45 views

Director, Data Security & Compliance

Remote Data Security Director: United States

About DataKind

DataKind believes data science and AI can transform our future. Indeed, since 2012, we have designed scalable, data-driven tools. Specifically, these tools address global challenges in areas like health, humanitarian action, climate, and education. Therefore, we act as both a product innovator and movement catalyst in the social sector. Ultimately, our work empowers organizations to harness data science and AI, always prioritizing communities.

The Opportunity: Leading as Remote Data Security Director

DataKind is seeking a Remote Data Security Director. This is truly a unique opportunity. It expands a critical function that directly protects vulnerable populations. Furthermore, it enables responsible scaling for our mission-driven educational products. Consequently, the data security and compliance frameworks you implement will be foundational. They will ensure, therefore, that our organization can deliver life-changing educational tools. Moreover, we will maintain the highest standards of data protection.

Reporting to the Vice President, Technology, this Remote Data Security Director role develops and implements a comprehensive data security strategy for DataKind. This particularly focuses on our enterprise education and communities platforms and products. In this critical position, you will establish and oversee DataKind’s ISO27001 implementation. This, in turn, protects sensitive student data. It also ensures compliance with regulations like FERPA, GDPR, SOC2, and other relevant standards. As our organization grows, you will build our data security and compliance function from the ground up. Thus, this lays the groundwork for future expansion as our products scale.

For a data security professional, seeking meaningful impact, this role offers a significant chance. You can apply specialized expertise in a mission-focused environment. Crucially, your work directly safeguards student data. It also enables educational access. You will help lead data security strategy. Additionally, you will work with a passionate team. This team commits to making a difference through technology.

Remote Director, Data Security & Compliance

Location & Compensation for Remote Data Security Director

This is a remote position available anywhere in the U.S. Typically, working hours fall between 8 am and 6 pm Eastern Time.

The salary range is $150,000 – $170,000 annually. However, actual salary within this range depends on the candidate’s experience. It also considers an internal salary equity scan of active employees with similar roles and experience.

Core Responsibilities: Driving Security & Compliance

Data Security Implementation & Strategy

• Finalize and execute a comprehensive data security strategy. This strategy aligns with organizational goals, grant deliverables, and product roadmaps.
• Design, implement, and maintain data security infrastructure, policies, controls, and procedures across all product environments.
• Create and manage security protocols. This includes, for instance, data access control, encryption, and data loss prevention.
• Conduct regular data security assessments, vulnerability testing, and risk evaluations.
• Implement data breach response procedures and lead incident investigations when necessary.

Compliance Management & Oversight

• Set up the organization’s ISO27001 implementation in preparation for a SOC2 audit.
• Ensure organizational adherence to education data privacy regulations, including FERPA and GDPR.
• Establish data governance policies. These policies protect student information while enabling product functionality.
• Monitor regulatory changes and update data security practices accordingly.
• Maintain documentation needed for compliance verification and audits.
• Build external partnerships with data security vendors and compliance consultants to extend capabilities.

Cross-Functional Leadership & Education

• Partner with engineering and product teams. This integrates data security considerations into the development lifecycle.
• Work closely with the Senior Director, Engineering. This aligns data privacy requirements with technical initiatives.
• Collaborate with Education Partnerships and Customer Success team members. This addresses data security concerns from educational institutions and users.
• Advise executive leadership on data risk management and resource allocation.
• Educate staff across the organization on data protection best practices and compliance requirements.
• Create a scalable data security and compliance function. Ultimately, this can grow with organizational needs.

Education-Specific Data Protection Protocols

• Develop specialized protocols for protecting student data in educational contexts.
• Enable secure data sharing in compliance with educational privacy requirements.
• Implement age-appropriate data security measures for student-facing applications.
• Build security systems that accommodate the unique data handling needs of educational environments.

Grant Management & Strategic Milestones

• Align data security planning and resource allocation with grant commitments and milestone requirements.
• Make strategic decisions. These decisions prioritize security initiatives that fulfill grant obligations while advancing protection goals.
• Establish tracking systems. These systems monitor compliance progress against grant milestones and deliverables.
• Work with leadership. This involves preparing data security components of grant reports and future funding proposals.
• Balance innovation with disciplined execution. This balance is required to meet grant-specified security outcomes.

