Data Protection Engineer

Minimum Qualifications & Experience Required • Bachelor’s degree in Information Security, Health Information Management, Computer Science, or related field • 2+ years of experience in cybersecurity, data protection, identity/access governance, or healthcare IT • Working knowledge of HIPAA, HITECH, and PHI/PII protection requirements • Hands-on experience with data loss prevention (DLP), access governance, or data classification tools • Ability to manage multiple projects, collaborate across IT and business teams, and drive remediation efforts • Excellent analytical, documentation, and communication skills Nice To Have Qualifications & Experience • Experience with Varonis, Microsoft Purview Information Protection/DLP, Zscaler DLP, or similar platforms • Familiarity with Epic, unstructured data repositories, clinical workflows, and PHI handling practices • Understanding of identity & access management (IAM), least-privilege principles, and shared-drive governance • Certifications such as HCISPP, CISSP, GIAC GSEC, COMPTIA Security+ or CySA+, or similar Day-to-Day Responsibilities • Perform enterprise-wide data discovery using Varonis and Purview to identify PHI, PII, confidential business data, and high-risk exposures • Configure and maintain data classification and labeling policies across M365 (Outlook, OneDrive, SharePoint, Teams) • Partner with the Patient Safety and Compliance teams to refine classification taxonomy and retention requirements • Identify and remediate excessive file permissions, global access, stale access, and vulnerable ACL structures • Work with business units and system owners to document data flows and enforce least-privilege access models and sustainable governance practices • Support automation workflows for secure data provisioning and permission change management • Implement, monitor, and tune DLP controls across Purview, Zscaler, and endpoint channels • Build policies for PHI/PII, financial data, research data, insider risk scenarios, and restricted data classes • Investigate DLP alerts, analyze user behavior, and coordinate remediation or coaching sessions • Develop detection rules for GenAI prompt protection, including PHI controls for ChatGPT, Copilot, Teams plugins, and browser-based AI use • Maintain dashboards highlighting risk reduction, high-risk data sets, permission cleanup progress, and DLP control effectiveness • Provide reports to leadership, Cybersecurity Governance Council, and the Architecture Review Board • Track metrics such as open access reduction, stale data elimination, labeling adoption, and incident trends • Investigate data exposure incidents, including misdirected communications, oversharing, or unauthorized access • Work with Legal, Compliance, and IR teams to assemble evidence, timelines, and regulatory reports • Identify control gaps and implement process improvements to prevent recurrence • Evaluate data protection risks for AI use cases (e.g., data leakage, re-identification, prompt injection) • Validate that AI-connected systems follow TGH’s data minimization and PHI boundary rules • Support readiness for audits and certification programs (HIPAA, NIST CSF, internal and external audits)