Data Governance Manager

Data Governance Manager- on-site Washington DC

Key Responsibilities

Data Governance & Framework Development

• Develop and implement a comprehensive data governance framework outlining policies, procedures, and standards for managing data from intake through disposal.
• Leverage tools such as Microsoft Purview Information Protection, Data Lifecycle Management, Data Loss Prevention, iManager Threat Manager, Varonis, and other governance technologies.

Data Retention & Classification Controls

• Review and refine policies and procedures related to data retention, ensuring appropriate retention periods and disposal methods.
• Design and implement the technical controls required to enforce retention and data lifecycle policies.
• Review and enhance classification policies that define how data is categorized based on sensitivity, criticality, and regulatory obligations.
• Implement classification-related technical controls that ensure proper handling and protection of data.

Security & Privacy Review

• Assess data security and privacy controls across relevant solutions to ensure alignment with policies and protection against unauthorized access, use, or disclosure.

Training & Awareness

• Deliver training and guidance on data governance best practices to ensure employees understand their responsibilities in managing and protecting firm data.

Additional Responsibilities

• Partner with business stakeholders to understand data access and sharing requirements and influence secure, compliant solution designs.
• Collaborate closely with the Information Governance team to execute directives from the Office of the General Counsel.
• Lead the design and implementation of Microsoft Purview Information Protection, Data Lifecycle Management, and Data Loss Prevention capabilities.
• Develop reporting and alerting mechanisms that strengthen the firm’s data governance function.
• Provide thought leadership for O365 data governance and other cloud platforms.
• Partner with the Security Architecture team to create secure design patterns that integrate data governance principles.
• Work with the Governance, Risk, and Compliance (GRC) team to ensure newly identified risks are added to the risk register and support the development of technical risk mitigation plans.

Proficiencies

• Strong project management capabilities and understanding of technology and operational risks.
• Ability to build and maintain effective working relationships across departments.
• High-level technical understanding of security applications, platforms, and architectures.
• Advanced knowledge of information security standards and frameworks (e.g., CSF, NIST, ISO) and awareness of emerging cyber threats.
• Deep understanding of cloud and data governance technologies and practices.
• Excellent analytical and problem-solving skills, with the ability to challenge existing processes constructively.
• Knowledge of GRC practices and technologies across governance, process, and technical domains.

Qualifications

• Bachelor’s degree in Information Security, Information Assurance, Computer Science, Information Systems, or a related field preferred.
• Minimum of 7 years of combined experience in information technology, information security, and risk management.
• Relevant certifications such as CISA, CISM, GSEC, CISSP, or CRISC preferred.
• Advanced expertise with Microsoft Purview and other data governance tools and methodologies.
• Strong understanding of risk management and information security concepts, frameworks, and technologies.
• Fundamental understanding of law firm operations.
• Advanced proficiency in MS Outlook, Word, Excel, Visio, and PowerPoint.