Technology Governance Lead

Summary

This role leads the design, implementation, and operation of enterprise technology and data governance within the security function. They will partner with the individual serving in the CISO role, the Chief Digital Technology Officer (CDTO), and key business stakeholders to ensure technology and data policies, decision rights, and controls align with business outcomes and risk appetite. The role owns program-level activities including technology and data inventory and mapping, classification and minimization, stewardship model, data access controls, data risk assessment, and governance metrics to support compliance, security, and AI readiness.

Responsibilities

• Governance: Establish the rules, policies, and structures that direct how the technology and Business Enablement organization operates, ensuring accountability and strategic alignment
• Risk Management: Guide enterprise cyber risk management practices and alignment with business risk tolerance
• Compliance Oversight: Monitor adherence to external laws (e.g., GDPR) and internal policies to identify compliance gaps
• Stakeholder Communication: Partner with Executive Leaders and senior stakeholders to deliver meaningful insights into the organization’s risk posture and compliance status.
• Program Implementation: Lead the selection and deployment of GRC software (e.g., Vanta, MetricStream) to automate controls and reporting
• Define and maintain the technology and data governance charter, scope, and decision-rights model (RASCI) in collaboration with business and organizational stakeholders
• Develop and operationalize technology and data classification, minimization, and retention policies with business, privacy, and security partners
• Oversee the development of a prioritized inventory of technology and data assets to enable discovery, classification, lineage tracking, and risk analysis
• Lead stewardship program design and placement (centralized, federated, or hybrid), assign data owners and stewards, and embed stewardship into operational workflows
• Design and run Data Risk Assessments (DRA / FinDRA) to prioritize datasets by business impact and to inform security investment decisions.
• Serve as a primary liaison for external audits, regulatory reviews, and client-facing assessments to provide assurance and evidence for compliance activities
• Specify controls and access governance (PBAC/Purpose/role-based) and coordinate with IAM, DSPM/DLP, and SIEM/SOC as needed
• Select and oversee integration of governance tooling (catalog, lineage, DSPM, DQ, MDM, observability)
• Implement metrics, dashboards, and reporting that link governance activities to business KPIs and risk metrics for executive stakeholders
   

Qualifications

• Bachelor Degree in Computer Science, Information Technology or related field AND 8 years information security experience. 
• Capability to define policy, decision rights (RASCI), and steward models (centralized/federated/hybrid)
• Demonstrated ability to engage Executive Leadership, advance data literacy, convene steering committees, and translate risks into business and financial terms for senior leaders
• Proven experience leading technology or data governance programs and working cross‑functionally to operationalize classification, stewardship, access controls, risk assessments, exception management, and continuous improvement
• Experience conducting risk assessments and working with security, privacy, legal, audit, and business teams to translate risks into prioritized remediation and investment needs
• Technical knowledge of metadata, data cataloging, lineage, MDM, data quality, DSPM/DLP, DataOps/Data observability concepts, and governance platform integrations with data architectures.
• Applied experience in project management principles and methods
• One or more professional cybersecurity certifications (e.g., Security+, CISA, CRISC, CISSP)

EEO/Disabled/Veterans