Cloud Governance Manager

The Manager, Cloud Governance plays an essential role in overseeing data management practices, ensuring that data across the organization's solutions is available and secure. This position involves developing and implementing data standards and policies that support business objectives, while also facilitating effective data sharing and protection. By coordinating with various departments, the Manager, Cloud Governance ensures that data protection practices align with regulatory requirements and organizational strategies, ultimately enhancing security processes and operational efficiency.

Key Responsibilities:

• Develop and implement a data governance framework, including policies, procedures, and standards for managing data assets from intake to disposal, using tools such as Microsoft Purview Information Protection, Data Lifecycle Management, Data Loss Prevention, iManager Threat Manager, and Varonis.

• Design and implement data retention policies and technical controls to enforce them.

• Design and implement data classification policies and supporting technical controls based on sensitivity, criticality, and regulatory requirements.

• Review data security and privacy controls to ensure protection against unauthorized access, use, or disclosure.

• Provide training on data governance best practices to ensure employees understand their roles and responsibilities.

• Partner with business stakeholders to understand data access and sharing requirements and influence secure, compliant solutions.

• Collaborate with the Information Governance Team to support directives of the Office of the General Counsel.

• Design reporting and alerting capabilities to strengthen data governance functions.

• Provide data governance thought leadership for O365 implementation and other cloud platforms.

• Work with the Security Architecture team to develop secure design patterns.

• Partner with the Governance Risk and Compliance team to ensure risks are entered into the register and assist with updates on mitigation plans.

Proficiencies:

• Strong project management skills and understanding of technology and operational risks.

• Ability to build and maintain strong working relationships across departments.

• High-level technical understanding of security applications, platforms, and architectures.

• Advanced awareness of current information security standards (CSF, NIST, ISO) and the evolving cyber threat landscape.

• Strong understanding of cloud and data governance from a technology perspective.

• Excellent analytical and problem-solving skills with the ability to challenge current practices.

• Knowledge of governance, risk, and compliance (GRC) practices and technologies across governance, process, and technical domains.

Qualifications:

• Bachelor's degree in Information Security, Information Assurance, Computer Science, or Information Systems preferred.

• At least 7 years of combined IT, information security, and risk management experience.

• CISA, CISM, GSEC, CISSP, CRISC, or other security-related certifications preferred.

• Advanced understanding of Microsoft Purview and other data governance tools and methodologies.

• Strong understanding of risk management concepts, frameworks, and methodologies.

• Strong understanding of information security concepts and technologies.

• Fundamental knowledge of law practice operations a plus.

• Advanced knowledge of MS Outlook, Word, Excel, Visio, and PowerPoint.