Sample Job Description: Information Governance Program Director

Information Governance Program Director


Design, implement, and enhance an information governance strategy and program to comply with privacy, confidentiality, and information-security related laws and regulations, and company policies and objectives. Proactively anticipate and direct program changes to support continued compliance with the evolving information management and data protection landscape and furtherance of company objectives. Respond to data security incidents and enhance the company's data security incident response plan. The scope of information governance encompasses personal information, company information, systems and infrastructure.

Essential Responsibilities

Establish an information management and protection framework for an effective enterprise-wide information governance program ("program") and direct day-today activities, including program objectives, policies, procedures, training and communication. Develop methods for demonstrating success through metrics, key performance indicators and third-party assessments.

Identify information management and protection laws and regulations and implement actions to ensure compliance. Effectively represent the organization’s positions and advocate internal and external policy to shape the development of new laws and regulations consistent with company objectives.

Develop and implement a compliance monitoring system. Coordinate a company-wide risk assessment process to identify potential risks and control solutions. Monitor actions to identify emerging risks and to close gaps.

Create internal partnerships with key stakeholders, such as audit services, business services, human resources, legal services and security, to influence and align business-area actions that are needed to achieve program objectives. Serve as a consultant to business-area leaders. Direct actions to ensure external stakeholders, such as suppliers, have policies and practices that are aligned with laws, regulations, and organizational programs.

Provide oversight to an incident response team to investigate and respond to data incidents/breaches in a comprehensive and timely manner that complies fully with applicable federal and state laws and manages the impact to the organization's brand.

Perform leadership responsibilities, such as determining budget needs. Create and maintain an effective culture. Prepare formal communications.

Perform other duties as assigned.


  • BA/BS degree in business or related field, or a combination of education and related experience providing equivalent knowledge.
  • At least eight years relevant experience in compliance, legal, privacy, information security, or related area.
  • Demonstrated experience designing, managing, and executing large-scale, enterprise-wide projects.
  • Excellent verbal and written communication skills with the ability to influence the actions of internal stakeholders and manage relationships with external stakeholders.


  • Broad knowledge of information management and protection laws, regulations, and best practices.
  • Information governance experience, including in the areas of personal information, company information, systems, and infrastructure.
  • JD degree