Data Protection Engineer

• Perform enterprise-wide data discovery using Varonis and Purview to identify PHI, PII, confidential business data, and high-risk exposures
• Configure and maintain data classification and labeling policies across M365 (Outlook, OneDrive, SharePoint, Teams)
• Partner with the Patient Safety and Compliance teams to refine classification taxonomy and retention requirements
• Identify and remediate excessive file permissions, global access, stale access, and vulnerable ACL structures
• Work with business units and system owners to document data flows and enforce least-privilege access models and sustainable governance practices
• Support automation workflows for secure data provisioning and permission change management
• Implement, monitor, and tune DLP controls across Purview, Zscaler, and endpoint channels
• Build policies for PHI/PII, financial data, research data, insider risk scenarios, and restricted data classes
• Investigate DLP alerts, analyze user behavior, and coordinate remediation or coaching sessions
• Develop detection rules for GenAI prompt protection, including PHI controls for ChatGPT, Copilot, Teams plugins, and browser-based AI use
• Maintain dashboards highlighting risk reduction, high-risk data sets, permission cleanup progress, and DLP control effectiveness
• Provide reports to leadership, Cybersecurity Governance Council, and the Architecture Review Board
• Track metrics such as open access reduction, stale data elimination, labeling adoption, and incident trends
• Investigate data exposure incidents, including misdirected communications, oversharing, or unauthorized access
• Work with Legal, Compliance, and IR teams to assemble evidence, timelines, and regulatory reports
• Identify control gaps and implement process improvements to prevent recurrence
• Evaluate data protection risks for AI use cases (e.g., data leakage, re-identification, prompt injection)
• Validate that AI-connected systems follow TGH’s data minimization and PHI boundary rules
• Support readiness for audits and certification programs (HIPAA, NIST CSF, internal and external audits)

We are a company committed to creating diverse and inclusive environments where people can bring their full, authentic selves to work every day. We are an equal opportunity/affirmative action employer that believes everyone matters. Qualified candidates will receive consideration for employment regardless of their race, color, ethnicity, religion, sex (including pregnancy), sexual orientation, gender identity and expression, marital status, national origin, ancestry, genetic factors, age, disability, protected veteran status, military or uniformed service member status, or any other status or characteristic protected by applicable laws, regulations, and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or recruiting process, please send a request to HR@insightglobal.com.To learn more about how we collect, keep, and process your private information, please review Insight Global's Workforce Privacy Policy: https://insightglobal.com/workforce-privacy-policy/.

• Bachelor’s degree in Information Security, Health Information Management, Computer Science, or related field
• 2+ years of experience in cybersecurity, data protection, identity/access governance, or healthcare IT
• Working knowledge of HIPAA, HITECH, and PHI/PII protection requirements
• Hands-on experience with data loss prevention (DLP), access governance, or data classification tools
• Ability to manage multiple projects, collaborate across IT and business teams, and drive remediation efforts
• Excellent analytical, documentation, and communication skills

• Experience with Varonis, Microsoft Purview Information Protection/DLP, Zscaler DLP, or similar platforms
• Familiarity with Epic, unstructured data repositories, clinical workflows, and PHI handling practices
• Understanding of identity & access management (IAM), least-privilege principles, and shared-drive governance
• Certifications such as HCISPP, CISSP, GIAC GSEC, COMPTIA Security+ or CySA+, or similar

Benefit packages for this role will start on the 31st day of employment and include medical, dental, and vision insurance, as well as HSA, FSA, and DCFSA account options, and 401k retirement account access with employer matching. Employees in this role are also entitled to paid sick leave and/or other paid time off as provided by applicable law.