Qualifications: Your Expertise as a Data Security Leader

Required Skills & Experience

• Aligns with and demonstrates enthusiasm for DataKind’s mission and values.
• Possesses 8+ years of experience in data security and privacy. Notably, at least 3 years focus on compliance and regulatory requirements.
• Has demonstrated experience with education-specific privacy regulations, particularly FERPA.
• Shows experience directly implementing ISO27001 or similar data security frameworks in cloud-based software environments.
• Has experience with SOC2 audit processes.
• Understands security requirements for products handling sensitive student information.
• Applies networking engineering skills to set up, maintain, and document technical security infrastructure.
• Holds knowledge of secure data handling practices and the ability to guide engineering teams.
• Possesses strong project management skills to handle multiple data security initiatives simultaneously.
• Holds a Bachelor’s degree in Computer Science, Information Security, Data Management, or a related field.

Preferred Qualifications & Certifications

• Demonstrated experience guiding staff through implementing new security requirements. This includes, for example, developing training materials, providing hands-on support, and ensuring consistent adoption of updated policies and procedures.
• Has a background in educational technology or working with educational institutions.
• Possesses knowledge of COPPA, PPRA, TX-RAMP, state-specific student privacy laws, and other education regulations.
• Holds certifications such as CIPM, CIPP/E, CISSP, CISM, or equivalent.
• Shows experience building data security and compliance functions from scratch in growing organizations.
• Is familiar with data security automation tools and processes.
• Has a working knowledge of GDPR and other international data protection standards.
• Holds a Master’s degree in Cybersecurity, Data Privacy, Information Assurance, or a related field.

Why Work with DataKind

At DataKind, we believe that people are the most important asset for delivering on our mission. Therefore, as a people-first remote organization, we offer the following for all employees:

• Flexibility and Time Off: Enjoy genuine flexibility beyond adjustable hours. Indeed, we build in shared time off, organization-wide recharge days, bi-weekly meeting-free days, and flexible PTO (with a minimum of 20 vacation days encouraged annually).
• Comprehensive Wellness Support: We care for your total well-being. This includes 100% employer-paid medical, vision, and dental benefits for employees (72% for dependents). Furthermore, we offer a wellness reimbursement program for your activities and purchases, plus 12 weeks of paid parental leave.
• A Culture of Growth: Every team member receives professional development funding each year. This comes alongside mentorship and advancement opportunities. Moreover, we invest in your future with a 401(k) plan with 5% employer matching.
• Meaningful Connection: Despite being distributed across time zones, we value coming together in person. This happens for conferences, strategic planning, and our annual staff retreat.
• Living Our Values: DataKind commits to a diverse, equitable, and inclusive work environment. This is evident in our daily work and via special initiatives driven by our DEI Steering Committee.

Encouraging Applicants of All Backgrounds

We encourage people from all backgrounds to apply. This especially includes people of color, people with disabilities, veterans, and members of the LGBTQ+ community.

DataKind is an equal opportunity employer. Employment decisions are made without regard to race, color, religion, national or ethnic origin, sex, sexual orientation, gender identity or expression, age, disability, protected veteran status, genetic information, pregnancy, or any other category/characteristics protected by law. Regardless of one’s background, all roles must value and advocate for inclusion and equity.

Applicants must have a U.S.-based permanent address. They must also be currently authorized to work in the United States on a full-time basis indefinitely without employer visa sponsorship.

Apply now: https://unjobs.org/vacancies/1752946258469

Frequently Asked Questions (FAQs) for the Remote Data Security Director

Q1: What is the primary focus of the Remote Data Security Director role? A1: This role primarily focuses on developing and implementing a comprehensive data security strategy for DataKind. It particularly emphasizes protecting sensitive student data, ensuring compliance with regulations like FERPA, GDPR, and SOC2, and building the organization’s data security function from the ground up as a Remote Data Security Director.

Q2: Is this a remote position, and are there any location restrictions? A2: Yes, this is a fully remote position that can be based anywhere in the United States. Therefore, candidates must have a U.S.-based permanent address and be authorized to work in the U.S. indefinitely without visa sponsorship.

Q3: What level of experience and specific qualifications does DataKind require for this Director role? A3: DataKind requires 8+ years of experience in data security and privacy, with at least 3 years focused on compliance. Candidates must have demonstrated experience with FERPA, ISO27001 implementation, and SOC2 audit processes, along with networking engineering skills and a Bachelor’s degree in a relevant field.

Q4: What is the salary range for this Remote Data Security Director position? A4: The annual salary range for the Remote Data Security Director role is $150,000 – $170,000. The exact salary within this range depends on the candidate’s experience and an internal equity review.

Q5: How does this role contribute to DataKind’s mission? A5: This role is critical to DataKind’s mission by directly protecting vulnerable populations and enabling the responsible scaling of their educational products. Ultimately, your work safeguards sensitive student data, ensuring that life-changing educational tools can be delivered while maintaining the highest data protection standards.