Data Governance & Privacy Lead

The Data Governance & Privacy Lead defines and drives the governance framework for data used by smart-city capabilities (including Cognitive AI). The role establishes standards for data classification, privacy-by-design, consent, retention, lineage, and controlled sharing across multi-tenant environments and multiple vendors. Working with stakeholders, security teams, and delivery vendors, the lead ensures that data products and AI pipelines comply with applicable regulations and policies , and that governance is operationalized through tooling, processes, and automated controls embedded into platform onboarding and service delivery.

Key Responsibilities

• Define data governance operating model : roles (data owners/stewards), RACI, councils, and approval workflows.
• Establish standards for data classification, residency, retention, legal holds, and secure disposal across tenants.
• Define privacy-by-design requirements : consent management, purpose limitation, minimization, and data access controls.
• Drive data cataloging and metadata management (ownership, descriptions, schemas, sensitivity labels, quality scores).
• Define lineage and provenance requirements for data pipelines and AI artifacts (datasets, labels, embeddings, vector indexes).
• Specify DLP and egress control requirements for storage, APIs, and AI/RAG workflows; coordinate with Cybersecurity Architect.
• Define data-sharing policies and contracts (inter-agency sharing, vendor access boundaries, anonymization/masking rules).
• Establish data quality framework : validations, monitoring, SLA/KPIs, issue management, and remediation processes.
• Provide governance assurance for vendor deliverables (design reviews, acceptance criteria, compliance evidence packs).
• Enable operations : governance dashboards, audit reporting, periodic access reviews, and training for data owners/stewards.

Skills & Abilities

• Strong knowledge of data governance, privacy, and compliance practices in regulated environments.
• Ability to operationalize governance through processes and automated technical controls (policy-as-code mindset).
• Understanding of modern data platforms (lakehouse, streaming, catalog/lineage) and AI data lifecycle (RAG/embeddings).
• Excellent stakeholder management across legal, security, business owners, and vendor teams.
• Strong documentation, control definition, and audit-readiness skills .

Education & Experience

• Bachelor’s degree in Computer Science, Information Technology, Cybersecurity ; Master’s degree highly preferred.
• 7+ years in data governance, privacy, compliance, or data management roles (government/telco preferred).
• Experience implementing data catalog/lineage tools and defining enterprise-wide data standards and policies.
• Experience with privacy controls (consent, RTBF/DSR processes, anonymization/masking, retention schedules).
• Background working with delivery vendors and integrating governance into program delivery and acceptance gates.
• Familiarity with AI data governance concepts (dataset/model cards, provenance, RAG content governance).

Preferred Tools

• Data governance/catalog: Microsoft Purview (or equivalent), data classification/labeling tools
• Data protection: DLP tooling, encryption/CMK/HSM, key management (Key Vault/KMS)
• Data platforms: lakehouse (Delta/Iceberg), streaming (Kafka/Event Hubs), SQL/ETL orchestration (Airflow)

Soft Skills

• Strong facilitation and consensus-building (data councils, policy workshops)
• Ability to translate legal/privacy requirements into actionable technical controls
• High attention to detail with pragmatic prioritization
• Confidence to challenge non-compliant designs and drive remediation
• Effective communication and training approach for non-technical stakeholders