Data Governance (Privacy & Security) Expert

Overview

Data Privacy & Regulatory Compliance

• Ensure ongoing compliance with organizational policies, legal requirements, regulatory standards, contractual obligations, and privacy frameworks.
• Monitor and assess compliance with applicable data protection, cybersecurity, and privacy laws and regulations.
• Evaluate existing privacy and data protection frameworks to identify gaps, weaknesses, and remediation requirements.
• Conduct privacy impact assessments and data protection risk assessments for projects, systems, and operational activities.
• Identify critical privacy and compliance risks and recommend corrective and preventive actions.
• Support internal and external audits related to privacy, governance, and information security compliance.
• Develop remediation plans and monitor implementation progress for identified compliance issues.

Information Security & Data Protection

• Develop, implement, and maintain enterprise data security policies, standards, and procedures.
• Implement and enforce information security controls to protect Protected Health Information (PHI), Personally Identifiable Information (PII), and sensitive organizational data.
• Ensure integration of privacy and security requirements into business operations, systems, and organizational strategies.
• Support identity and access management initiatives and secure data handling practices.
• Collaborate with operational and technical teams to optimize security controls and data protection technologies.
• Support data classification, encryption, retention, and secure data disposal initiatives.
• Monitor compliance with security controls and recommend improvements to strengthen organizational security posture.

Data Governance & Data Management

• Establish and maintain enterprise data governance frameworks, standards, policies, and procedures.
• Define and manage data standards, metadata structures, data definitions, and data entry and retrieval rules.
• Support enterprise-wide data discovery, data mapping, and data classification activities.
• Review organizational data usage practices to ensure compliance with governance and privacy requirements.
• Collaborate with stakeholders to maintain data quality, consistency, integrity, and accuracy across systems.
• Develop standards and acceptable methods for reporting, presenting, and sharing organizational data.
• Support the implementation and administration of unified data governance platforms and tools.

Data Analysis, Reporting & Quality Oversight

• Analyze organizational data trends and reporting patterns to identify improvement opportunities.
• Prepare governance, compliance, privacy, and risk management reports for stakeholders and leadership.
• Identify gaps in datasets and recommend additional data collection or governance measures.
• Work with business managers and technical teams to maintain long-term data quality and governance controls.
• Support large-scale data analysis initiatives while ensuring proper governance and data protection measures.

Stakeholder Collaboration & Advisory

• Collaborate with business, legal, compliance, operational, and technical teams on governance and privacy initiatives.
• Provide expert guidance and advisory support on data governance, privacy, and security matters.
• Review projects, systems, and business initiatives to ensure compliance with data protection requirements.
• Support vendor assessments and third-party privacy and security reviews.
• Coordinate with stakeholders to implement privacy-by-design and security-by-design principles.

Training, Awareness & Culture

• Promote a culture of data protection, governance, and compliance across the organization.
• Develop and deliver privacy, governance, and security awareness initiatives and training programs.
• Educate employees and stakeholders on data protection obligations, governance standards, and compliance best practices.
• Support ongoing awareness initiatives related to privacy, cybersecurity, and secure data handling.
• Perform related duties and special projects as assigned.
• Support continuous improvement initiatives related to governance, compliance, and enterprise security practices.

Experience & Qualifications

• Bachelor’s degree in Computer Science, Information Security, Cybersecurity, Information Management, Information Technology, or a related field.
• Additional professional education, certifications, or specialized training in privacy, governance, cybersecurity, or compliance is preferred.
• Minimum 15 years of experience in data privacy, data protection, information security, governance and compliance, cybersecurity frameworks, and regulatory compliance.
• Experience working within highly regulated environments, preferably healthcare or other sensitive data environments.
• Proven experience developing and implementing enterprise privacy and governance programs.
• Experience conducting privacy impact assessments, compliance reviews, and governance audits.

Technical Knowledge

• Strong understanding of data privacy and protection laws, information security frameworks and standards, data governance principles, risk management and compliance practices, and privacy impact assessment methodologies.
• Knowledge of industry standards and frameworks, including ISO 27001, ISO 27701, ISO 27018, NIST, CIS Benchmarks, and information security governance best practices.
• Experience with cloud security environments, identity and access management technologies, data discovery and classification tools, data protection and privacy management solutions, and unified data governance platforms.
• Hands-on experience with data privacy management tools, data governance platforms, security monitoring solutions, and enterprise reporting and documentation processes.

Preferred Certifications

• Certified Information Privacy Professional (CIPP).
• Certified Data Privacy Solutions Engineer (CDPSE).
• Certified Information Systems Security Professional (CISSP).
• ISO 27001 Lead Implementer or Lead Auditor certification.
• Equivalent governance, privacy, cybersecurity, or compliance certifications.

Skills & Competencies

• Strong analytical and problem-solving abilities.
• Excellent stakeholder management and communication skills.
• Ability to develop governance frameworks, policies, and compliance programs.
• Strong auditing, reporting, and documentation capabilities.
• Experience leading cross-functional governance and security initiatives.
• Ability to manage multiple priorities in complex environments.
• Strong understanding of regulatory compliance and operational risk management.
• High attention to detail and organizational skills.
• Ability to deliver training, awareness, and advisory support effectively.