Data Privacy Director
Overview:
AIR is seeking a Data Privacy Director to join its Information Security Office (ISO) team, which is part of the Information Technology group. The Data Privacy Director at AIR will be at the forefront of safeguarding the organization's data privacy and protection. This critical and strategic role involves developing and implementing robust privacy policies, ensuring compliance with various regulations and best practices, and monitoring internal data practices. This position reports to the Head of Information Security and also provides direct access to senior leadership to discuss privacy concerns and risks.
In this role, you'll address data privacy issues throughout pre-award, post-award, and grantmaking processes. As the primary contact for data privacy matters, you'll collaborate with teams such as Legal, Compliance, Information Technology (IT), Human Resources (HR), Corporate Finance, and Program staff to develop and implement policies, ensuring alignment with shared organizational goals and driving positive business outcomes.
This role offers a unique chance to lead and shape AIR's global data privacy landscape, ensuring world-class data protection and compliance. If you are ready to make a significant impact and excel in a fast-paced environment, this role is for you.
This position has the flexibility to work remote from anywhere in the United States or from any of AIR's U.S. office locations. This does not include U.S. territories.
About AIR:
Established in 1946, with headquarters in Arlington, Virginia, AIR is a nonpartisan, not-for-profit organization that conducts behavioral and social science research and delivers technical assistance to solve some of the most urgent challenges in the U.S. and around the world. We advance evidence in the areas of education, health, the workforce, human services, and international development to create a better, more equitable world.
AIR’s commitment to diversity goes beyond legal compliance to its full integration in our strategy, operations, and work environment. At AIR, we define diversity broadly, considering everyone’s unique life and community experiences. We believe that embracing diverse perspectives, abilities/disabilities, racial/ethnic and cultural backgrounds, styles, ages, genders, gender identities and expressions, education backgrounds, and life stories drives innovation and employee engagement. Learn more about AIR's Diversity, Equity, and Inclusion Strategy and hear from our staff by clicking here.
Responsibilities:
Essential job functions include but are not limited to:
- Establish and Maintain Data Privacy Framework:
- Build a strategic and comprehensive privacy program that defines, develops, maintains, and implements policies and procedures to ensure consistent and effective privacy practices.
- Collaborate with key internal collaborators to establish governance for the privacy program and implement measures to manage data use in compliance with the General Data Protection Regulation (GDPR) and other relevant laws.
- Monitor legal and regulatory developments at all levels, especially for government contractors and GDPR requirements in foreign jurisdictions where AIR operates and recommend updates to policies and procedures accordingly.
- Uphold the highest standards of ethical behavior and integrity in all privacy-related matters, with meticulous attention to detail in managing privacy policies, procedures, and compliance requirements.
- Develop and Implement Data Privacy Policies and Procedures:
- Create, implement, and monitor privacy policies and procedures to align with data security policies, while integrating privacy risks into the organization's overall risk management strategy.
- Train staff on data protection protocols, conduct impact assessments, and perform internal risk reviews.
- Primary Point of Contact for Data Privacy:
- Serve as the Data Protection Officer under GDPR when required and liaise with Supervisory Authorities on data protection matters.
- Handle data subject access requests in compliance with relevant laws and advise on Data Protection Impact Assessments (DPIAs).
- Coordinate incident response activities to breaches affecting data subjects, including notification processes, and collaborate with the Cyber Security Incident Response Team (CSIRT).
- Management of Data Privacy Risks:
- Conduct data privacy risk assessments and audits while monitoring compliance with data protection laws and regulations.
- Identify and manage risks associated with data collection, processing, and storage, and implement mitigations.
- Collaborate and partner with teams such as Information Security, IT, Contracts and Grants, Legal, Corporate Finance, HR, and Program staff to maintain compliance and address data privacy issues.
- Advise on meeting data privacy laws during business development and delivery processes, develop and deliver privacy training across business functions, and actively participate in the Data Governance Council.
- Identify, implement, and lead best practices, with a strong focus on change management, while adeptly navigating and adapting to the rapidly evolving landscape of data privacy regulations and technologies.
Education, Knowledge, and Experience:
- Bachelor’s degree required; advanced degree (e.g., JD, MBA, or Master’s in a related field) preferred.
- At minimum, one of the following certifications: Certified Information Privacy Manager (CIPM), Certified Information Privacy Professional/Europe (CIPP/E), or Certified Information Privacy Professional/United States (CIPP/US).
- At least 12 years of relevant experience, with a minimum of 5-8 years of experience in handling data privacy for organizations that collect large volumes of data.
- Experience with process mapping and supporting data privacy impact assessments.
- Extensive knowledge of General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and Health Insurance Portability and Accountability Act (HIPAA).
- Familiarity with privacy regulations such as the Family Educational Rights and Privacy Act (FERPA), Children's Online Privacy Protection Act (COPPA), and various state-level privacy laws.
Skills:
- Effective and persuasive communicator continually demonstrating sensitivity to diversity, equity, and inclusion with cultural and linguistic competence.
- Ability to clearly articulate complex privacy concepts to diverse audiences, including executives, employees, and external collaborators.
- Exhibit accurate judgment in leading initiatives, engaging others and prioritizing tasks effectively.
- Demonstrated excellence in functional, analytical, critical thinking, and problem-solving abilities, combined with strong project management and organizational skills.
- Proven collaboration skills, both independently and as a leader, with a strategic focus on consistently meeting established timelines while effectively prioritizing multiple objectives and projects.
- Leverage extensive experience and sound judgment to interact productively with internal and external collaborators, identifying and resolving risks and performance issues effectively.
- Proficient in utilizing standard Microsoft 365 tools, including OneDrive, SharePoint, Excel, Word, and Adobe Acrobat Pro.
Disclosures:
This position is open to U.S. citizens only. Upon hire, incumbent will be required to obtain clearance through the Electronic Questionnaires for Investigations Processing (e-QIP) system.
Applicants must be currently authorized to work in the U.S. on a full-time basis. Employment-based visa sponsorship (including H-1B sponsorship) is not available for this position. Depending on project work, qualified candidates may need to meet certain residency requirements.
All qualified applicants will receive consideration for employment without discrimination on the basis of age, race, color, religion, sex, gender, gender identity/expression, sexual orientation, national origin, protected veteran status, or disability.
AIR adheres to strict child safeguarding principles. All selected candidates will be expected to adhere to these standards and principles and will therefore undergo reference and background checks.
AIR maintains a drug-free work environment.
Fraudulent Job Scams Warning & Disclaimer:
AIR is aware of individuals falsely presenting themselves as AIR representatives. Fraudulent job scams seek to extract sensitive information or money from victims. To protect yourself, please be aware that AIR recruitment will only email you from an “@air.org” domain. Please take extra caution while examining the email address, for example jdoe@air.org is correct and jdoe@aircareers.org is not a legitimate AIR email address. If you are unsure of the legitimacy of a communication you have received, please reach out to recruitment@air.org.
If you see a job scam, or lose money to one, report it to the Federal Trade Commission (FTC) at ReportFraud.ftc.gov. You can also report it to your state attorney general. Find out more about how to avoid scams at ftc.gov/scams.
#LI-AS1 #LI-Remote #LI-Hybrid
AIR’s Total Rewards Program, is designed to reward our staff competitively and motivate them to achieve our critical mission. This position offers the anticipated annual salary as listed. Salary offers are made based on internal equity within the institution and external equity with competitive markets. Please note this is the annual salary range for candidates that are based in the United States.
Anticipated Annual Salary Range
$179,000 - $187,000 USD
Apply for this job
*
indicates a required field