Job Description

Job Title : Data Protection Engineer

Openings : 2

Pay Rate: $50-$80

Start Date : ASAP

Location : Hybrid, Office 1-2x week (Thursday required as team day, other day optional)

Minimum Qualifications & Experience Required

• Bachelor’s degree in Information Security, Health Information Management, Computer Science, or related field
• 2+ years of experience in cybersecurity, data protection, identity/access governance, or healthcare IT
• Working knowledge of HIPAA, HITECH, and PHI/PII protection requirements
• Hands-on experience with data loss prevention (DLP), access governance, or data classification tools
• Ability to manage multiple projects, collaborate across IT and business teams, and drive remediation efforts
• Excellent analytical, documentation, and communication skills

Nice To Have Qualifications & Experience

• Experience with Varonis, Microsoft Purview Information Protection/DLP, Zscaler DLP, or similar platforms
• Familiarity with Epic, unstructured data repositories, clinical workflows, and PHI handling practices
• Understanding of identity & access management (IAM), least-privilege principles, and shared-drive governance
• Certifications such as HCISPP, CISSP, GIAC GSEC, COMPTIA Security+ or CySA+, or similar

Day-to-Day Responsibilities

• Perform enterprise-wide data discovery using Varonis and Purview to identify PHI, PII, confidential business data, and high-risk exposures
• Configure and maintain data classification and labeling policies across M365 (Outlook, OneDrive, SharePoint, Teams)
• Partner with the Patient Safety and Compliance teams to refine classification taxonomy and retention requirements
• Identify and remediate excessive file permissions, global access, stale access, and vulnerable ACL structures
• Work with business units and system owners to document data flows and enforce least-privilege access models and sustainable governance practices
• Support automation workflows for secure data provisioning and permission change management
• Implement, monitor, and tune DLP controls across Purview, Zscaler, and endpoint channels
• Build policies for PHI/PII, financial data, research data, insider risk scenarios, and restricted data classes
• Investigate DLP alerts, analyze user behavior, and coordinate remediation or coaching sessions
• Develop detection rules for GenAI prompt protection, including PHI controls for ChatGPT, Copilot, Teams plugins, and browser-based AI use
• Maintain dashboards highlighting risk reduction, high-risk data sets, permission cleanup progress, and DLP control effectiveness
• Provide reports to leadership, Cybersecurity Governance Council, and the Architecture Review Board
• Track metrics such as open access reduction, stale data elimination, labeling adoption, and incident trends
• Investigate data exposure incidents, including misdirected communications, oversharing, or unauthorized access
• Work with Legal, Compliance, and IR teams to assemble evidence, timelines, and regulatory reports
• Identify control gaps and implement process improvements to prevent recurrence
• Evaluate data protection risks for AI use cases (e.g., data leakage, re-identification, prompt injection)
• Validate that AI-connected systems follow TGH’s data minimization and PHI boundary rules
• Support readiness for audits and certification programs (HIPAA, NIST CSF, internal and external audits)

Job Tags

Similar Jobs