Manager, Data Governance & Enterprise Cyber Risk
Join a Company That Puts People First! At Aveanna, we’re proud to foster a workplace culture that celebrates diversity, encourages connection, and supports our team members every step of the way. Here’s what sets us apart: Award-Winning Culture - Ranked the #1 company to work for in Georgia in 2024 by U.S. News & World Report. Employee Connection & Support - Aveanna Connection Groups: Employee-led groups where shared identities and experiences create spaces for connection, collaboration, and support. - Aveanna Social Circles: Join groups based on your interests, like books, music, or movies, to build camaraderie and lasting friendships. - Aveanna Employee Relief Fund: A resource to help our team members through unexpected hardships, because we’re stronger together. Inclusive Learning Environment - We believe in growing together. Our inclusive learning sessions are open to all employees, fostering collaboration and shared success. Commitment to Community - Every year, we dedicate a day to giving back through our Annual Service Day, making a meaningful impact in the communities we serve. Job Overview The Manager of Data Governance & Enterprise Cyber Risk is responsible for implementing and managing the company’s enterprise data governance framework, policies, and tools to ensure the protection, quality, and compliance of data assets. This first-level management role bridges technical and business domains and will lead a small team of data governance and security analysts while collaborating across IT, information security, compliance, and business units.
Key Responsibilities
- Develop, implement, and maintain enterprise data governance policies, standards, and frameworks aligned with regulatory and internal compliance requirements (e.g., HIPAA, SOX, CCPA CPRA).
- Establish data ownership, stewardship, and accountability models across data domains.
- Drive data management, data cataloguing, and data lineage documentation using platforms such as Microsoft Purview.
- Manage the lifecycle of enterprise data, ensuring data protection, data classification, retention, and disposal policies are enforced.
- Lead the deployment, configuration, and operation of data discovery and DLP tools, including but not limited to Microsoft Purview, Varonis, Symantec DLP, Forcepoint, and Digital Guardian.
- Oversee sensitive data discovery, tagging, and classification across cloud and on-prem environments.
- Develop and maintain DLP policies and incident response workflows; partner with cybersecurity team to mitigate data exposure risks.
- Produce dashboards and reporting for DLP performance, incidents, and metrics.
- Integrate data governance practices with the enterprise cyber risk management (ECRM) program to ensure data risks are identified, assessed, and mitigated at the organizational level.
- Support the third-party risk management program (3PO) by establishing governance and DLP standards for vendor data access, transfer, and processing.
- Collaborate with procurement, legal, corporate risk management, compliance, internal audit, and information security on due diligence and data protection assessments for offsite facilities, and external partners.
- Monitor regulatory changes and assess impact on data handling and governance requirements.
- Lead and mentor a small team of analysts and coordinate cross-functional data governance committees.
- Collaborate with IT, Security, Compliance, and Business Unit Data Owners to ensure data policies are implemented effectively.
- Serve as subject matter expert (SME) on data discovery, DLP, and governance technologies, act as liaison between business and technical stakeholders.
- Champion a data protection culture and promote ongoing training and awareness across the organization.
- Oversee governance risk management for data used in AI and machine learning systems
- Evaluate and manage risks related to AI model explainability, training data sensitivity, and third-party AI providers.
Qualifications
Required
- Bachelor’s degree in Information Systems, Computer Science, Cybersecurity, or related field.
- 3– 5 years of progressive experience in data governance, information security, or data risk management.
- Proven experience managing and deploying DLP and data discovery tools (Microsoft Purview, Varonis, Symantec DLP, Forcepoint, or Digital Guardian).
- Familiarity with metadata management, data quality frameworks, and data cataloguing.
- Strong understanding of data protection regulations (HIPAA, CCPA, CPRA and state privacy laws).
- Experience integrating data governance with enterprise cyber risk management (ECRM) and third-party risk frameworks.
- Excellent communication, leadership, and stakeholder management skills.
- Demonstrated ability to manage multiple projects and coordinate cross-functional initiatives.
- Demonstrated experience with AI and machine learning technologies, including governance of AI data pipelines, model input/output data handling, and ensuring compliance with data protection and ethical AI standards.
Qualifications
Preferred
- Healthcare experience strongly preferred
- Certified Data Management Professional (CDMP)
- Data Governance and Stewardship Professional (DGSP)
- Microsoft Certified: Information Protection Administrator (SC-400)
- ISACA Certified Information Security Manager (CISM)
- ISACA Certified in Risk and Information Systems Control (CRISC)
- GIAC Data Protection (GDP) GIAC
Total Rewards Bonus: Annual performance-based Short-Term Incentive Plan Benefits: Comprehensive health, dental, vision, 401(k) match, paid time off, training reimbursement, and hybrid work flexibility. Career Path: Opportunities for advancement. Other Duties Please note this job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities required of the employee for this job. Duties, responsibilities, and activities may change at any time with or without notice. As an employer accepting Medicare and Medicaid funds, employees must comply with all health-related requirements in all relevant jurisdictions, including required vaccinations and testing, subject to exemptions for medical or religious reasons as appropriate. Notice for Job Applicants Residing in California Apply tot his job Apply To this Job