Director, Data Security & Compliance

Responsibilities

Data Security Implementation

• Finalize and execute a comprehensive data security strategy aligned with organizational goals, grant deliverables, and product roadmaps.
• Design, implement and maintain data security infrastructure, policies, controls, and procedures across all product environments.
• Create and manage security protocols including data access control, encryption, and data loss prevention.
• Conduct regular data security assessments, vulnerability testing, and risk evaluations.
• Implement data breach response procedures and lead incident investigations when necessary.

Compliance Management

• Set up organization’s implementation of ISO27001 in preparation for a SOC2 audit.
• Ensure organizational adherence to education data privacy regulations including FERPA and GDPR.
• Establish data governance policies that protect student information while enabling product functionality.
• Monitor regulatory changes and update data security practices accordingly.
• Maintain documentation needed for compliance verification and audits.
• Build external partnerships with data security vendors and compliance consultants to extend capabilities.

Cross-Functional Leadership

• Partner with engineering and product teams to integrate data security considerations into the development lifecycle.
• Work closely with the Senior Director, Engineering to align data privacy requirements with technical initiatives.
• Collaborate with Education Partnerships and Customer Success team members to address data security concerns from educational institutions and users.
• Advise executive leadership on data risk management and resource allocation.
• Educate staff across the organization on data protection best practices and compliance requirements.
• Create a scalable data security and compliance function that can grow with organizational needs.

Education-Specific Data Protection

• Develop specialized protocols for protecting student data in educational contexts.
• Enable secure data sharing in compliance with educational privacy requirements.
• Implement age-appropriate data security measures for student-facing applications.
• Build security systems that accommodate the unique data handling needs of educational environments.

Grant Management & Milestone Achievement

• Align data security planning and resource allocation with grant commitments and milestone requirements.
• Make strategic decisions to prioritize security initiatives that fulfill grant obligations while advancing protection goals.
• Establish KPIs and reporting frameworks for data security and compliance functions.
• Establish tracking systems to monitor compliance progress against grant milestones and deliverables.
• Work with leadership to prepare data security components of grant reports and future funding proposals.
• Balance innovation with the disciplined execution required to meet grant-specified security outcomes.

Skillset

• Alignment and enthusiasm for DataKind’s mission and values.
• 8+ years of experience in data security and privacy, with at least 3 years focused on compliance and regulatory requirements.
• Demonstrated experience with education-specific privacy regulations, particularly FERPA.
• Experience directly implementing ISO27001 or a similar data security frameworks in cloud-based software environments.
• Experience with SOC2 audit processes.
• Understanding of security requirements for products handling sensitive student information.
• Networking engineering skills to set up, maintain and document technical security infrastructure.
• Knowledge of secure data handling practices and ability to guide engineering teams.
• Strong project management skills to handle multiple data security initiatives simultaneously.
• Bachelor’s degree in Computer Science, Information Security, Data Management, or related field.