About the role
The Senior Data Governance Specialist is the senior individual contributor who builds and runs the data-governance tooling that makes the program real — the PDPA compliance scanner, the data-catalogue automation, the access-control sync, the AI model-governance evidence. This role makes policy technically true and measurable across the enterprise data estate.
Key Responsibilities
- Design, build, and operate an automated weekly PDPA compliance scanner on data-catalogue assets — checking classification completeness, retention-tag presence, access-control alignment — and maintain machine-readable audit evidence ready for regulators on demand.
- Drive data-catalogue (Databricks Unity Catalog or equivalent) technical adoption — bulk registration tooling, classification tagging, lineage capture, metadata-quality checks — with measurable coverage targets.
- Implement automated Row-Level Security sync integrated with Azure AD; reduce access-ticket volume through self-service and automated provisioning.
- Maintain the AI model-governance register and operationalise governance directives into the model-deployment CI / CD gate; build and run the GenAI audit trail.
- Build and operate the schema-governance CI check — no unreviewed schema change reaches production; maintain the exception workflow and audit log.
- Implement the data-classification framework (public / internal / confidential / restricted) at scale; tie to retention and access policy; detect classification drift.
- Partner with Data Stewards as the technical enabler — build the tools they rely on (DQ triage UI, glossary entry flows, source SLA dashboards).
- Partner with the Data Protection Officer and Legal on enforcement, incident response, and audit cycles; co-own data-product governance with platform engineering.
Requirements
- Bachelor's degree in Computer Science, Information Systems, Data Engineering, or a related discipline.
- 5+ years total data-engineering / governance-engineering experience, with 3+ years on data governance tooling and compliance (catalog operations, access-control automation, classification, lineage).
- Strong Python — builds production services (scanner, CI checks, automations); solid SQL fluency; comfortable reading PySpark.
- Thailand PDPA literacy — translates a requirement into an automated control; GDPR or comparable regime experience welcome.
- Production experience with a data catalog (Databricks Unity Catalog, Collibra, Atlan, Purview, Informatica, Alation, or equivalent).
- Designed and implemented access-control automation in cloud data platforms (RBAC + RLS + IAM integration).
- Git / CI production discipline; cloud platform experience (Azure preferred).
- Can write a clear design doc and partner with engineers, legal, and security stakeholders.
Preferred Qualifications
- Hands-on Databricks Unity Catalog production experience (tags, lineage, RLS, system tables); AI Model Governance exposure (NIST AI RMF, EU AI Act awareness, model-registry governance gates).
- Data contracts implementation (Gable, Schemata, or in-house); policy-as-code (OPA, Rego) or CI-based policy enforcement.
- ISO 27001 / SOC 2 evidence-collection experience; retail loyalty / POS data context (consent, PII at retail scale).
- Vendor or industry certifications such as Databricks Data Engineer Professional, DAMA CDMP, PDPA training (Thai DPO programme), or ISO 27001 Lead Implementer.