Agreements (DPAs).
• Develop and maintain DLP policy standards, reusable templates, naming conventions, and engineering runbooks.
• Partner with Legal, Privacy, HR, Compliance, and Security teams to translate requirements into actionable DLP controls, evidence collection, and defensible audit artifacts.

Basic Job Requirements

• Accredited four (4) year degree or global equivalent in applicable field of study and five (5) years of work‑related experience or a combination of education and directly related experience equal to nine (9) years if non‑degreed; some locations may have additional or different qualifications in order to comply with local requirements.
• Ability to communicate effectively with audiences that include but are not limited to management, coworkers, clients, vendors, contractors, and visitors.
• Job related technical knowledge necessary to complete the job.
• Ability to learn and apply knowledge of applicable local, state/province, and federal/national statutes and guidelines.
• Ability to attend to detail and work in a time‑conscious and time‑effective manner.

Preferred Qualifications

• Bachelor’s degree in Computer Science, Information Technology, or a related field.
• Relevant industry certifications such as CISSP, CISM, or similar.
• Proven experience (5 years) as an IT Security Analyst or similar role, with a focus on application security, Azure Active Directory, conditional access policies, and single sign‑on (SSO) configurations.
• Ability to effectively adapt to rapidly changing technology and apply it to business needs.
• Demonstrated strong technical and non‑technical communication skills, both oral and written.
• Strong team‑oriented interpersonal skills.
• Strong understanding of software development processes and the ability to identify security issues in code and design.
• Familiarity with OWASP Top Ten vulnerabilities and ability to assess and mitigate associated risks.
• Proficiency in scripting or programming languages (e.g., Python, JavaScript, Java) is a plus.
• Excellent communication skills to convey complex technical concepts to non‑technical stakeholders.
• Strong problem‑solving skills.
• Strong organizational skills and attention to detail, especially concerning note taking when evaluating applications and attending meetings.
• Organize and prioritize a variety of projects and multiple tasks in an effective and timely manner, set priorities, and meet deadlines.

We are an equal opportunity employer. All qualified individuals will receive consideration for employment without regard to race, color, age, sex, sexual orientation, gender identity, religion, national origin, disability, veteran status, genetic information, or any other criteria protected by governing law.

Benefits Statement

Fluor is proud to offer a comprehensive benefits package designed to promote employee health, wellness, and financial security. Our offerings include medical, dental and vision plans, EAP, disability coverage, life insurance, AD however, variations in final salary are determined by additional factors such as the candidate’s qualifications, relevant years of experience, geographic location, internal pay equity, and prevailing market conditions for the specific role.

Notice to Candidates

Background checks are carried out as part of any conditional offer made.