Data Protection & Privacy Technologist at Mercy Corps

The Position 

• As the Data Protection and Privacy Technologist, your primary mission would be to: 
  • act as system owner for our two primary data protection platforms (OneTrust, and Proofpoint) with an emphasis on configuring user roles and establishing workflows.
  • Partner in developing solutions to improve the use of technology at Mercy Corps to ensure the highest standards of data protection and privacy.
  • play an active role in developing data protection and privacy throughout the organization. We are looking for a skilled technologist with an entrepreneurial spirit who wants to help our team grow and define their role.
  • contribute to compliance frameworks such as CIS or Microsoft Purview and make appropriate enhancements or troubleshoot technical issues as needed.
• As a member of DPP, you will help the team think strategically about the roles that technology can play in making data protection and privacy actions easier for staff including leveraging the potential of Microsoft tools such as PowerApps to facilitate responsible data practices for country teams.

Essential Responsibilities 

• Act as system owner for OneTrust, Proofpoint, and contribute to compliance frameworks in M365. 
• Maintain DPP’s PowerBI dashboard and help create new dashboard products to help prioritize DPP’s work.
• Develop, implement, and maintain data protection-related policies, procedures and associated training plans for a range of software (examples include Ona, Commcare, PowerBI, and messaging apps).
• Serve as a subject matter expert and provide internal consulting to teams who are building their own technical workflows or bespoke applications. 
• Perform privacy impact assessments on new technologies.
• Provide direction and guidance for implementation of best practices as they pertain to data protection and privacy technology.
• Analyze Data Protection and Privacy needs of the organization, particularly at the regional level, and identify opportunities for improvement. 
• Provide stakeholders with accurate, timely and relevant information to enable informed decisions.
• Lead or co-lead regional working group meetings, trainings and other calls with DPP.
• Create or co-create responsible data program materials, documentation and templates.

Minimum Qualification & Transferable Skills 

• Bachelor's degree in a related field (Information Security, Computer Science, Law, Cybersecurity or equivalent)
• 4+ years of project management, stakeholder management, and business analysis in IT, compliance, cybersecurity, or related field.
• 3+ years of demonstrated experience with data protection, privacy or responsible data activities, or data management, preferably with a compliance focus or in a humanitarian context.
• Experience with digital security awareness topics and best practices and/or implementing regulations such as GDPR, NDPR, CCPA, HIPAA or frameworks such as NIST, ISO, etc.
• Experience working in a diverse global organization. Humanitarian experience is preferred
• Experience creating and maintaining dashboards in Power BI is preferred.
• IAPP certification or similar is preferred. 
• Experience with GSuite (Google) and Microsoft 365 is preferred.
• Fluency in English is required. Fluency in Spanish, Arabic, or Asian languages is strongly preferred.
• Effective written and oral communication and the ability to present technical material to a wide variety of audiences, including non-technical audiences. 
• Be able to run working groups and meetings in an entirely online environment. As a remote team, the ability to connect online and build consensus with each other and with stakeholders to help drive change is critical. 
• Be detailed oriented and well organized.
• Prioritize communication, collaboration, and teamwork. 

What makes an ideal candidate?

• Our work spans the domains of technology, legal, compliance, and training: everybody on the team contributes something unique. We are looking for self-motivated people who prioritize collaboration and who are willing to take on new challenges. You may not have in-depth experience in every single thing on our list, but you are willing to learn and can make a clear case for how your experience is a good fit and provide examples of successfully taking on new technical or compliance challenges. This is a growth position, and we want to invest in someone who can contribute to humanitarian data protection over the long-term. Examples of our current projects include Mercy Corps’ Responsible Data Toolkit or the Data Protection and Privacy Guides. 
• Other helpful skills include successful project management experience and the ability to manage multiple projects simultaneously. A strong background in IT management and privacy; demonstrated experience applying security or privacy practices to ICT4D programs or data analysis pipelines.