South Dublin, Co. Dublin, Ireland

Senior Analyst / Manager - Shadow IT Governance & Data Protection

Function:

Data Protection / Information Security

Overview

My client is seeking a highly skilled professional to join the Data Protection team, focusing on Shadow IT risk management, governance, and enforcement. As the organization accelerates adoption of SaaS, cloud services, and automation platforms, unapproved technology usage introduces significant data security, privacy, and compliance risks.
This role is responsible for designing and operating a structured, defensible blocking and escalation framework that protects enterprise data while enabling informed and balanced business decisions.

Key Responsibilities

Shadow IT Governance & Enforcement

• Execute the Shadow IT and Data Protection roadmap with primary ownership of:
  • Enforcement strategies
  • Escalation processes
  • Governance frameworks
• Design and maintain a comprehensive blocking strategy for unapproved applications, including:
  • Risk-based blocking criteria and thresholds
  • Risk scoring aligned to data sensitivity, access, and exposure
  • Defined escalation paths for exceptions and high-impact cases
• Ensure all blocking decisions are documented with:
  • Business justification
  • Technical impact assessment
  • Alignment to security and data protection policies

Escalation & Exception Management

• Manage unblock requests, exceptions, and escalations in collaboration with Security Operations and business stakeholders
• Balance security risk, policy requirements, and business impact in decision-making
• Lead structured escalation processes across a global enterprise

Stakeholder Communication & Coordination

• Establish communication protocols for notifying stakeholders of application blocks, including:
  • Timelines
  • Approved alternatives
  • Support resources
• Partner with application, platform, and business teams to define remediation paths:
  • Migration to approved tools
  • Compliance onboarding
  • Decommissioning of unauthorized applications
• Ensure consistent user experience across browsers for notifications and enforcement actions

Governance Model Development

• Build and operationalize a next-generation Shadow IT governance model emphasizing:
  • Transparency
  • Consistency
  • Defensibility
• Develop mechanisms to automatically identify/tag approved applications
• Drive cross-functional coordination and policy alignment

Data, Metrics & Reporting

• Design and implement data models and analytics frameworks to support:
  • Blocking decisions
  • Escalation tracking
  • Governance reporting
• Develop dashboards and automated reporting for:
  • Blocking trends
  • Unblock volumes
  • Escalation outcomes
  • Incident tracking
  • Stakeholder satisfaction
• Integrate and evaluate multiple data sources (e.g., SaaS discovery tools, telemetry, intake systems)
• Analyze datasets to identify:
  • Risk patterns
  • Repeat violations
  • Policy gaps
  • Opportunities for control improvements
• Perform data quality and completeness assessments to ensure governance coverage

Required Qualifications & Skills

• Strong experience designing or operating security governance or enforcement programs in large, complex environments
• Deep knowledge of:
  • Data security and governance
  • Information security engineering
  • Risk assessment methodologies and decision frameworks
• Proven ability to make and defend risk-based decisions balancing:
  • Security requirements
  • Business impact
  • Policy alignment
• Experience working cross-functionally with Legal, Privacy, Compliance, and Technology teams
• Strong documentation and communication skills, including executive-level reporting
• Demonstrated technical competency in security engineering
• Experience in data analysis to support governance decisions and risk evaluation

Preferred / Nice-to-Have Skills

• Experience with:
  • SaaS Security Posture Management (SSPM)
  • Cloud Access Security Broker (CASB)
  • Data Security Posture Management (DSPM)
• Familiarity with enterprise intake, exception, and risk acceptance processes
• Cloud security expertise
• Automation and analytics tools (e.g., ETL, dashboards, workflow automation)
• Experience with visualization and reporting platforms (e.g., Power BI or similar)
• Scripting, API integration, or application development experience
• Exposure to AI-driven solutions for security and governance

Relevant Experience Background

• Security Engineering
• Security Governance or Risk Management
• Cloud or SaaS Security
• Technology Risk or Security Consulting

Core Competencies

• Shadow IT Risk Management
• Blocking Strategy Design
• Escalation Management
• SaaS & Third-Party Risk
• Policy Enforcement & Governance
• Data-Driven Decision Making
• Cross-Functional Leadership