Southern Company is seeking a highly capable and operationally focused Lead Data Security Analyst (Team Lead) to support and help scale the enterprise Data Security Program. This role serves as both a hands-on senior analyst and frontline team lead, responsible for executing advanced data security operations while providing day-to-day guidance and oversight for a small team of analysts.

This individual will perform all core Data Security Analyst responsibilities, including DLP/DSPM policy deployment, alert triage, tuning, and encryption validation, while also driving operational consistency, prioritization, quality control, and continuous improvement across the team.

The Lead Data Security Analyst will coordinate closely with Cybersecurity leadership, Incident Response, Legal, Privacy, Compliance, and business stakeholders to ensure effective risk reduction outcomes. Success in this role requires strong technical depth, operational discipline, and the ability to lead through influence, driving high-quality execution while balancing security risk with business productivity.

Job Responsibilities:

Deploy, configure, and maintain DLP and DSPM policies across in‑scope channels (e.g., email, endpoints, SaaS/cloud repositories, etc.) in alignment with program standards and priorities.
Provide day-to-day guidance and task prioritization for a team of analysts to ensure consistent operational coverage.
Review analyst work (alert handling, investigations, tuning changes, documentation) to ensure quality and adherence to standards.
Act as the primary escalation point for analysts and remove blockers to maintain workflow efficiency.
Drive consistent use of runbooks, playbooks, and standard operating procedures.
Coach and mentor other analysts to build technical capability and investigative maturity.
Monitor, review, and triage data security alerts; determine severity and next steps, perform initial investigation, and document findings and actions.
Execute defined response actions (e.g., alert, notify, quarantine, block, restrict sharing, require encryption) and follow established workflows for incident handling and escalation.
Tune and improve DLP rules, detection logic, and policies to reduce false positives, improve signal quality, and minimize business disruption.
Support deployment and ongoing execution of data encryption controls for sensitive data at rest and in transit, in alignment with enterprise encryption standards and data handling requirements.
Coordinate encryption enablement activities with platform teams, data owners, and application teams, including validation, testing, and documentation of implemented controls.
Support data classification and labeling efforts by validating detections, refining patterns/classifiers, and assisting with coverage expansion and quality improvements.
Conduct basic investigations by correlating alert details with relevant logs/telemetry and partnering with the SOC/IR teams when additional investigative depth is needed.
Identify when to engage key stakeholders (e.g., Legal, Privacy, Compliance, HR, business owners) and coordinate escalation pathways based on defined criteria.
Create and maintain operational documentation, including runbooks, response playbooks, encryption validation steps, and standard operating procedures.
Track and report operational metrics such as alert volumes, false positives, time‑to‑resolution, and recurring themes requiring control or policy changes.
Participate in continuous improvement activities, including encryption coverage expansion, policy reviews, rule enhancements, and operational process improvements.
Work effectively within an analyst team by sharing workload, coordinating priorities, maintaining coverage, and supporting a customer‑focused service mindset.
Promote a culture of accountability, collaboration, and operational excellence while supporting the broader Data Security Program’s goals.

Requirements and qualifications:

Minimum

3+ year(s) of experience in cybersecurity operations, data security, security tooling administration, SOC operations, or a related security analyst role.
Hands-on experience with DLP and/or data protection tools, including policy deployment, alert triage, tuning, and response workflows.
Strong understanding of data protection concepts across on‑prem, cloud, SaaS, and endpoint environments.
Demonstrated ability to lead day-to-day operations, prioritize work, and ensure consistent outcomes.
Experience reviewing or mentoring analysts and improving team performance.
Strong communication skills with the ability to coordinate escalations and partner with technical and non‑technical stakeholders.
Ability to balance risk reduction with business impact and customer experience.
Must pass NERC CIP & Insider Threat Protection background checks.

Preferred Qualifications

Experience with Data Security Posture Management (DSPM) tools and workflows (discovery, exposure identification, remediation tracking).
Experience with data classification/labeling programs and improving classifier quality/coverage.
Familiarity with alert triage and escalation processes in partnership with SOC/Incident Response functions.
Experience integrating signals into SIEM/SOAR or working with ticketing/workflow systems for operational tracking.
Familiarity with data handling controls such as encryption, access control, and secure collaboration/sharing restrictions.
Understanding of encryption technologies and enterprise data protection standards.
Certifications (nice to have): Security+, GSEC, SSCP, MSFT SC‑200/SC‑401, or other security operations / data protection credentials.
Experience supporting or securing critical infrastructure environments.

This position falls under the company’s Insider Threat Program and will have access to, and control over sensitive data, systems or assets. Enhanced personnel screening, which includes a background review, drug screen and psychological assessment, will be required if you are selected for this position

About Southern Company

Southern Company (NYSE: SO ) is a leading energy provider serving 9 million customers across the Southeast and beyond through its family of companies. Providing clean, safe, reliable and affordable energy with excellent service is our mission. The company has electric operating companies in three states, natural gas distribution companies in four states, a competitive generation company, a leading distributed energy solutions provider with national capabilities, a fiber optics network and telecommunications services. Through an industry-leading commitment to innovation, resilience and sustainability, we are taking action to meet customers' and communities' needs while advancing our goal of net-zero greenhouse gas emissions by 2050. Our uncompromising values ensure we put the needs of those we serve at the center of everything we do and are the key to our sustained success. We are transforming energy into economic, environmental and social progress for tomorrow. Our corporate culture has been recognized by a variety of organizations, earning the company awards and recognitions that reflect Our Values and dedication to service. To learn more, visit www.southerncompany.com .

Southern Company invests in the well-being of its employees and their families through a comprehensive total rewards strategy that includes competitive base salary, annual incentive awards for eligible employees and health, welfare and retirement benefits designed to support physical, financial, and emotional/social well-being. This position may also be eligible for additional compensation, such as an incentive program, with the amount of any bonus/awards subject to the terms and conditions of the applicable incentive plan(s). A summary of the benefits offered for this position can be found here https://seo.nlx.org/southernco/pdf/SOCO-Benefits.pdf . Additional and specific details about total compensation and beneﬁts will also be provided during the hiring process.

Southern Company is an equal opportunity employer where an applicant's qualifications are considered without regard to race, color, religion, sex, national origin, age, disability, veteran status, genetic information, sexual orientation, gender identity or expression, or any other basis prohibited by law.

Job Identification: 19465

Job Category: Cybersecurity

Job Schedule: Full time

Company: Southern Company Services

Apply Now

Share this job

Candidate Profile

Take a few minutes to create or modify your employment profile and to specify your preferred working criteria for future openings matching your interests.

Create / access My Profile

Our Culture & Hiring Process

Learn more about Southern Company’s culture, values, and inclusion initiatives and what our hiring process looks like. You are one step closer to helping us build the future of energy!

Our Culture Hiring Process

Apply now

See more open positions at Georgia Power Company

Powered by Getro.com

Privacy policy Cookie policy