Data governance: Is it the career for you?
No matter what type of business you’re in, data itself is a vital commodity. Without a healthy dose of data, organizations struggle to conduct business effectively or efficiently. Data management is a very broad field that focuses on data and data quality across its lifecycle. Within data management is data governance, or the rules, responsibilities and processes that specify how data may be accessed and by whom.
In recent years, numerous executive-level job titles have evolved within data management. chief data officers are one example. These high-ranking positions are data managers tasked with bridging the gap between technology and business. Their goal is to help their organization leverage data and, as a result, gain a competitive advantage. Chief digital officers are charged with using digital information and modern technologies, such as cloud, to create business value.
What should you learn next?
Within the field of data governance, there is also a wide variety of job titles, including data governance officer, manager of enterprise data governance and data risk specialist. LinkedIn has 31,000 open data governance opportunities currently. Salaries vary depending on job responsibilities. For example, salary.com reports typical U.S. salaries of:
- $59,400 and $90,100 for data governance specialists
- $96,583 to $125,508 for data governance managers
- $200,120 for jobs with data governance skills, such as chief information security officer (CISO) or chief technology officer (CTO)
What is data governance?
Data governance is defined by Gartner as the specification of decision rights and an accountability framework to ensure the appropriate behavior in the valuation, creation, consumption and control of data and analytics.
“Appropriate” is a key term here as the protection of data has risen to critical levels while cybercriminals continue their relentless pursuit to disrupt, steal and ransom data. Further compounding the risk is evolving government regulations like GDPR, HIPAA, PCI DSS, Sarbanes-Oxley and many others that require data to be safeguarded. Non-compliance results in costly fines.
The goal for most data governance officials is to reduce risk while also perpetuating the increasing value of an organization’s data. To accomplish this, there are a host of areas to cover off on. The Data Governance Institute recommends you start your strategy by establishing a Data Governance Framework, or a structure that classifies, organizes and communicates the activities involved in making decisions about and taking action on data.
Within such a framework, certain risk management controls get identified and this is where Rita Gurevich comes in. She is CEO and founder of Sphere Technology Solutions and they are experts in access control and, more specifically, entitlements which are the permissions issued across all data. This may include group drives, Sharepoint sites, mailboxes, public folders, application data on a local C drive and more.
“You would be shocked at the gaping holes that exist at large enterprises when it comes to entitlements and it’s absolutely a major problem when an intruder enters your four walls and finds open access,” Gurevich says.
What do data governance managers do?
Governing data across its lifecycle is a big job and for most organizations. It’s hard to know where to start despite understanding its importance and value. The first step, according to Gurevich, is having the capability to collect data from wherever it is created and stored and organize it all into meaningful buckets.
“You need to organize the data in a way that it can be digested by outside individuals, not just technologists but the business community. Pulling reports with millions of rows of information, static lists of locations and entitlements isn’t actionable.”
Showing data in a way that is relatable to other business influencers outside of IT is how actionable plans get formed.
Another important piece of information data governance specialists should remember, Gurevich says, is all the answers don’t live in one place. Figuring out who owns the data and therefore who should and should not have access isn’t the decision of IT and their rows of data. Determining access, whether or not data is still needed, and other decisions must be sorted out from a wide variety of sources and people.
And entitlements change often, Gurevich notes. “The obvious examples are you have summer interns, people change roles, leave the organization, enter the organization. You need good housekeeping” to stay on top of how an organization and its data evolves.
How do you get into data governance?
Data governance positions vary in experience requirements, but generally, they are not entry-level positions. Time spent working in access control, privileged access and even network security is beneficial. Usually, a strong foundation in computer science is a good starting point.
Additionally, for Gurevich, those with a background in infrastructure and an understanding of storage systems and messaging platforms have an advantage. Understanding the technology makes it easier to understand vulnerabilities and how entitlements work. Her recommendation is hands-on experience.
FREE role-guided training plans
“Go manage an infrastructure. Go work on a storage team or a network team. You’ll learn so much organically about data, about governance and about security,” she says.
At Sphere, they look for talented, motivated-driven individuals who aren’t afraid to think outside the box and offer new ideas. “This is still a very new space, so we look for independent thinkers and outgoing individuals who are hungry for information, to learn, and to help others.”
