Job Description An enterprise retail company is seeking a Data Governance Analyst to join their Global Cybersecurity team. As a Data Governance Analyst, you will be responsible for conducting third-party vendor solution assessments as part of a combined and comprehensive process to clear a backlog of existing and potential vendors. The combined assessment process will include the following components: 1. Data Classification and Solution Profiling: Determine data classification level and complete a solution profile for each vendor solution based on the product and intended company use case. The data classification and profile will inform subsequent assessments. 2. Generative AI tools: Assess tools and services to determine if any Generative AI technology is integrated or used to augment capabilities. 3. Third Party Risk: Assess vendors cybersecurity program and overall risk posture of the entity based on vendor responses to industry-standard questionnaires, certifications, audits and attestations. E.g. SIG Lite, CACQ, SOC 1 or 2, ISO 27001, cybersecurity insurance, etc. 4. Architecture: Assess technical fit based on the company's functional and non-functional requirements. 5. Security: Assess the security of the vendors product(s) against the company's minimum security requirements, identify and qualify risks using STRIDE, and produce a risk rating. 6. Personally Identifiable (PI) Data Use: Assess any use of PI customer or employee data. For products using PI other than employee basic user profile (first name, last name, email, title, org, office location, work phone), develop logical data flows, document data sharing agreements and conduct a cross-functional review with selected company subject-matter experts from privacy, legal, ethics & compliance, cybersecurity and data owners/stewards. 7. Issues and Recommendations: Document any issues identified in the combined assessment process and describe the severity of the issue: critical, high, medium, or low. For critical, high, and medium issues, recommend corrective action(s) by the vendor or the company to address the issue. We are a company committed to creating diverse and inclusive environments where people can bring their full, authentic selves to work every day. We are an equal opportunity/affirmative action employer that believes everyone matters. Qualified candidates will receive consideration for employment regardless of their race, color, ethnicity, religion, sex (including pregnancy), sexual orientation, gender identity and expression, marital status, national origin, ancestry, genetic factors, age, disability, protected veteran status, military or uniformed service member status, or any other status or characteristic protected by applicable laws, regulations, and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or recruiting process, please send a request to HR@insightglobal.com .     To learn more about how we collect, keep, and process your private information, please review Insight Global's Workforce Privacy Policy: https://insightglobal.com/workforce-privacy-policy/ . Skills and Requirements - 4+ years proven experience in data governance. - Industry governance or compliance framework knowledge and ability to support data classification, third-party risk, and PI data use:   o DMBoK   o NIST 800-53r5   o SIG/SIG Lite   o CACQ   o SSAE 18 (SOC 1,2)   o ISO 27001 - Strong understanding of cybersecurity controls, data protection regulations (e.g., GDPR, CCPA), and industry best practices. - Excellent analytical and problem-solving skills. - Ability to communicate complex technical concepts to non-technical stakeholders. - Strong organizational skills and attention to detail. Certifications such as CISA/CISSP, DGSP/CDMP/CIMP, CISM, CIPM or others focused on controls assurance, information security, data privacy or information risk management is a strong plus. null We are a company committed to creating diverse and inclusive environments where people can bring their full, authentic selves to work every day. We are an equal employment opportunity/affirmative action employer that believes everyone matters. Qualified candidates will receive consideration for employment without regard to race, color, ethnicity, religion,sex (including pregnancy), sexual orientation, gender identity and expression, marital status, national origin, ancestry, genetic factors, age, disability, protected veteran status, military oruniformed service member status, or any other status or characteristic protected by applicable laws, regulations, andordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request to HR@insightglobal.com.