Acadia Healthcare · 14 hours ago
Data Protection & Risk Specialist
Franklin, TN
Full-time
Hybrid
Mid, Senior Level
4+ years expAcadia Healthcare is a leading provider of behavioral healthcare services across the United States. The Data Protection & Risk Specialist will safeguard sensitive information by serving as the subject matter expert for data classification, data loss prevention, and insider risk management, while collaborating with various teams to enhance data protection practices across the organization.
Mental Health Care
Responsibilities
Act as Acadia’s subject matter expert for data classification, labeling, and protection practices. Develop and enforce policies, standards, and procedures to ensure sensitive data is safeguarded consistently
Implement and optimize insider risk detection and prevention capabilities. Define monitoring use cases, incident response processes, and mitigation strategies
Configure, tune, and maintain DLP technologies to reduce the risk of data leakage. Collaborate with business units to ensure DLP controls align with operational needs and compliance requirements
Support enterprise risk assessments related to data protection and insider threats. Document risks, propose mitigations, and ensure alignment with NIST, ISO, HIPAA, and other governance frameworks
Ensure Acadia’s data protection practices comply with HIPAA, 42 CFR Part 2, SOX, PCI, GDPR, and other relevant regulations. Participate in audits, assessments, and compliance reviews
Work closely with IT, compliance, and business leaders to embed data protection into operations and projects. Provide expertise during security reviews and incident investigations
Support development of training programs and awareness campaigns to strengthen organizational culture around data protection and responsible data use
Stay informed on evolving insider threats, regulatory changes, and emerging technologies. Recommend enhancements to data protection and risk management strategies
Qualification
Required
Bachelor's degree in Cybersecurity, Computer Science, Information Technology, Risk Management, or related field; or equivalent work experience
Minimum 4–6 years in cybersecurity, with 3+ years focused on data protection, insider risk, or DLP
Strong knowledge of data classification frameworks, DLP tools, and insider risk programs
Deep understanding of healthcare regulations (HIPAA, 42 CFR Part 2) and familiarity with frameworks such as NIST, ISO, and CIS
Skilled in explaining data protection and risk concepts to both technical and non-technical audiences
Ability to manage cross-functional security initiatives, prioritize competing tasks, and deliver on time
High level of discretion, collaboration, and problem-solving abilities; proactive and detail-oriented
Committed to staying current on emerging cyber risks, technologies, and best practices in data protection
Preferred
Broader experience in governance, risk management, and compliance
Familiarity with Microsoft Purview, insider risk management solutions, and data tagging technologies
Desired but not required: CISSP, CISM, CRISC, CIPP, Microsoft Certified: Information Protection Administrator, GIAC DLP Engineer (GDLPE), HCISPP, or equivalent certifications
Company
Acadia Healthcare
Headquartered in Franklin, Tennessee, Acadia Healthcare was established in January 2005 to develop and operate a network of behavioral health facilities across the country.
10001+ employees
H1B Sponsorship
Acadia Healthcare has a track record of offering H1B sponsorships. Please note that this does not
guarantee sponsorship for this specific role. Below presents additional info for your
reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2023 (1)
Funding
Current Stage
Late StageLeadership Team
Anna M Gaddy, MA, LCAS, CCS
Chief Executive Officer-Carolina House
Bruce Melosh
CEO - Rebound Behavioral Health
Recent News
2024-05-02
2024-04-09
2024-04-09
Company data provided by crunchbase