Data Governance Analyst

Join to apply for the Data Governance Analyst role at Bennett Thrasher

Join to apply for the Data Governance Analyst role at Bennett Thrasher

Get AI-powered advice on this job and more exclusive features.

Bennett Thrasher, currently ranked among the largest CPA firms in the U.S., is a premier provider of professional tax, assurance, and consulting services to businesses and high net worth individuals. Consistently named one of the Best Accounting Firms to Work for in the United States by Accounting Today, Bennett Thrasher offers the expertise and opportunities of a large accounting firm, while also providing a commitment to culture and a family-like work atmosphere.

We work hard to help our clients solve challenges, but we also believe in taking time for what matters and offer benefits for you that reflect this mindset.

Bennett Thrasher "BT" is seeking a highly skilled and motivated Data Governance Analyst to join our dynamic team. The successful candidate will play a crucial role in ensuring our organization's data policies, procedures, and standards follow regulatory requirements and industry best practices. Duties include conducting training and assessments on cyber risks, managing risks associated with third-party vendors, ensuring compliance with SOC regulations, and maintaining privacy

Responsibilities

• Data Governance:
  Develop, implement, and maintain data governance frameworks, policies, and standards to ensure data quality and integrity.
• Risk Management:
  
  Identify, assess, and manage data-related risks to protect the organization’s data assets. Compliance:
  Ensure compliance with data protection regulations such as GDPR, CCPA, and other relevant legislation.
• Audit and Monitoring:
  Conduct regular audits and monitoring activities to identify control gaps and ensure compliance with data governance policies and standards.
• Compliance:
  Ensure compliance with data protection regulations such as GDPR, CCPA, and other relevant legislation.
• Training and Awareness:
  Provide training and raise awareness on data governance, risk management, and compliance within the organization.
• Stakeholder
  
  Collaboration:
  
  Work closely with data owners, IT, legal, and departments to ensure alignment and support for data governance initiatives.

• Directly oversee annual SOC1/SOC2 reviews, as well as managing compliance with GLBA and GDPR.
• Coordinate with internal and external auditors during compliance reviews.
• Complete security questionnaires for prospective and existing clients.

• Assist in developing and updating privacy and compliance policies, procedures, and training materials. Policy, Training & Awareness
• Deliver training and awareness sessions to internal teams.

• Perform internal information risk classification and maintain inventories of sensitive data.
• Review application requests for data privacy and security risks.
• Implement processes to automate and continuously monitor information security controls, exceptions, risks, testing.
• Develop and implement controls and processes through frameworks like NIST, COSO, COBIT, etc.
• Develop reporting metrics, dashboards, and evidence artifacts.

• Conduct and manage end-to-end vendor security risk assessments.
• Review third-party security documentation (e.g., SOC 2 reports, ISO 27001 certifications).
• Assess new software for security and privacy risks and recommend appropriate contract terms.

• Bachelor's degree in information technology, Business Administration, or related field.
• Minimum of 3-5 years of experience in data governance, risk management, and compliance roles.
• Experience with cybersecurity frameworks such as NIST CSF, ISO 27001, or Secure Controls Framework (SCF)
• Strong knowledge of data protection regulations (e.g., GDPR, CCPA).
• Excellent analytical, problem-solving, and communication skills.
• Ability to work independently and collaboratively with cross-functional teams.
• Experience with Microsoft Purview or similar data governance tools is a plus.
• Professional certifications such as SSCP, CISM, CIPP, CIPM, or CRISC are a plus.