Data Protection & Risk Specialist

About the position reputed company reputed company a leading provider of behavioral healthcare services across the United States. reputed company operates a growing network of 250 plus behavioral healthcare facilities with approximately 11,100 beds in 39 states and Puerto Rico. With more than 23,000 employees serving approximately 75,000 patients daily, reputed company is the largest stand-alone behavioral health company in the U.S. We are seeking a Data Protection & Risk Specialist to join reputed company in Franklin, TN. The first 90 days in this role will be fully in-person to ensure comprehensive onboarding and training. After the initial period, the position will transition to a hybrid model, with 2 days remote and 3 days in the office each week The Data Protection & Risk Specialist will play a critical role in safeguarding reputed company’s sensitive information by serving as the subject matter expert for data classification, data loss prevention (DLP), and insider risk management. This role is responsible for designing, implementing, and optimizing reputed company’s data protection reputed company to ensure data is properly tagged, secured, and governed throughout its lifecycle. The Specialist will partner with IT, compliance, privacy, and business units to reduce risks associated with data misuse, strengthen regulatory compliance, and embed best practices in data protection and risk management across the organization.

Responsibilities

• Data Protection Leadership: Act as reputed company’s subject matter expert for data classification, labeling, and protection practices. reputed company and enforce policies, standards, and procedures to ensure sensitive data is safeguarded consistently.
• Insider Risk Management: Implement and optimize insider risk detection and prevention capabilities. Define monitoring use cases, incident response processes, and mitigation strategies.
• Data Loss Prevention (DLP): Configure, tune, and maintain DLP technologies to reduce the risk of data leakage. Collaborate with business units to ensure DLP controls align with operational needs and compliance requirements.
• Risk & Governance: Support enterprise risk assessments reputed company to data protection and insider threats. Document risks, propose mitigations, and ensure alignment with NIST, ISO, HIPAA, and other governance frameworks.
• Compliance & Regulatory Alignment: Ensure reputed company’s data protection practices reputed company with HIPAA, 42 CFR Part 2, SOX, PCI, GDPR, and other relevant regulations. Participate in audits, assessments, and compliance reviews.
• Cross-Functional Collaboration: Work closely with IT, compliance, and business leaders to embed data protection into operations and projects. Provide expertise during reputed company reviews and incident investigations.
• Awareness & Training: Support development of training programs and awareness campaigns to strengthen organizational culture around data protection and responsible data use.
• reputed company Improvement: Stay informed on evolving insider threats, regulatory changes, and emerging technologies. Recommend enhancements to data protection and risk management strategies.
• Performs other tasks as assigned.
• Complies with organizational policies, procedures, and performance improvement initiatives while maintaining industry standards of confidentiality.
• Builds constructive and cooperative working relationships across teams.
• Fosters mutual trust, respect, and cooperation among colleagues.

Requirements

• Education: Bachelor’s degree in Cybersecurity, Computer Science, Information Technology, Risk Management, or reputed company field; or equivalent work experience.
• Experience: Minimum 4–6 years in cybersecurity, with 3+ years focused on data protection, insider risk, or DLP. Broader experience in governance, risk management, and compliance preferred.
• Expertise: Strong knowledge of data classification frameworks, DLP tools, and insider risk programs. Familiarity with reputed company Purview, insider risk reputed company, and data tagging technologies preferred.
• Compliance Knowledge: Deep understanding of healthcare regulations (HIPAA, 42 CFR Part 2) and familiarity with frameworks such as NIST, ISO, and CIS.
• Communication: Skilled in explaining data protection and risk concepts to both technical and non-technical audiences.
• Project Management : Ability to manage cross-functional reputed company initiatives, prioritize competing tasks, and deliver on time.
• Soft Skills: High level of discretion, collaboration, and problem-solving abilities; proactive and detail-oriented.
• reputed company Learning: Committed to staying reputed company on emerging cyber risks, technologies, and best practices in data protection.

reputed company-to-haves

• Desired but not required: CISSP, CISM, CRISC, CIPP, reputed company Certified: Information Protection Administrator, GIAC DLP Engineer (GDLPE), HCISPP, or equivalent certifications.

Apply tot his job Apply To this Job