To learn more about a career in data governance with a focus in access control, watch the Cyber Work Podcast, Data governance strategy in 2021 with Rita Gurevich.
Sources
- What is a chief data officer, Dataversity
- Chief digital officer, TechTarget
- Data governance specialist, Salary.com
- Data governance manager, Salary.com
- Average salary for jobs with data governance skills, Salary.com
- Data governance, Gartner IT Glossary, September 2021
- Data governance framework and components Data Governance Institute
In this Series
- Data governance: Is it the career for you?
- Top-paying cybersecurity jobs and salary trends for 2024
- The importance of IT certifications in boosting your career
- Understanding the role of a network engineer in IT
- The role of the chief information officer (CIO) in cybersecurity
- What is a network engineer and how to become one?
- What does a system administrator do and how to become one?
- Cyber security hiring: Tips and best practices
- Cybersecurity soft skills: Career benefits of public speaking
- CompTIA Data+ certification: Opening doors to new careers
- Surviving cybersecurity burnout: Tips from industry experts
- How to make a mid-career change to cybersecurity
- 7 top security certifications you should have in 2024
- The Changing Role of the Modern SOC
- Discover the top 5 information security management certifications
- CySA+ versus CASP+: Is the CySA+ good enough for a career in cybersecurity?
- The best cybersecurity jobs in 2023: Trends, roles and salaries
- Top 10 penetration testing certifications for security professionals (2023)
- How to land an entry-level cybersecurity job: Essential skills and certifications
- 133 cyber security training courses you can take now — for free
- Breaking down barriers: How to make cybersecurity more inclusive and diverse
- Computer forensics interview questions
- The digital security forensic analyst salary guide
- Applying linguistics to cybersecurity: The journey of Jade Brown, a 2022 Infosec Scholarship winner
- The Path to “Career 4.0”: Amy Bonus leverages humanities, FinTech experience to bring Cybersecurity to the layperson
- Security engineer: Degree vs. certification
- Cybersecurity engineer: CyberSeek
- Infosec Accelerate Scholarship winner highlights essential qualities of a successful cybersecurity professional
- Career skills, imposter syndrome and intelligence-led pentesting | From the Cyber Work desk
- Cloud security engineer interview questions and answers
- Prior preparation results in a big payoff for Jason Mondragon, an Army veteran transitioning into cybersecurity
- Infosec scholarship winner Kandice Kucharczyk salutes her mentors as she sets her sights high
- Which CompTIA cert is right for you: Security+, PenTest+, CySA+ or CASP+? [updated 2023]
- How VetsInTech and Infosec Laid the Path to Gaurav Panta’s New IT Career
- Infosec 2022 scholarship winner Anthony Torres: Bringing the Marine Corps ethos to the cyber domain
- Infosec Scholarship winner Chris Chisholm knows the power of service and diversity in cybersecurity
- Betta Lyon Delsordo, Infosec scholarship 2022 winner, is a true life-long learner
- A veteran transitions from military medical logistics to multi-national security analyst
- An Army National Guard member fast tracks his cybersecurity career transition with VetsinTech
- How a career harnessing Navy nuclear energy can power a transition to a Security+ certification
- What is a cloud administrator? Essential roles and skills
- Security control mapping: Connecting MITRE ATT&CK to NIST 800-53
- Should you take the CCSP/SSCP before the CISSP? [updated 2022]
- (ISC)² certifications: The ultimate guide [updated 2022]
- CCSP vs. Cloud+ [updated 2022]
- Data architect: The ultimate career guide
- The ultimate guide to ISACA certifications: Overview & career paths [updated 2022]
- I failed IAPP’s CIPP/C certification. Here’s how I recovered
- How learning to be "Always Flexible" helped a Marine in earning the Security+ certification
- How to learn and pass your next certification exam
- Mission accomplished: How one army veteran turned neurobiologist moved into cybersecurity
Get free resources in your inbox!
Sign up for our newsletter and get free cybersecurity resources in your inbox every week. Prepare for your next cert, learn new skills, increase your salary and more!
Professional development
Professional development
Professional development
Professional development
The role of the chief information officer (CIO) in cybersecurity