Hi,
Title - • Director of Data Protection and Governance
Mode - Contract (C2C/W2 both)
Location - Richmond, Virginia
The Director of Data Protection and Governance will report to the Commonwealth Deputy Chief Data Officer
within the Office of Data Governance and Analytics. We are a fast-growing agency focused on providing
expert insight into data analytics and risk, developing team members, and effective oversight of data
analytics, data security and technology risk. This is a team where you can work with great team
members across the Cybersecurity, Risk Management, and Technology organizations. You will be
challenged to excel with exciting and challenging opportunities daily. There is transparency and great
support from management to allow team members to be effective, grow their careers and meet
Commonwealth goals. Hard work and initiative are rewarded and recognized by management and
colleagues alike, which promotes a culture of respect and value across the organization. Within ODGA
you will be conducting meaningful work and making a difference in the lives of Virginians by promoting a
data sharing culture, optimizing data protection and governance capabilities, and developing cyber
resilient programs.
Technical Job Responsibilities
• Develop, implement and communicate a comprehensive enterprise-wide Data Protection &
Governance program that aligns with Commonwealth values and culture, is applicable to Agency
business, and scalable to account for business growth and changes to regulatory requirements
across both on premises and cloud environments.
• Drive collaboration among diverse teams to develop and implement data protection controls
appropriate to the business processes.
• Manage and/or liaison with teams developing and implementing data inventory, protection, and
other governance solutions and capabilities that are clearly aligned to Commonwealth goals,
technology and business drivers.
• Lead evaluation of new solutions and services, providing a business case and recommendations
on new Data Protection solutions and technologies. Facilitate the identification, classification, and assignment of roles and responsibilities for data
management to include Data Owners and Data Stewards across all Agencies, and coordinate
data engineering and operation roles across the Commonwealth.
• Manage the processes and implementation of the full data lifecycle to include data inventory,
classification, protection, retention, and destruction requirements Commonwealth-wide.
• Collaborate with various stakeholders, including VITA, business product and data teams
providing advice on new projects and product features, and implementation of proposed
solutions and best practices.
• Stay abreast of changing regulatory landscape and ensure compliance with applicable
regulations related to data protection.
Required Experience
• 5-7 years of experience managing projects related to the defining and assessing of Data
Protection strategy, architecture and practices, and technology implementation.
• Experience leading technology, cybersecurity, privacy, data protection, governance and/or IT
compliance teams
• Understanding of the components of comprehensive Data Protection & Governance program,
including governance, policy, organizational design, communications and training, architecture,
technologies, processes, and controls
• Understanding of Data Protection technology capabilities such as data discovery, data labeling,
data inventory, CASB, Microsoft AIP, information rights management, and data loss prevention
• Outstanding interpersonal skills to effectively build relations and interact with stakeholders all
levels within the Commonwealth with proven success in building and developing strong
relationships with business stakeholders.
• Ability to lead small and large cross-functional teams effectively, managing multiple projects at a
time.
• Practical experience implementing data protection and governance programs and policies.
• Practical experience documenting data inventories and data protection control activities. Master
communicator and active listener who understands how to navigate an audience.
• Ability to manage and prioritize multiple projects and resources with a sense of urgency.
• Familiarity with implementing technical controls required to meet privacy and data protection
requirements.
Desired Experience
• Practical knowledge of privacy regulations as it applies to data protection requirements
• Experience and familiarity with cloud data security and working with public cloud solutions
(AWS, Azure, Google)
• Ability to see correlations between data, risks, and initiatives that others may not.
• Adaptable and comfortable with ambiguity, yet eager to understand the root cause of a
challenge and drive a solution.