Data Protection Engineer

Base Pay Range

$50.00/hr - $80.00/hr

Location: Hybrid, Office 1-2x week (Thursday required as team day, other day optional)

• Bachelor’s degree in Information Security, Health Information Management, Computer Science, or related field
• 2+ years of experience in cybersecurity, data protection, identity/access governance, or healthcare IT
• Working knowledge of HIPAA, HITECH, and PHI/PII protection requirements
• Hands‑on experience with data loss prevention (DLP), access governance, or data classification tools
• Ability to manage multiple projects, collaborate across IT and business teams, and drive remediation efforts
• Excellent analytical, documentation, and communication skills

• Experience with Varonis, Microsoft Purview Information Protection/DLP, Zscaler DLP, or similar platforms
• Familiarity with Epic, unstructured data repositories, clinical workflows, and PHI handling practices
• Understanding of identity & access management (IAM), least‑privilege principles, and shared‑drive governance
• Certifications such as HCISPP, CISSP, GIAC GSEC, COMPTIA Security+, or CySA+, or similar

• Perform enterprise‑wide data discovery using Varonis and Purview to identify PHI, PII, confidential business data, and high‑risk exposures
• Configure and maintain data classification and labeling policies across M365 (Outlook, One Drive, SharePoint, Teams)
• Partner with the Patient Safety and Compliance teams to refine classification taxonomy and retention requirements
• Identify and remediate excessive file permissions, global access, stale access, and vulnerable ACL structures
• Work with business units and system owners to document data flows and enforce least‑privilege access models and sustainable governance practices
• Support automation workflows for secure data provisioning and permission change management
• Implement, monitor, and tune DLP controls across Purview, Zscaler, and endpoint channels
• Build policies for PHI/PII, financial data, research data, insider risk scenarios, and restricted data classes
• Investigate DLP alerts, analyze user behavior, and coordinate remediation or coaching sessions
• Maintain dashboards highlighting risk reduction, high‑risk data sets, permission cleanup progress, and DLP control effectiveness
• Provide reports to leadership, Cybersecurity Governance Council, and the Architecture Review Board
• Track metrics such as open access reduction, stale data elimination, labeling adoption, and incident trends
• Work with Legal, Compliance, and IR teams to assemble evidence, timelines, and regulatory reports
• Identify control gaps and implement process improvements to prevent recurrence
• Evaluate data protection risks for AI use cases (e.g., data leakage, re‑identification, prompt injection)
• Validate that AI‑connected systems follow TGH’s data minimization and PHI boundary rules
• Support readiness for audits and certification programs (HIPAA, NIST CSF, internal and external audits)

Mid‑Senior level

Full‑time

Information Technology, Hospitals and Health Care