Data Protection & Privacy Technologist - US or UK

Mercy Corps is powered by the belief that a better world is possible. To do this, we know our teams do their best work when they are diverse and every team member feels that they belong. We welcome diverse backgrounds, perspectives, and skills so that we can be stronger and have long term impact.

About the Data Protection & Privacy Team
We are a proactive and forward-thinking unit who is taking humanitarian data protection and privacy to the next level of maturity and scalability. Data protection is people protection and the mission of the Data Protection and Privacy team (DPP) is to build capacity for implementing responsible data practices throughout Mercy Corps in support of our commitments to safeguarding, protecting, and “doing no harm.” Our primary objective is to provide policies, tools, and training to Mercy Corps staff so that they can manage risks to data that the organization is entrusted with and build trust with program participants, the communities in which Mercy Corps works, partners, and donors. We work closely with other IT staff including cybersecurity experts and system administrators as well as stakeholders in compliance and legal departments and our country offices around the globe.

DPP Core Values

• Diversity: DPP is composed of individuals with a range of lived and professional experience, which makes us better suited to working in a global context where differences in culture, regulatory environments, and priorities mean embracing difference while working towards common goals. We welcome applications from LGBTQIA+, BIPOC, and female identifying candidates as well as those who come from, or are located in, the countries in which Mercy Corps works.
• Commitment to safeguarding and the humanitarian principle of doing no harm.
• Ethical use of personally identifiable information that is collected, managed, or shared in the course of our work.
• Adaptability: we are committed to balancing the various needs of regional and country staff to improve data protection and privacy. We are committed to Mercy Corps’ localization agenda and make every effort to create practical, accessible, material to support our goals.
• Innovation and working with change-makers to test, co-create, and scale more effective responsible data solutions in an era of exponentially growing technology.

  The Position
  As the Data Protection and Privacy Technologist, your primary mission would be to:

  • act as system owner for our two primary data protection platforms (OneTrust, and Proofpoint) with an emphasis on configuring user roles and establishing workflows.
  • Partner in developing solutions to improve the use of technology at Mercy Corps to ensure the highest standards of data protection and privacy.
  • play an active role in developing data protection and privacy throughout the organization. We are looking for a skilled technologist with an entrepreneurial spirit who wants to help our team grow and define their role.
  • contribute to compliance frameworks such as CIS or Microsoft Purview and make appropriate enhancements or troubleshoot technical issues as needed.

    As a member of DPP, you will help the team think strategically about the roles that technology can play in making data protection and privacy actions easier for staff including leveraging the potential of Microsoft tools such as PowerApps to facilitate responsible data practices for country teams.

    Essential Responsibilities

    • Act as system owner for OneTrust, Proofpoint, and contribute to compliance frameworks in M365.
    • Maintain DPP’s PowerBI dashboard and help create new dashboard products to help prioritize DPP’s work.
    • Develop, implement, and maintain data protection-related policies, procedures and associated training plans for a range of software (examples include Ona, Commcare, PowerBI, and messaging apps).
    • Serve as a subject matter expert and provide internal consulting to teams who are building their own technical workflows or bespoke applications.
    • Perform privacy impact assessments on new technologies.
    • Provide direction and guidance for implementation of best practices as they pertain to data protection and privacy technology.
    • Analyze Data Protection and Privacy needs of the organization, particularly at the regional level, and identify opportunities for improvement.
    • Provide stakeholders with accurate, timely and relevant information to enable informed decisions.
    • Lead or co-lead regional working group meetings, trainings and other calls with DPP.
    • Create or co-create responsible data program materials, documentation and templates.

