Job Overview/Summary:
The remote and pioneering nature of this project
requires a Data Protection Officer who is able to create and enforce data
protection policies, negotiate data sharing and protection agreements with
partner organizations, and provide technical recommendations and user stories
to product development team within the Signpost technology team to ensure
actionable compliance to regulation. Signpost, a rapidly scaling community-led
information service that uses technology to support clients in times of crisis,
has built a system in Zendesk will equip VR&P case staff with digital
tools, channels and social media. This role will begin with an assessment of
the current state of data protection within Signpost’s digital infrastructure,
develop policy for VR&P that is modular to the global program, and onboard
new partner organizations to systems in compliant ways. This role will need to
embed with technology development and product teams to ensure policies are
being executed in development, offer suggested development interventions, and
work alongside product management staff to design new data protection builds.
While the candidate should have familiarity with data protection regulation in
the United States and Europe, we will prioritize candidates with technical competency.
This staff member will engage stakeholders within the 15 person technology
team, IRC HQ Data and Data Protection leadership, and VR&P partner
networks.
Major Responsibilities:
Technical Collaboration and Compliance (30%)
- Work closely with the Signpost technology and product
development teams to embed data protection principles into the design and
build of new features and tools.
- Provide technical guidance and recommendations to ensure that
development efforts align with data protection policies and
regulations.
- Facilitate the integration of data protection considerations
into the product development lifecycle, from planning to deployment.
- Collaborate with technology team to implement risk mitigation
measures.
- Quality assurance of data anonymization and Routine review and
audit of data security practices across all major platforms and data
sources used by Signpost, including Meta Business
- Suite, Zendesk Support, Azure SQL Server and Database, Azure
Synapse, Azure Databricks,
- MySQL database, Google accounts, Google Analytics, among
others. Regularly review account access & control for such
platforms.
- Audit user segmentation, account management, and data loss
prevention implementation in Zendesk with Product support team
Data Protection and Policy Development (30%)
- Conduct Data Protection Impact Assessments to identify
potential vulnerabilities and threats to state data and systems and
develop appropriate strategies and implement necessary controls to
mitigate identified risk. Lead the creation and implementation of
comprehensive data protection policies tailored to the needs of the
VR&P program and the Signpost-built technology architecture, ensuring
alignment with global standards.
- Collaborate with partner organizations to establish and
negotiate data sharing and protection agreements that safeguard client
information and comply with US regulations and PRM standards.
- Regularly assess the data protection landscape of the Signpost
system, identifying areas for improvement and developing strategic
solutions.
- Data Protection Compliance (20%) o Collaborate with IRC
procurement and legal about Vendor and Third-Party Risk Management to
perform due diligence, contract review, and ongoing security assessment of
vendors.
- Engage with General Counsel on service or business contracts
under which personal data processing activities are performed.
- Support management of any personal data breach if affecting
clients under the control of CDPO.
- Stakeholder Engagement and Training (10%) o Engage with
various stakeholders, including IRC’s technology team, Data and Data
Protection leadership, and external partners, to advocate for and ensure
adherence to data protection standards.
- Train technical and non-technical staff on principles,
regulations, and practical implementation of Data Protection.
- Audit caseworker processes to ensure security of client
data.
- Strategic Planning and Implementation (10%) o Contribute to
the strategic planning of Signpost’s technology roadmap with a focus on
enhancing data protection and security features.
- Support the Product Lead and Product Manager in prioritizing
and managing development tasks, ensuring that data protection is a key
consideration in all project decisions.
- Review for appropriateness any service or business contracts
under which personal data processing activities are performed.
Work / Educational Experience:
- Knowledge of the data protection and security policies
of companies such as Meta and Google Analytics
- 3-7 years of experience in data protection,
cybersecurity, or a related field, with a strong emphasis on creating and
implementing data protection policies and negotiating data sharing
agreements.
- Experience in technical project management or product
development within a technology-driven environment, preferably with a
focus on service models that support clients in crisis situations.
- Familiarity with conducting Data Protection Impact
Assessments
- Strong technical knowledge of managing data protection
within digital/cloud environments and best practices for data security,
such as within Azure Synapse and Databricks.
- Bachelor’s degree in Computer Science, Information
Security, Data Protection Law, or related disciplines
Required Skills and Competencies:
- Advanced knowledge in administering and securing CRM
systems like Zendesk, with an understanding of user segmentation, account
management, and data loss prevention techniques.
- Working and implementing data security measures within
cloud environments, including best practices for secure data processing
and creating data anonymization within data pipelines.
- Proficiency in Python or similar programming
language
- Experience in risk mitigation and implementing data
protection measures within product development lifecycles, ensuring
compliance with regulations and standards.
- Strong collaboration skills to work with
cross-functional teams, including technology, legal, procurement, and
product management, to embed data protection principles into all aspects
of project and product development.
- Excellent communication skills for training technical
and non-technical staff on data protection principles, regulations, and
practical implementation strategies.
- Ability to train staff of varied technical abilities on
principles of Data Protection
- Ability to perform due diligence, contract review, and
ongoing security assessments of vendors as part of Vendor and Third-Party
Risk Management processes.
Preferred Experience & Skills:
- Certifications in data protection or privacy (e.g.,
CIPP, CIPT, GDPR principles)
- Master’s degree in Computer Science, Information
Security, Data Protection Law, or related disciplines Proficiency in
SQL
- Ability to work with multi-lingual data sets,
specifically knowledge of Spanish, Arabic, Russian, or Pashto
How To Apply