Data Governance (Privacy & Security) Specialist

The Data Governance (Privacy & Security) Specialist is responsible for overseeing data privacy, data protection, information security, and governance initiatives across the organization. The role ensures compliance with legal, regulatory, contractual, and internal data protection requirements while supporting secure data management practices and privacy governance frameworks.

The position plays a key role in protecting sensitive and personally identifiable information, managing data governance programs, supporting risk assessments, and promoting a culture of privacy, security, and compliance across the organization.

Key Responsibilities

Data Privacy & Compliance

• Ensure ongoing compliance with organizational policies, legal requirements, regulatory standards, and contractual obligations
• Monitor and maintain compliance with data privacy, protection, and security regulations
• Conduct privacy impact assessments and evaluate potential risks related to data processing activities
• Identify privacy and security risks and recommend corrective and preventive measures
• Review departmental data usage practices to ensure compliance with privacy laws and governance standards
• Monitor changes in data privacy regulations and recommend updates to governance programs and policies

Information Security & Data Protection

• Implement, manage, and enforce information security controls to protect sensitive and confidential data, including: Protected Health Information (PHI), Personally Identifiable Information (PII)
• Support identity and access management initiatives and secure data handling practices
• Ensure integration of data protection and security requirements into business and operational processes
• Monitor Data Loss Prevention (DLP) compliance and coordinate remediation activities with stakeholders
• Collaborate with technical teams to maintain secure databases and data management environments

Data Governance & Data Management

• Establish and maintain data governance frameworks, standards, policies, and procedures
• Define data standards, data entry rules, and data management best practices
• Support enterprise-wide data discovery, data mapping, and data classification initiatives
• Develop and manage database management plans for large-scale data analysis projects
• Ensure data quality, consistency, and governance controls are maintained over time
• Manage acceptable methods for reporting, presenting findings, and sharing organizational data

Risk Management & Auditing

• Conduct data privacy and compliance audits
• Evaluate existing data protection frameworks and identify areas requiring improvement or remediation
• Perform risk assessments and support incident response and corrective action planning
• Prepare reports and recommendations related to privacy, governance, and compliance activities

Stakeholder Collaboration & Training

• Collaborate with business, operational, legal, compliance, and technical teams to support governance initiatives
• Provide expert guidance and advisory support on privacy, data governance, and compliance matters
• Develop and deliver privacy, security, and compliance training programs
• Promote awareness and a culture of data protection and compliance across the organization
• Support vendor reviews and third-party data protection assessments
• Perform other related duties and special projects as assigned

Qualifications & Experience

• Bachelor’s degree in Computer Science, Information Security, Information Management, Cybersecurity, or a related field
• Additional professional training or certifications in data privacy, governance, or information security is preferred
• 8–12 years of experience in data privacy, data protection, information security, governance and compliance, cybersecurity frameworks, and regulatory compliance.
• Experience working within regulated industries, preferably healthcare environments

Technical Knowledge

• Strong understanding of data privacy and protection laws, information security frameworks and standards, data governance principles, and risk management and compliance practices.
• Knowledge of industry standards and frameworks, including ISO 27001 / ISO 27701, NIST, and CIS Benchmarks.
• Experience with cloud environments, identity and access management, data discovery and classification tools, data protection and privacy management solutions, and unified data governance platforms.

Preferred Certifications

• Certified Information Privacy Professional (CIPP)
• Certified Data Privacy Solutions Engineer (CDPSE)
• Equivalent privacy, governance, or cybersecurity certifications

Skills

• Strong analytical and problem-solving abilities
• Excellent communication and stakeholder management skills
• Ability to develop policies, governance frameworks, and compliance programs
• Experience delivering training and awareness initiatives
• Strong reporting, auditing, and documentation skills