      Minimum Qualification & Transferable Skills

      • Bachelor's degree in a related field (Information Security, Computer Science, Law, Cybersecurity or equivalent)
      • 4+ years of project management, stakeholder management, and business analysis in IT, compliance, cybersecurity, or related field.
      • 3+ years of demonstrated experience with data protection, privacy or responsible data activities, or data management, preferably with a compliance focus or in a humanitarian context.
      • Experience with digital security awareness topics and best practices and/or implementing regulations such as GDPR, NDPR, CCPA, HIPAA or frameworks such as NIST, ISO, etc.
      • Experience working in a diverse global organization. Humanitarian experience is preferred
      • Experience creating and maintaining dashboards in Power BI is preferred.
      • IAPP certification or similar is preferred.
      • Experience with GSuite (Google) and Microsoft 365 is preferred.
      • Fluency in English is required. Fluency in Spanish, Arabic, or Asian languages is strongly preferred.
      • Effective written and oral communication and the ability to present technical material to a wide variety of audiences, including non-technical audiences.
      • Be able to run working groups and meetings in an entirely online environment. As a remote team, the ability to connect online and build consensus with each other and with stakeholders to help drive change is critical.
      • Be detailed oriented and well organized.
      • Prioritize communication, collaboration, and teamwork.

        What makes an ideal candidate?
        Our work spans the domains of technology, legal, compliance, and training: everybody on the team contributes something unique. We are looking for self-motivated people who prioritize collaboration and who are willing to take on new challenges. You may not have in-depth experience in every single thing on our list, but you are willing to learn and can make a clear case for how your experience is a good fit and provide examples of successfully taking on new technical or compliance challenges. This is a growth position, and we want to invest in someone who can contribute to humanitarian data protection over the long-term. Examples of our current projects include Mercy Corps’ Responsible Data Toolkit or the Data Protection and Privacy Guides.

        Other helpful skills include successful project management experience and the ability to manage multiple projects simultaneously. A strong background in IT management and privacy; demonstrated experience applying security or privacy practices to ICT4D programs or data analysis pipelines.
        
        Supervisory Responsibility: None
        
        Accountability:
        Reports Directly To: Director, Global Data Protection and Privacy
        
        Accountability to Participants and Stakeholders
        Mercy Corps team members are expected to support all efforts toward accountability, specifically to our program participants, community partners, other stakeholders, and to international standards guiding international relief and development work. We are committed to actively engaging communities as equal partners in the design, monitoring and evaluation of our field projects.

        Success Factors
        Ability to work independently and collaboratively with multi-disciplinary teams. Ability to quickly understand the business issues and data challenges of the organization. Effective verbal and written communication skills. Ability to communicate business cases and build consensus. Ability to conceptualize and design new processes and identify how changes will impact current processes. Adept at proposing options for managing change in a cost-effective manner.

        Living Conditions / Environmental Conditions
        The position is 100% remote and does not need to be based near a Mercy Corps office, however you must reside in a country where Mercy Corps maintains an office. The position will support global stakeholders and will often require work outside of a traditional schedule to accommodate time zone differences. Preferred business hours: 7am - 4pm UTC.
        
        Ongoing Learning
        In support of our belief that learning organizations are more effective, efficient and relevant to the communities we serve, we empower all team members to dedicate 5% of their time to learning activities that further their personal and/or professional growth and development

        Diversity, Equity & Inclusion
        Achieving our mission begins with how we build our team and work together. Through our commitment to enriching our organization with people of different origins, beliefs, backgrounds, and ways of thinking, we are better able to leverage the collective power of our teams and solve the world’s most complex challenges. We strive for a culture of trust and respect, where everyone contributes their perspectives and authentic selves, reaches their potential as individuals and teams, and collaborates to do the best work of their lives. We recognize that diversity and inclusion is a journey, and we are committed to learning, listening and evolving to become more diverse, equitable and inclusive than we are today.

        Equal Employment Opportunity
        Mercy Corps is an equal opportunity employer that does not tolerate discrimination on any basis. We actively seek out diverse backgrounds, perspectives, and skills so that we can be collectively stronger and have sustained global impact.

        We are committed to providing an environment of respect and psychological safety where equal employment opportunities are available to all. We do not engage in or tolerate discrimination on the basis of race, color, gender identity, gender expression, religion, age, sexual orientation, national or ethnic origin, disability (including HIV/AIDS status), marital status, military veteran status or any other protected group in the locations where we work.

