We use cookies. Find out more about it here. By continuing to browse this site you are agreeing to our use of cookies.
I agree and accept cookies
Main menu
Post a Job
Request a Demo
Yes
No
Both
Advanced search
#alert
Back to search results / More jobs like this
Back to search results
New
Commonwealth Care Alliance jobs

Data Protection Manager

Commonwealth Care Alliance
United States, Massachusetts, Boston
May 24, 2025
011760 CCA-IT Info System Security

Position Summary:

Develop, initiate, maintain, and revise data protection and privacy policies, standards, and guidelines for the general operation of the Data Protection Program and its related activities. Manage and implement data classification, sanitization, and disposal programs. Conduct regular assessments to identify and mitigate data risk. Lead strategic implementations of technologies and processes (IaaS, PaaS, SaaS) for data protection both in transit and at rest. Oversee security tools including Varonis, Cyberhaven, AvePoint, and Microsoft Purview, ensuring ongoing system health, alert management, and optimization.

Coordinate hardware and software upgrades and transitions. Provide tailored, actionable weekly and monthly reports to leadership. Maintain Jira project tracking and team productivity reporting. Serve as the technical Data Loss Prevention lead proposing new technological solutions that improve data protection capabilities and governance.

Supervision Exercised:

  • No, this position does not have direct reports.

Essential Duties & Responsibilities:

  • Locate and classify PII/PHI enterprise data assets to determine required protections and assess against external threats and internal risks
  • Document data security classifications clearly and consistently across systems
  • Collaborate with Data Governance teams to develop and maintain standard security metadata and data protection policies, guiding business usage and technical support processes
  • Develop and enforce Data Security, Privacy, and Confidentiality standards, aligned with regulatory requirements and organizational policies
  • Develop and manage data security access controls, ensuring compliance with policies and best practices
  • Conduct comprehensive audits of data security practices to validate that controls and procedures are effectively implemented and managed
  • Evaluate and optimize the efficiency of security measures on data processing systems
  • Assess current security risks related to enterprise-sensitive data, recommending solutions and mitigation strategies
  • Monitor user authentication, access and data lineage behaviors using Cyberhaven and Varonis, identifying suspicious or anomalous activities that warrant investigation
  • Establish robust safety protocols to protect organizational data against unauthorized access, accidental or malicious alterations, destruction, or leaks, and handle emergency data loss investigations effectively
  • Provide security training to all levels of the organization regarding data security policies, standards, procedures, and tools such as Varonis, Cyberhaven, AvePoint, and Microsoft Purview
  • Coordinate and manage IT hardware upgrades, software migrations, and transitions relevant to data protection applications
  • Manage and optimize security tool operations including onboarding new file servers, adjusting policies and alerts, performing ongoing health check-ups, and coordinating upgrades for Varonis, Cyberhaven, AvePoint, and Microsoft Purview
  • Maintain and monitor governance frameworks for SharePoint permissions and site creation using AvePoint governance management
  • Implement, monitor, and update Microsoft Purview policies, including data classification, labeling, and data protection mechanisms
  • Propose, evaluate, and implement innovative technological solutions to enhance enterprise-wide data protection and governance capabilities
  • Manage Jira projects for tracking tasks, team productivity, and reporting progress
  • Generate tailored weekly and monthly security reports for senior management and executive stakeholders, clearly communicating the effectiveness of data protection controls and ongoing risks
  • Collaborate with IT Governance and Legal counsel to ensure proper data protection language is included in vendor Statements of Work (SOWs) and Service Level Agreements (SLAs)
  • Perform other related duties as assigned by management, supporting the overall security posture of the organization.

Working Conditions:

  • Standard office conditions.

Other:

  • Standard office equipment

Required Education (must have):

  • Bachelor's Degree in Information Technology, Cybersecurity, Computer Science, related field (equivalent experience) or foreign equivalent

Desired Education (nice to have):

  • Master's Degree in Information Technology, Cybersecurity, Computer Science, related field (equivalent experience) or foreign equivalent

Required Experience (must have):

  • Minimum 5 years of experience in data protection and cybersecurity, including hands-on management of security tools (Varonis, Cyberhaven, AvePoint, Microsoft Purview)
  • Strong practical experience managing data classification, access control, and governance processes
  • Demonstrated success coordinating IT infrastructure upgrades and transitions
  • Expertise in security alert tuning, policy adjustment, and ongoing operational management
  • Proven track record in providing tailored reports to executive stakeholders
  • Familiarity with project management tools, particularly Jira, for time tracking and productivity management
  • Experience working in a high paced matrixed organization

Desired Experience (nice to have):

  • Certifications such as CISSP, CISM, CISA or related cybersecurity credentials
  • Prior experience in healthcare or similarly regulated environments
  • Technical experience utilizing security tools such as Tenable SC, Tenable Cloud, CyberArk, BigFix and Microsoft Defender for Cloud
  • Familiarity with cloud environments including Azure AD (Microsoft Entra), Azure Cloud, IaaS, PaaS, and SaaS platforms
  • Basic knowledge of SQL database management, network infrastructure, or system administration

Required Knowledge, Skills & Abilities (must have):

  • Strong analytical and problem-resolution skills
  • Exceptional attention to detail
  • Deep knowledge of security frameworks (NIST CSF, ISO 27001, HIPAA, etc.)
  • Ability to manage multiple tools and coordinate diverse technical projects simultaneously
  • Proven ability to work independently and collaboratively in a cross-functional environment
  • Excellent verbal and written communication skills
  • Highly organized, responsive, and thorough in addressing security concerns

Required Language (must have):

  • English

Desired Knowledge, Skills, Abilities & Language (nice to have):

  • Flexibility to address security tool alerts and emergencies outside standard working hours
Applied = 0
MORE JOBS LIKE THIS

(web-df5f8654-48d87)