Data Protection Officer

The remote and pioneering nature of this project requires a Data Protection Officer who is able to create and enforce data protection policies, negotiate data sharing and protection agreements with partner organizations, and provide technical recommendations and user stories to product development team within the Signpost technology team to ensure actionable compliance to regulation. Signpost, a rapidly scaling community-led information service that uses technology to support clients in times of crisis, has built a system in Zendesk will equip VR&P case staff with digital tools, channels and social media. This role will begin with an assessment of the current state of data protection within Signpost’s digital infrastructure, develop policy for VR&P that is modular to the global program, and onboard new partner organizations to systems in compliant ways. This role will need to embed with technology development and product teams to ensure policies are being executed in development, offer suggested development interventions, and work alongside product management staff to design new data protection builds. While the candidate should have familiarity with data protection regulation in the United States and Europe, we will prioritize candidates with technical competency. This staff member will engage stakeholders within the 15 person technology team, IRC HQ Data and Data Protection leadership, and VR&P partner networks. 

 Major Responsibilities:  

Technical Collaboration and Compliance (30%)

• Work closely with the Signpost technology and product development teams to embed data protection principles into the design and build of new features and tools.
• Provide technical guidance and recommendations to ensure that development efforts align with data protection policies and regulations.
• Facilitate the integration of data protection considerations into the product development lifecycle, from planning to deployment.
• Collaborate with technology team to implement risk mitigation measures.
• Quality assurance of data anonymization and Routine review and audit of data security practices across all major platforms and data sources used by Signpost, including Meta Business
• Suite, Zendesk Support, Azure SQL Server and Database, Azure Synapse, Azure Databricks,
• MySQL database, Google accounts, Google Analytics, among others. Regularly review account access & control for such platforms.
• o Audit user segmentation, account management, and data loss prevention implementation in Zendesk with Product support team

Data Protection and Policy Development (30%)

• Conduct Data Protection Impact Assessments to identify potential vulnerabilities and threats to state data and systems and develop appropriate strategies and implement necessary controls to mitigate identified risk. Lead the creation and implementation of comprehensive data protection policies tailored to the needs of the VR&P program and the Signpost-built technology architecture, ensuring alignment with global standards.
• Collaborate with partner organizations to establish and negotiate data sharing and protection agreements that safeguard client information and comply with US regulations and PRM standards.
• Regularly assess the data protection landscape of the Signpost system, identifying areas for improvement and developing strategic solutions.

Data Protection Compliance (20%) o Collaborate with IRC procurement and legal about Vendor and Third-Party Risk Management to perform due diligence, contract review, and ongoing security assessment of vendors. 

• Engage with General Counsel on service or business contracts under which personal data processing activities are performed.
• Support management of any personal data breach if affecting clients under the control of CDPO.

Stakeholder Engagement and Training (10%) o Engage with various stakeholders, including IRC’s technology team, Data and Data Protection leadership, and external partners, to advocate for and ensure adherence to data protection standards. 

• Train technical and non-technical staff on principles, regulations, and practical implementation of Data Protection.
• Audit caseworker processes to ensure security of client data.

Strategic Planning and Implementation (10%) o Contribute to the strategic planning of Signpost’s technology roadmap with a focus on enhancing data protection and security features. 

• Support the Product Lead and Product Manager in prioritizing and managing development tasks, ensuring that data protection is a key consideration in all project decisions.
• Review for appropriateness any service or business contracts under which personal data processing activities are performed.

 Work / Educational Experience: 

• Knowledge of the data protection and security policies of companies such as Meta and Google Analytics
• 3-7 years of experience in data protection, cybersecurity, or a related field, with a strong emphasis on creating and implementing data protection policies and negotiating data sharing agreements.
• Experience in technical project management or product development within a technology-driven environment, preferably with a focus on service models that support clients in crisis situations.
• Familiarity with conducting Data Protection Impact Assessments
• Strong technical knowledge of managing data protection within digital/cloud environments and best practices for data security, such as within Azure Synapse and Databricks.
• Bachelor’s degree in Computer Science, Information Security, Data Protection Law, or related disciplines

Source: https://careers.rescue.org/us/en/job/req52374/Data-Protection-Officer