Position Summary

The Data Protection Manager leads the organization?s Data Protection program and team, accountable for program outcomes, governance, and delivery of prioritized initiatives that reduce risk to sensitive data (PHI/PII/PCI and other confidential data). This role is accountable for data protection outcomes and program delivery and partners with technical teams who administer and operate security tooling. The Manager works closely with the Director, Information Security to execute an Agile delivery model (non-software) including intake, prioritization, sprint-like execution, reporting, and continuous improvement.

Key Responsibilities

Program Ownership & Governance (Outcomes, Not Tool Operations)

• Own and mature the enterprise Data Protection program, including strategy, roadmap, operating model, and governance processes.
• Define and maintain data protection standards and requirements for data discovery, classification/labeling, handling, retention, and secure sharing, ensuring consistent adoption across the organization.
• Establish measurable program outcomes and ensure evidence quality for audits/assessments (e.g., control documentation, exception tracking, remediation proof).
• Lead cross-functional governance forums and working groups as needed to drive alignment and accountability for data protection priorities.

DLP & DSPM Program Leadership (Consumer of Findings)

• Own the DLP operating model across: 
  • Endpoint DLP (primary focus)
  • CASB-based DLP (for cloud/SaaS)
  • Email gateway DLP
    Translate alerts/findings into actionable work, drive policy improvements, and measure effectiveness.
• Own the DSPM operating model initially focused on M365, Snowflake, and on-premises file shares, including: 
  • Intake and triage of exposure/oversharing findings
  • Assignment of accountable business and technical owners
  • Prioritized remediation execution and validation
  • Exception/risk acceptance workflow (documented and time-bound)
• Partner with messaging/endpoint/infra/data platform teams that operate tools to implement policy requirements, tuning, and enforcement changes; ensure outcomes are achieved without assuming day-to-day administration responsibilities.

Agile Delivery & Reporting (Non-Software)

• Manage a Data Protection delivery pipeline using Agile practices: intake, prioritization, backlog management, sprint-like execution, retrospectives, and dependency management.
• Drive execution of Data Protection epics/workstreams; remove blockers; coordinate cross-team deliverables; ensure on-time completion of committed work.
• Produce executive-ready reporting and dashboards (status, milestones, risks/issues, decisions required) and communicate progress clearly to leadership and stakeholders.

Risk, Compliance & Audit Readiness

• Coordinate data protection-related audits and assessments (internal/external), ensuring audit readiness and defensible evidence.
• Track, manage, and validate remediation plans through closure; maintain documented exceptions and risk acceptances.
• Monitor regulatory/industry changes impacting data protection requirements and recommend updates to policies, controls, and program priorities.

People Leadership

• Manage and develop a team supporting data protection initiatives and operations (goal setting, coaching, performance management, workload planning).
• Build team capability through defined roles/responsibilities, training plans, and continuous improvement of processes and playbooks.
• Foster a culture of accountability, collaboration, and measurable risk reduction.

Core Competencies

• Program ownership and governance (outcomes-focused)
• Agile delivery execution (planning, prioritization, iterative delivery)
• Risk-based decision making and exception management
• Cross-functional influence and stakeholder alignment
• Metrics, reporting, and audit-evidence discipline
• People leadership, coaching, and accountability

Preferred Qualifications

• Bachelor?s degree in Information Security, Information Technology, Business, or related field 
• 7+ years in information security, risk, compliance, data protection, or related disciplines with demonstrated program/project delivery leadership.
• 2+ years people leadership experience (direct management strongly preferred).
• Experience operating in complex, cross-functional environments with strong stakeholder management and executive communication skills.
• Practical knowledge of data protection concepts and controls, including data classification/labeling, access governance principles, secure data handling, audit evidence, and incident coordination.
• Demonstrated experience converting security/compliance findings into prioritized remediation plans and measurable outcomes.
• Experience in healthcare or other regulated industries; familiarity with protecting PHI is a plus.
• Experience in large enterprise environments with hybrid data ecosystems (SaaS, cloud platforms, and on-prem storage).
• Project/Program Management certifications: PMP (preferred).
• Security certifications: CISSP (preferred), or other relevant certifications (e.g., CISM, CISA, Security+).
• Experience applying Agile delivery methods to non-software initiatives (security, compliance, risk reduction programs).

Minimum Qualifications

• EDUCATION - Bachelor's or 4 years of work experience above the minimum qualification
• EXPERIENCE - 5 Years of Experience

About Baylor Scott & White Health

Baylor Scott & White Health (BSWH) is the largest not-for-profit health care system in Texas and one of the largest in the United States. With a commitment to and a track record of innovation, collaboration, integrity and compassion for the patient, BSWH stands to be one of the nation’s exemplary health care organizations. Our mission is to serve all people by providing personalized health and wellness through exemplary care, education and research as a Christian ministry of healing. Joining our team is not just accepting a job, it’s accepting a calling!

Connections working at Baylor Scott & White Health