Data Protection Manager
Description:
011760 CCA-IT Info System Security
Position Summary:
Develop, initiate, maintain, and revise data protection and privacy policies, standards, and guidelines for the general operation of the Data Protection Program and its related activities. Manage and implement data classification, sanitization, and disposal programs. Conduct regular assessments to identify and mitigate data risk. Lead strategic implementations of technologies and processes (IaaS, PaaS, SaaS) for data protection both in transit and at rest. Oversee security tools including Varonis, Cyberhaven, AvePoint, and Microsoft Purview, ensuring ongoing system health, alert management, and optimization.
Coordinate hardware and software upgrades and transitions. Provide tailored, actionable weekly and monthly reports to leadership. Maintain Jira project tracking and team productivity reporting. Serve as the technical Data Loss Prevention lead proposing new technological solutions that improve data protection capabilities and governance.
Supervision Exercised:
No, this position does not have direct reports.
Essential Duties & Responsibilities:
Locate and classify PII/PHI enterprise data assets to determine required protections and assess against external threats and internal risks
Document data security classifications clearly and consistently across systems
Collaborate with Data Governance teams to develop and maintain standard security metadata and data protection policies, guiding business usage and technical support processes
Develop and enforce Data Security, Privacy, and Confidentiality standards, aligned with regulatory requirements and organizational policies
Develop and manage data security access controls, ensuring compliance with policies and best practices
Conduct comprehensive audits of data security practices to validate that controls and procedures are effectively implemented and managed
Evaluate and optimize the efficiency of security measures on data processing systems
Assess current security risks related to enterprise-sensitive data, recommending solutions and mitigation strategies
Monitor user authentication, access and data lineage behaviors using Cyberhaven and Varonis, identifying suspicious or anomalous activities that warrant investigation
Establish robust safety protocols to protect organizational data against unauthorized access, accidental or malicious alterations, destruction, or leaks, and handle emergency data loss investigations effectively
Provide security training to all levels of the organization regarding data security policies, standards, procedures, and tools such as Varonis, Cyberhaven, AvePoint, and Microsoft Purview
Coordinate and manage IT hardware upgrades, software migrations, and transitions relevant to data protection applications
Manage and optimize security tool operations including onboarding new file servers, adjusting policies and alerts, performing ongoing health check-ups, and coordinating upgrades for Varonis, Cyberhaven, AvePoint, and Microsoft Purview
Maintain and monitor governance frameworks for SharePoint permissions and site creation using AvePoint governance management
Implement, monitor, and update Microsoft Purview policies, including data classification, labeling, and data protection mechanisms
Propose, evaluate, and implement innovative technological solutions to enhance enterprise-wide data protection and governance capabilities
Manage Jira projects for tracking tasks, team productivity, and reporting progress
Generate tailored weekly and monthly security reports for senior management and executive stakeholders, clearly communicating the effectiveness of data protection controls and ongoing risks
Collaborate with IT Governance and Legal counsel to ensure proper data protection language is included in vendor Statements of Work (SOWs) and Service Level Agreements (SLAs)
Perform other related duties as assigned by management, supporting the overall security posture of the organization.
Working Conditions:
Standard office conditions.
Other:
Standard office equipment
Required Education (must have):
Bachelor’s Degree in Information Technology, Cybersecurity, Computer Science, related field (equivalent experience) or foreign equivalent
Desired Education (nice to have):
Master’s Degree in Information Technology, Cybersecurity, Computer Science, related field (equivalent experience) or foreign equivalent
Required Experience (must have):
Minimum 5 years of experience in data protection and cybersecurity, including hands-on management of security tools (Varonis, Cyberhaven, AvePoint, Microsoft Purview)
Strong practical experience managing data classification, access control, and governance processes
Demonstrated success coordinating IT infrastructure upgrades and transitions
Expertise in security alert tuning, policy adjustment, and ongoing operational management
Proven track record in providing tailored reports to executive stakeholders
Familiarity with project management tools, particularly Jira, for time tracking and productivity management
Experience working in a high paced matrixed organization
Desired Experience (nice to have):
Certifications such as CISSP, CISM, CISA or related cybersecurity credentials
Prior experience in healthcare or similarly regulated environments
Technical experience utilizing security tools such as Tenable SC, Tenable Cloud, CyberArk, BigFix and Microsoft Defender for Cloud
Familiarity with cloud environments including Azure AD (Microsoft Entra), Azure Cloud, IaaS, PaaS, and SaaS platforms
Basic knowledge of SQL database management, network infrastructure, or system administration
Required Knowledge, Skills & Abilities (must have):
Strong analytical and problem-resolution skills
Exceptional attention to detail
Deep knowledge of security frameworks (NIST CSF, ISO 27001, HIPAA, etc.)
Ability to manage multiple tools and coordinate diverse technical projects simultaneously
Proven ability to work independently and collaboratively in a cross-functional environment
Excellent verbal and written communication skills
Highly organized, responsive, and thorough in addressing security concerns
Required Language (must have):
English
Desired Knowledge, Skills, Abilities & Language (nice to have):
Flexibility to address security tool alerts and emergencies outside standard working hours
25-626
Remote/Remotely/Tele/Telecommute/From home