In A Nutshell
Develop and implement a comprehensive data security strategy for DataKind, focusing on our enterprise education and communities platforms and products.
Responsibilities
Data Security Implementation
- Finalize and execute a comprehensive data security strategy aligned with organizational goals, grant deliverables, and product roadmaps.
- Design, implement and maintain data security infrastructure, policies, controls, and procedures across all product environments.
- Create and manage security protocols including data access control, encryption, and data loss prevention.
- Conduct regular data security assessments, vulnerability testing, and risk evaluations.
- Implement data breach response procedures and lead incident investigations when necessary.
Compliance Management
- Set up organization’s implementation of ISO27001 in preparation for a SOC2 audit.
- Ensure organizational adherence to education data privacy regulations including FERPA and GDPR.
- Establish data governance policies that protect student information while enabling product functionality.
- Monitor regulatory changes and update data security practices accordingly.
- Maintain documentation needed for compliance verification and audits.
- Build external partnerships with data security vendors and compliance consultants to extend capabilities.
Cross-Functional Leadership
- Partner with engineering and product teams to integrate data security considerations into the development lifecycle.
- Work closely with the Senior Director, Engineering to align data privacy requirements with technical initiatives.
- Collaborate with Education Partnerships and Customer Success team members to address data security concerns from educational institutions and users.
- Advise executive leadership on data risk management and resource allocation.
- Educate staff across the organization on data protection best practices and compliance requirements.
- Create a scalable data security and compliance function that can grow with organizational needs.
Education-Specific Data Protection
- Develop specialized protocols for protecting student data in educational contexts.
- Enable secure data sharing in compliance with educational privacy requirements.
- Implement age-appropriate data security measures for student-facing applications.
- Build security systems that accommodate the unique data handling needs of educational environments.
Grant Management & Milestone Achievement
- Align data security planning and resource allocation with grant commitments and milestone requirements.
- Make strategic decisions to prioritize security initiatives that fulfill grant obligations while advancing protection goals.
- Establish KPIs and reporting frameworks for data security and compliance functions.
- Establish tracking systems to monitor compliance progress against grant milestones and deliverables.
- Work with leadership to prepare data security components of grant reports and future funding proposals.
- Balance innovation with the disciplined execution required to meet grant-specified security outcomes.
Skillset
- Alignment and enthusiasm for DataKind’s mission and values.
- 8+ years of experience in data security and privacy, with at least 3 years focused on compliance and regulatory requirements.
- Demonstrated experience with education-specific privacy regulations, particularly FERPA.
- Experience directly implementing ISO27001 or a similar data security frameworks in cloud-based software environments.
- Experience with SOC2 audit processes.
- Understanding of security requirements for products handling sensitive student information.
- Networking engineering skills to set up, maintain and document technical security infrastructure.
- Knowledge of secure data handling practices and ability to guide engineering teams.
- Strong project management skills to handle multiple data security initiatives simultaneously.
- Bachelor’s degree in Computer Science, Information Security, Data Management, or related field.