Overview
Fred Hutchinson Cancer Center is an independent, nonprofit organization providing adult cancer treatment and groundbreaking research focused on cancer and infectious diseases. Based in Seattle, Fred Hutch is the only National Cancer Institute-designated cancer center in Washington.
With a track record of global leadership in bone marrow transplantation, HIV/AIDS prevention, immunotherapy and COVID-19 vaccines, Fred Hutch has earned a reputation as one of the world’s leading cancer, infectious disease and biomedical research centers. Fred Hutch operates eight clinical care sites that provide medical oncology, infusion, radiation, proton therapy and related services, and network affiliations with hospitals in five states. Together, our fully integrated research and clinical care teams seek to discover new cures to the world’s deadliest diseases and make life beyond cancer a reality.
At Fred Hutch we value collaboration, compassion, determination, excellence, innovation, integrity and respect. Our mission is directly tied to the humanity, dignity and inherent value of each employee, patient, community member and supporter. Our commitment to learning across our differences and similarities make us stronger. We seek employees who bring different and innovative ways of seeing the world and solving problems.
The Data Governance Specialist III designs, implements, and operates the enterprise data governance program within Fred Hutch's Information Security function. The role centers on protecting sensitive clinical, research, and operational data — ensuring it is properly classified, controlled, and used in compliance with applicable regulations and institutional policy.
This role works closely with the Office of the Chief Data Officer (OCDO), GRC, Privacy, Legal, and research and clinical business units to put data governance into practice and brings both technical depth and policy fluency to one of the organization's most critical compliance functions.
Most Fred Hutch jobs require some on-campus work. However, there may be flexibility for certain positions. Please check with the recruiter if you are an out-of-state applicant interested only in working outside of the Seattle area.
Responsibilities
Data Governance Program
- Own and maintain the enterprise data classification and handling program, including policies, standards, and data inventories.
- Develop and operate processes for data lifecycle management — covering data ownership/stewardship, data lineage, retention, de-identification, and secondary use in research and clinical contexts.
- Partner with OCDO, Privacy, and Legal to ensure data governance policies are consistently applied across systems, cloud services, and research platforms.
- Provide governance guidance on projects involving data collection, integration, analytics, and AI/ML use cases, including IRB-adjacent data use considerations.
Compliance & Risk
- Assess data-related risks across systems, applications, third-party vendors, and cloud environments; track and drive remediation.
- Support external audits and assessments involving data (HIPAA, HITRUST, research compliance), including evidence preparation and response coordination.
- Collaborate with Privacy and Legal to interpret and operationalize current and emerging regulations: HIPAA/HITECH (including the 2025 Security Rule updates), GDPR, the Common Rule, and FDA 21 CFR Part 11.
- Maintain data protection impact assessments, handling standards, and records of processing activities and policy exceptions.
Operations & Tooling
- Recommend and oversee data protection technologies including DLP, CASB, DSPM, and data discovery/classification tools.
- Maintain enterprise data flow documentation: systems of record, data transfers, cross-border flows, and third-party obligations.
- Work with Security Operations monitoring for data-related threats (exfiltration, misuse); support incident response scoping and regulatory notification requirements.
- Define and report metrics on data governance program effectiveness for executive and regulatory audiences.
Training & Collaboration
- Deliver targeted awareness training on data handling, classification, and secure use of cloud and collaboration platforms.
- Mentor team members and contribute to maturing data governance practices across the organization.
Qualifications
MINIMUM QUALIFICATIONS:
- Bachelor’s degree in information technology, computer science, business analytics, statistics, data science, public health, or other scientific or health-related field.
- Minimum 9 years of experience in data analytics, data management, governance, privacy, security or related disciplines (a Master’s degree can substitute for two years of professional experience).
- Strong evidence of excellent cross-discipline communication via written and verbal communication with ability to present complex technical information in a clear and concise manner to a variety of audiences, including executives and non-technical leaders.
- Demonstrated expertise in managing enterprise-wide governance initiatives across data domains.
- Demonstrated ability to scale and sustain external and internal initiatives and partnerships around data governance functions.
PREFERRED QUALIFICATIONS:
- Hands-on experience with data protection and governance tools (DLP, DSPM, data classification/discovery tools, data catalogs, or equivalent).
- Working knowledge of healthcare and research regulatory frameworks: HIPAA/HITECH, the Common Rule, FDA 21 CFR Part 11, and related state privacy laws.
- Familiarity with security and risk frameworks: NIST 800-53, NIST CSF, HITRUST CSF, and NIST AI RMF.
- Proven ability to translate complex regulatory and policy requirements into practical controls and operational processes.
- Strong written and verbal communication skills; comfortable presenting data risk topics to executive and non-technical audiences.
- High integrity and sound judgment when handling sensitive, confidential information.
- Experience in a research or academic medical center environment, including familiarity with research data sharing agreements, data use agreements (DUAs), and IRB processes.
- Experience integrating GRC platforms with data governance and security tooling for control monitoring and evidence collection.
- Proficiency with cloud data platforms (Azure, AWS) and modern data architectures (data lakes, pipelines, analytics platforms).
- Experience evaluating AI/ML pipelines and data sets for compliance, privacy, and ethical use requirements.
- Ability to script or automate governance processes (Python, PowerShell, or API integrations).
- Relevant certifications: CDMP, CIPT, CIPP/US, HCISPP, CISSP, CISM, CRISC, or HITRUST CCSFP.
The annual base salary range for this position is from $115,170 to $182,021, and pay offered will be based on experience and qualifications.
Most Fred Hutch jobs require some on-campus work. However, there may be flexibility for certain positions. Please check with the recruiter if you are an out-of-state applicant interested only in working outside of the Seattle area. This position may be eligible for a sign-on bonus.Although Fred Hutch is not sponsoring most H-1B visas at this time, candidates who already hold an H-1B sponsored by another organization and are currently in the U.S. may be eligible for this position.Fred Hutchinson Cancer Center offers employees a comprehensive benefits package designed to enhance health, well-being, and financial security. Benefits include medical/vision, dental, flexible spending accounts, life, disability, retirement, family life support, employee assistance program, onsite health clinic, tuition reimbursement, paid vacation (12-22 days per year), paid sick leave (12-25 days per year), paid holidays (13 days per year), and paid parental leave (up to 4 weeks).