Data Protection Officer

July 8, 2024

Apply for this job

Deadline date:

Job Description

ob Description/Requirements

Requisition ID:  req52505

Job Title:  Data Protection Officer

Sector:  Operations

Employment Category:  Fixed Term

Employment Type:  Full-Time

Compensation:  GBP 40, – 58, Annually

Location:  Nairobi, IHUB, Kenya

Work Arrangement: Fully Remote

Job Description

Background/IRC Summary: From March 2022 – March 2023, the International Rescue Committee launched and implemented a first-of-its-kind service model for the resettlement of 556 Afghan Humanitarian Parolees (AHPs) who arrived through Operation Allies Welcome. Via a comprehensive and personalized virtual case management model, the Virtual Afghan Placement and Assistance (VAPA) program provided per capita direct assistance, client-led case management, and resources and referrals for the successful resettlement of these new arrivals. Building off of this award-winning program, the IRC now implements the Virtual Reception & Placement (VR&P) program for Special Immigrant Visa (SIV) holders, the Virtual Resettlement Line for humanitarian parolees, and the Welcome Corps Support Line for private sponsor groups welcoming newcomers through the Welcome Corps. Using the model developed during VAPA and further advanced for the current iteration of the VR&P program, the International Rescue Committee (IRC) aims to meet the ambitious goal of receiving and resettling up to 10,000 individuals in FY24 from the Western Hemisphere and Operation Enduring Welcome platforms. This project will include coordinating steps overseas, partnering with a variety of stakeholders across the United States, and effectively establishing relationships in a virtual setting.

Job Overview/Summary:  The remote and pioneering nature of this project requires a Data Protection Officer who is able to create and enforce data protection policies, negotiate data sharing and protection agreements with partner organizations, and provide technical recommendations and user stories to product development team within the Signpost technology team to ensure actionable compliance to regulation. Signpost, a rapidly scaling community-led information service that uses technology to support clients in times of crisis, has built a system in Zendesk will equip VR&P case staff with digital tools, channels and social media. This role will begin with an assessment of the current state of data protection within Signpost’s digital infrastructure, develop policy for VR&P that is modular to the global program, and onboard new partner organizations to systems in compliant ways. This role will need to embed with technology development and product teams to ensure policies are being executed in development, offer suggested development interventions, and work alongside product management staff to design new data protection builds. While the candidate should have familiarity with data protection regulation in the United States and Europe, we will prioritize candidates with technical competency. This staff member will engage stakeholders within the 15 person technology team, IRC HQ Data and Data Protection leadership, and VR&P partner networks.  Major Responsibilities: •Technical Collaboration and Compliance (30%)
o Work closely with the Signpost technology and product development teams to embed data protection principles into the design and build of new features and tools. oProvide technical guidance and recommendations to ensure that development efforts align with data protection policies and regulations. oFacilitate the integration of data protection considerations into the product development lifecycle, from planning to deployment. oCollaborate with technology team to implement risk mitigation measures. oQuality assurance of data anonymization and Routine review and audit of data security practices across all major platforms and data sources used by Signpost, including Meta Business Suite, Zendesk Support, Azure SQL Server and Database, Azure Synapse, Azure Databricks, MySQL database, Google accounts, Google Analytics, among others. Regularly review account access & control for such platforms. oAudit user segmentation, account management, and data loss prevention implementation in Zendesk with Product support team 
•Data Protection and Policy Development (30%)
o Conduct Data Protection Impact Assessments to identify potential vulnerabilities and threats to state data and systems and develop appropriate strategies and implement necessary controls to mitigate identified risk. Lead the creation and implementation of comprehensive data protection policies tailored to the needs of the VR&P program and the Signpost-built technology architecture, ensuring alignment with global standards. oCollaborate with partner organizations to establish and negotiate data sharing and protection agreements that safeguard client information and comply with US regulations and PRM standards. oRegularly assess the data protection landscape of the Signpost system, identifying areas for improvement and developing strategic solutions.
•Data Protection Compliance (20%) o Collaborate with IRC procurement and legal about Vendor and Third-Party Risk Management to perform due diligence, contract review, and ongoing security assessment of vendors. oEngage with General Counsel on service or business contracts under which personal data processing activities are performed. oSupport management of any personal data breach if affecting clients under the control of CDPO. 
•Stakeholder Engagement and Training (10%) o Engage with various stakeholders, including IRC’s technology team, Data and Data Protection leadership, and external partners, to advocate for and ensure adherence to data protection standards. oTrain technical and non-technical staff on principles, regulations, and practical implementation of Data Protection. oAudit caseworker processes to ensure security of client data. 
•Strategic Planning and Implementation (10%) o Contribute to the strategic planning of Signpost’s technology roadmap with a focus on enhancing data protection and security features. oSupport the Product Lead and Product Manager in prioritizing and managing development tasks, ensuring that data protection is a key consideration in all project decisions. Review for appropriateness any service or business contracts under which personal data processing activities are performed. 

Work / Educational Experience:  •Knowledge of the data protection and security policies of companies such as Meta and Google Analytics •3-7 years of experience in data protection, cybersecurity, or a related field, with a strong emphasis on creating and implementing data protection policies and negotiating data sharing agreements. •Experience in technical project management or product development within a technology-driven environment, preferably with a focus on service models that support clients in crisis situations. •Familiarity with conducting Data Protection Impact Assessments •Strong technical knowledge of managing data protection within digital/cloud environments and best practices for data security, such as within Azure Synapse and Databricks. •Bachelor’s degree in Computer Science, Information Security, Data Protection Law, or related disciplines 

Required Skills and Competencies:  •Advanced knowledge in administering and securing CRM systems like Zendesk, with an understanding of user segmentation, account management, and data loss prevention techniques. •Working and implementing data security measures within cloud environments, including best practices for secure data processing and creating data anonymization within data pipelines. •Proficiency in Python or similar programming language •Experience in risk mitigation and implementing data protection measures within product development lifecycles, ensuring compliance with regulations and standards. •Strong collaboration skills to work with cross-functional teams, including technology, legal, procurement, and product management, to embed data protection principles into all aspects of project and product development. •Excellent communication skills for training technical and non-technical staff on data protection principles, regulations, and practical implementation strategies. •Ability to train staff of varied technical abilities on principles of Data Protection •Ability to perform due diligence, contract review, and ongoing security assessments of vendors as part of Vendor and Third-Party Risk Management processes.

 Preferred Experience & Skills:  •Certifications in data protection or privacy (, CIPP, CIPT, GDPR principles) •Master’s degree in Computer Science, Information Security, Data Protection Law, or related disciplines • Proficiency in SQL •Ability to work with multi-lingual data sets, specifically knowledge of Spanish, Arabic, Russian, or Pashto

 Working Environment: •Remote Compensation: Posted pay ranges apply to UK-based candidates. Ranges are based on various factors including the labor market, job type, internal equity, and budget. Exact offers are calibrated by work location, individual candidate experience and skills relative to the defined job requirements. #LI-FC1#LI-REMOTE