Philadelphia, Pennsylvania
Danville, Pennsylvania
Durham, North Carolina
Stockton, California
Lynnwood, Washington
Posted: 07-Oct-25
Location: Dallas, Texas
Categories:
Internal Number: 25017432
Job Summary
The Director of Data Protection, reporting to the CISO, provides strategic and operational leadership for the healthcare system?s enterprise data protection and PCI compliance programs. This role is responsible for safeguarding sensitive data assets including protected health information (PHI), personally identifiable information (PII), payment card data, and financial records across on-premises, cloud, and third-party environments. The Director oversees technologies, governance, and compliance processes that ensure adherence to HIPAA, HITECH, PCI DSS, and related regulations, while fostering a culture of privacy, accountability, and security across the organization.
The Director leads PCI initiatives end-to-end, including scoping, P2PE implementations, SAQ/eCommerce reporting, and vendor attestations. This role requires a deep understanding of data protection, data governance, insider risk, and payment security, along with proven ability to lead teams and influence senior stakeholders in a large, complex healthcare environment.
Key Responsibilities
- Develop and execute the organization?s enterprise Data Protection strategy and roadmap, aligned with business objectives and regulatory requirements.
- Establish and maintain policies, standards, and procedures that meet HIPAA, HITECH, and PCI DSS obligations.
- Lead PCI program operations, including SAQ reporting, P2PE deployments, vendor attestations, and risk analysis.
- Direct enterprise data discovery, inventory, and classification across EHR systems (Epic, MyChart), M365, cloud platforms, and payment environments.
- Oversee deployment and management of data protection technologies, including DLP, DSPM, encryption, and insider risk monitoring.
- Drive integration of data protection with IAM, cloud security, and cyber defense programs.
- Lead investigations and escalations for insider risk, DLP, and PCI-related incidents; ensure readiness for data breach and ransomware response.
- Partner with Data Governance to align on data domains, stewardship, retention, and classification standards.
- Provide executive-level reporting on PCI maturity, data protection metrics, and organizational risk posture.
- Build, mentor, and develop high-performing teams; foster a culture of accountability, innovation, and continuous improvement.
?
Preferred Qualifications & Leadership Experience
- 15 years of progressive experience in cybersecurity, IT risk, or compliance, with at least 7-10 years in leadership roles overseeing enterprise-level data protection or compliance programs.
- Proven leadership experience in large, complex healthcare or highly regulated environments.
- Demonstrated success leading PCI initiatives, including program scoping, P2PE implementations, eCommerce/SAQ reporting, vendor management, and remediation oversight.
- Experience managing cross-functional stakeholder engagement with executive leadership, regulators, and auditors.
- Strong communication and program management skills; ability to develop high-quality deliverables such as reports, policies, procedures, and executive briefings.
Technical & Domain Expertise
- Deep expertise in data protection technologies (DLP, DSPM, encryption, tokenization, classification, insider risk tools).
- Familiarity with large-scale healthcare IT environments, including Epic and MyChart, as well as PCI environments requiring SAQ-A, eCommerce reporting, and P2PE control sets.
- Strong understanding of healthcare regulations (HIPAA, HITECH) and advanced PCI DSS program management.
- Knowledge of cybersecurity frameworks (e.g., NIST CSF, ISO 27001, COBIT) and risk management methodologies.
- Experience integrating data protection with IAM, cloud, and network security programs in hybrid environments.
- Industry certifications such as CISSP, CISM, CISA, PCI-P, ISA, or QSA strongly preferred.
- Specialized experience managing PCI assessments and programs at enterprise scale.
- Demonstrated ability to oversee large-scale audits and compliance initiatives in regulated industries.
Minimum Requirements
- Bachelor?s Degree or 4 years of work experience above the minimum qualification
- 5 years of experience