The Data Governance & Privacy Lead defines and drives the governance framework for data used by smart-city capabilities (including Cognitive AI). The role establishes standards for data classification, privacy-by-design, consent, retention, lineage, and controlled sharing across multi-tenant environments and multiple vendors. Working with stakeholders, security teams, and delivery vendors, the lead ensures that data products and AI pipelines comply with applicable regulations and policies, and that governance is operationalized through tooling, processes, and automated controls embedded into platform onboarding and service delivery.

Key Responsibilities

• Define data governance operating model: roles (data owners/stewards), RACI, councils, and approval workflows.
• Establish standards for data classification, residency, retention, legal holds, and secure disposal across tenants.
• Define privacy-by-design requirements: consent management, purpose limitation, minimization, and data access controls.
• Drive data cataloging and metadata management (ownership, descriptions, schemas, sensitivity labels, quality scores).
• Define lineage and provenance requirements for data pipelines and AI artifacts (datasets, labels, embeddings, vector indexes).
• Specify DLP and egress control requirements for storage, APIs, and AI/RAG workflows; coordinate with Cybersecurity Architect.
• Define data-sharing policies and contracts (inter-agency sharing, vendor access boundaries, anonymization/masking rules).
• Establish data quality framework: validations, monitoring, SLA/KPIs, issue management, and remediation processes.
• Provide governance assurance for vendor deliverables (design reviews, acceptance criteria, compliance evidence packs).
• Enable operations: governance dashboards, audit reporting, periodic access reviews, and training for data owners/stewards.

Skills & Abilities

• Strong knowledge of data governance, privacy, and compliance practices in regulated environments.
• Ability to operationalize governance through processes and automated technical controls (policy-as-code mindset).
• Understanding of modern data platforms (lakehouse, streaming, catalog/lineage) and AI data lifecycle (RAG/embeddings).
• Excellent stakeholder management across legal, security, business owners, and vendor teams.
• Strong documentation, control definition, and audit-readiness skills.

Education & Experience

• Bachelor’s degree in Computer Science, Information Technology, Cybersecurity; Master’s degree highly preferred.
• 7+ years in data governance, privacy, compliance, or data management roles (government/telco preferred).
• Experience implementing data catalog/lineage tools and defining enterprise-wide data standards and policies.
• Experience with privacy controls (consent, RTBF/DSR processes, anonymization/masking, retention schedules).
• Background working with delivery vendors and integrating governance into program delivery and acceptance gates.
• Familiarity with AI data governance concepts (dataset/model cards, provenance, RAG content governance).

Preferred Tools

• Data governance/catalog: Microsoft Purview (or equivalent), data classification/labeling tools
• Data protection: DLP tooling, encryption/CMK/HSM, key management (Key Vault/KMS)
• Data platforms: lakehouse (Delta/Iceberg), streaming (Kafka/Event Hubs), SQL/ETL orchestration (Airflow)

Soft Skills

• Strong facilitation and consensus-building (data councils, policy workshops)
• Ability to translate legal/privacy requirements into actionable technical controls
• High attention to detail with pragmatic prioritization
• Confidence to challenge non-compliant designs and drive remediation
• Effective communication and training approach for non-technical stakeholders