Director, Data Security & Compliance (Remote)

DataKind is looking for a Director, Data Security & Compliance!

DataKind is seeking a Director, Data Security and Compliance! This is a unique opportunity to expand a critical function that directly protects vulnerable populations and enables our mission-driven educational products to scale responsibly. The data security and compliance frameworks you implement will be foundational to our organization's ability to deliver life-changing educational tools while maintaining the highest standards of data protection. 

About the Opportunity

Reporting to the Vice President, Technology, this role will develop and implement a comprehensive data security strategy for DataKind, focusing on our enterprise education and communities platforms and products. In this critical role, you'll establish and oversee DataKind’s implementation of IS27001 to protect sensitive student data while ensuring compliance with regulations including FERPA, GDPR, SOC2, and other relevant standards. As our organization grows, you'll build our Data Security and Compliance from the ground up, creating and laying the groundwork for future expansion as our products scale.

For a data security professional seeking meaningful impact, this role offers the chance to apply specialized expertise in a mission-focused environment where your work directly safeguards student data and enables educational access. You will help lead data security strategy while working with a passionate team committed to making a difference through technology.

Location

Remote position available anywhere in the U.S. with working hours primarily between 8am-6pm Eastern Time.

Salary Range

The salary range is $150,000 - $170,000.

Actual salary within this range will be based on the candidate’s experience and an internal salary equity scan of active employee(s) with similar roles and experience. 

Core Responsibilities:

Data Security Implementation

• Finalize and execute a comprehensive data security strategy aligned with organizational goals, grant deliverables, and product roadmaps
• Design, implement and maintain data security infrastructure, policies, controls, and procedures across all product environments
• Create and manage security protocols including data access control, encryption, and data loss prevention
• Conduct regular data security assessments, vulnerability testing, and risk evaluations
• Implement data breach response procedures and lead incident investigations when necessary

Compliance Management

• Set up organization’s implementation of ISO27001 in preparation for a SOC2 audit 
• Ensure organizational adherence to education data privacy regulations including FERPA and GDPR
• Establish data governance policies that protect student information while enabling product functionality
• Monitor regulatory changes and update data security practices accordingly
• Maintain documentation needed for compliance verification and audits
• Build external partnerships with data security vendors and compliance consultants to extend capabilities

Cross-Functional Leadership

• Partner with engineering and product teams to integrate data security considerations into the development lifecycle
• Work closely with the Senior Director, Engineering to align data privacy requirements with technical initiatives
• Collaborate with Education Partnerships and Customer Success team members to address data security concerns from educational institutions and users
• Advise executive leadership on data risk management and resource allocation
• Educate staff across the organization on data protection best practices and compliance requirements
• Create a scalable data security and compliance function that can grow with organizational needs

Education-Specific Data Protection

• Develop specialized protocols for protecting student data in educational contexts
• Enable secure data sharing in compliance with educational privacy requirements
• Implement age-appropriate data security measures for student-facing applications
• Build security systems that accommodate the unique data handling needs of educational environments

Grant Management & Milestone Achievement

• Align data security planning and resource allocation with grant commitments and milestone requirements
• Make strategic decisions to prioritize security initiatives that fulfill grant obligations while advancing protection goals
• Establish KPIs and reporting frameworks for data security and compliance functions
• Establish tracking systems to monitor compliance progress against grant milestones and deliverables
• Work with leadership to prepare data security components of grant reports and future funding proposals
• Balance innovation with the disciplined execution required to meet grant-specified security outcomes

Qualifications 

Required

• Alignment and enthusiasm for DataKind’s mission and values
• 8+ years of experience in data security and privacy, with at least 3 years focused on compliance and regulatory requirements
• Demonstrated experience with education-specific privacy regulations, particularly FERPA
• Experience directly implementing ISO27001 or a similar data security frameworks in cloud-based software environments
• Experience with SOC2 audit processes
• Understanding of security requirements for products handling sensitive student information
• Networking engineering skills to set up, maintain and document technical security infrastructure 
• Knowledge of secure data handling practices and ability to guide engineering teams
• Strong project management skills to handle multiple data security initiatives simultaneously
• Bachelor's degree in Computer Science, Information Security, Data Management, or related field

Preferred

• Demonstrated experience guiding staff through the implementation of new security requirements, including developing training materials, providing hands-on support, and ensuring consistent adoption of updated policies and procedures.
• Background in educational technology or working with educational institutions
• Knowledge of COPPA, PPRA, TX-RAMP, state-specific student privacy laws, and other education regulations
• Certifications such as CIPM, CIPP/E, CISSP, CISM, or equivalent
• Experience building data security and compliance functions from scratch in growing organizations
• Familiarity with data security automation tools and processes
• Working knowledge of GDPR and other international data protection standards
• Master's degree in Cybersecurity, Data Privacy, Information Assurance, or related field

About DataKind

At DataKind, we believe in the transformative power of data science and AI to create a more promising future. Since our founding in 2012, we’ve been at the forefront of designing scalable, data-driven tools that address some of the world’s toughest challenges—ranging from frontline health, humanitarian action, climate and environment, economic opportunity, education, and more. As both a product innovator and a movement catalyst, we set new standards in the social sector, empowering organizations to harness the full potential of data science and AI while putting communities first.

Why Work with DataKind

At DataKind, we believe that people are the most important asset to delivering on our mission. As a people-first remote organization, we offer the following for all our employees:

• Flexibility and time off. Enjoy genuine flexibility that goes beyond adjustable hours. We build in shared time off, organization-wide recharge days, bi-weekly meeting-free days, and flexible PTO (with a minimum of 20 vacation days encouraged annually).
• Comprehensive Wellness Support. We care for your total wellbeing with 100% employer-paid medical, vision, and dental benefits for employees (72% for dependents), a wellness reimbursement program for the activities and purchases that matter to you, and 12 weeks paid parental leave when you need it most.
• A Culture of Growth. Every team member receives professional development funding each year, alongside mentorship and advancement opportunities. We invest in your future with a 401(k) plan with 5% employer matching. 
• Meaningful Connection. Despite being distributed across time zones, we value being able to come together in person for conferences, strategic planning, and at our annual staff retreat.
• Living our Values. DataKind is committed to a diverse, equitable and inclusive work environment in our day-to-day work and via special initiatives driven by our DEI Steering Committee.

Encouraging Applicants of All Backgrounds

We encourage people from all backgrounds to apply, especially people of color, people with disabilities, veterans, and members of the LGBTQ+ community. 

DataKind is an equal opportunity employer. Employment decisions are made without regard to race, color, religion, national or ethnic origin, sex, sexual orientation, gender identity or expression, age, disability, protected veteran status, genetic information, pregnancy, or any other category/characteristics protected by law. No matter one’s background, all role must value and advocate for inclusion and equity.

Applicants must have a U.S.-based permanent address and be currently authorized to work in the United States on a full-time basis  indefinitely without employer visa sponsorship.