        Safeguarding & EthicsMercy Corps is committed to ensuring that all individuals we come into contact with through our work, whether team members, community members, program participants or others, are treated with respect and dignity. We are committed to the core principles regarding prevention of sexual exploitation and abuse laid out by the UN Secretary General and IASC. We will not tolerate child abuse, sexual exploitation, abuse, or harassment by or of our team members. As part of our commitment to a safe and inclusive work environment, team members are expected to conduct themselves in a professional manner, respect local laws and customs, and to adhere to Mercy Corps Code of Conduct Policies and values at all times. Team members are required to complete mandatory Code of Conduct elearning courses upon hire and on an annual basis.
        

        As a safeguarding measure, Mercy Corps screens all potential US-Based employees. This is done following the conclusion of recruitment and prior to assuming full employment.

        📚 𝗗𝗶𝘀𝗰𝗼𝘃𝗲𝗿 𝗛𝗼𝘄 𝘁𝗼 𝗚𝗲𝘁 𝗮 𝗝𝗼𝗯 𝗶𝗻 𝘁𝗵𝗲 𝗨𝗡 𝗶𝗻 𝟮𝟬𝟮𝟯! 🌍🤝 𝗥𝗲𝗮𝗱 𝗼𝘂𝗿 𝗡𝗘𝗪 𝗥𝗲𝗰𝗿𝘂𝗶𝘁𝗺𝗲𝗻𝘁 𝗚𝘂𝗶𝗱𝗲 𝘁𝗼 𝘁𝗵𝗲 𝗨𝗡 𝟮𝟬𝟮𝟯 𝘄𝗶𝘁𝗵 𝘁𝗲𝘀𝘁 𝘀𝗮𝗺𝗽𝗹𝗲𝘀 𝗳𝗼𝗿 𝗨𝗡𝗛𝗖𝗥, 𝗪𝗙𝗣, 𝗨𝗡𝗜𝗖𝗘𝗙, 𝗨𝗡𝗗𝗦𝗦, 𝗨𝗡𝗙𝗣𝗔, 𝗜𝗢𝗠 𝗮𝗻𝗱 𝗼𝘁𝗵𝗲𝗿𝘀! 🌐

        ⚠️ 𝐂𝐡𝐚𝐧𝐠𝐞 𝐘𝐨𝐮𝐫 𝐋𝐢𝐟𝐞 𝐍𝐨𝐰: 𝐏𝐨𝐰𝐞𝐫𝐟𝐮𝐥 𝐓𝐞𝐜𝐡𝐧𝐢𝐪𝐮𝐞𝐬 𝐡𝐨𝐰 𝐭𝐨 𝐠𝐞𝐭 𝐚 𝐣𝐨𝐛 𝐢𝐧 𝐭𝐡𝐞 𝐔𝐧𝐢𝐭𝐞𝐝 𝐍𝐚𝐭𝐢𝐨𝐧𝐬 𝐍𝐎𝐖!

        Our screening process is designed to be transparent and completed in partnership with new Team Members. You will have the opportunity to disclose any prior convictions at the conclusion of the recruitment process before the check is initiated. We ask that you do not disclose any prior convictions in your application materials or during the recruitment process.

        Covid-19 Vaccine Policy for US-Based Employees

        Mercy Corps has determined that, in an effort to protect the health, safety, and well-being of all Mercy Corps employees working in the United States, all U.S.-based employees must be fully vaccinated for COVID-19, regardless of prior COVID-19 infection status. This policy is necessary to ensure not only the safety of our workforce, but the ongoing functionality of the organization.

        This policy will be revised as needed to comply with federal, state, and local requirements, and to respond to changing guidance from public health authorities.

        For new employees this requirement goes into effect within 10 business days of employment. Team members that travel are expected to comply with host-country requirements, including vaccinations. Failure to comply may impact your employment. Proof of vaccination or exemption must be provided.