Data Security & Governance Analyst - Innovation & Technology Services

City of Savannah•Suite 120, GA

3d•Onsite

About The Position

The City of Savannah’s Innovation & Technology Services (ITS) Department is seeking a highly skilled and detail-oriented Data Security & Governance Analyst to lead the implementation and operational management of enterprise data protection and governance capabilities across the organization. This is a high-impact role for a professional who thrives at the intersection of cybersecurity, data governance, compliance, and emerging AI technologies. This newly established position offers a rare opportunity to make a lasting impact on the City’s future. As Savannah continues its journey toward becoming a truly data-driven organization, this role serves as a cornerstone in bridging IT and business operations, shaping policies, enforcing role-based access, and strengthening compliance practices. The individual stepping into this position will help define how the City of Savannah manages and uses data, enabling more informed decision-making and improved performance monitoring across departments, ultimately contributing to a more innovative, efficient, and forward-thinking city. The Data Security and Governance Analyst will act as an expert in data security and management, responsible for implementing, configuring, and maintaining governance solutions like Microsoft Purview. This role focuses on establishing data access policies and safeguards to ensure the secure and compliant use of AI-powered tools and data archival technologies across the organization. Collaborating closely with the Cybersecurity team, the analyst will help develop and enforce policies, procedures, and controls that protect data confidentiality, identity, and availability. By aligning security policies with organizational objectives, this position will play a vital role in supporting accurate, reliable, and data-driven decision-making while advancing the organization’s cybersecurity initiatives. The ideal candidate is self-motivated and technically minded, demonstrating high standards, strong collaboration skills, and creativity. They possess deep expertise in Microsoft 365 compliance tools, data loss prevention (DLP), information protection, data governance best practices and role-based access control (RBAC). This position plays a vital role in safeguarding City data.

Requirements

Bachelor’s degree from an accredited college or university and four (4) years of professional Data Security and Governance experience; or any equivalent combination of education, training and experience provides the requisite knowledge, skills and abilities to successfully perform the responsibilities of the position.
3–5 years of experience administering Microsoft 365 compliance and security tools.
Proven experience with Microsoft Purview, Information Protection, and Data Loss Prevention.
Familiarity with Microsoft Copilot, its data architecture, and how it interfaces with M365 workloads.
Strong understanding of data governance frameworks, zero-trust security, and least-privilege access models.
Experience with NIST, CJIS, and HIPAA data compliance standards.
Knowledge of relevant regulations and industry standards.
Strong understanding of data security and governance principles and practices

Nice To Haves

Microsoft Certified: Information Protection and Compliance Administrator Associate (SC-400)
Microsoft Certified: Cybersecurity Architect Expert
Experience with technology projects
Demonstrably high standards in a fast-paced work environment
Able to work with an appropriate sense of urgency
Understanding the concepts of the PMI model and ability to apply to projects as needed.
Knowledge and understanding of data governance best practices.
Skilled in prioritizing multiple projects and tasks simultaneously.
Ability to effectively train others, complete documentation, and present on projects and solutions as needed.
Ability to research, interpret, and apply policies.
Excellent verbal and written communication skills.
Consistently strive to demonstrate the IT Values within various City departments.
Strong understanding of Cybersecurity and Data Management principles

Responsibilities

Designs and implements Microsoft Purview Information Protection policies to classify and label data (e.g., Public, Confidential, Restricted).
Establishes and maintains sensitivity labels , retention policies , and data classification schemas for Copilot and the broader M365 use.
Collaborate with the Microsoft 365 team to define Copilot guardrails , ensuring that AI-generated content does not expose unauthorized data.
Monitors data access patterns and manage data access controls.
Investigates anomalies using tools such as Purview Audit and Microsoft Defender for Cloud Apps
Implements Data Loss Prevention (DLP) policies to prevent oversharing of sensitive information internally and externally
Manages compliance portals , configure Microsoft Purview roles and permissions , and coordinate with security teams for ongoing audits.
Provides documentation, training, and support to ensure department-wide adoption of best practices for AI governance.
Stay current with Microsoft Purview roadmap and evolving features related to AI and data security.
Identifies, assesses and mitigates risks relate to data security and governance and works with ITS Security Team to access and remediate potential data breaches and unauthorized access.
Implement processes and controls to ensure data accuracy, completeness and consistency.
Collaborates with stakeholders throughout the City of Savannah to ensure effective data governance practices and validate enforcement.
Performs other related duties and responsibilities as required.