IT Analyst II, Data Protection

Job Summary 

The Data Protection, Analyst II is responsible for executing and administering CRS Data Protection functions and supporting systems. Responsibilities will include overall systems management; support and execution of Data Protection roadmap and the related projects; organizational awareness, processes and procedures and compliance with audits/assessments related to Data Protection administration.

Working closely with the Director I, Information Security, Identity and Data Protection, the Analyst II, Data Protection will require coordination and communication with all levels of CRS business, MEAL, ICT4D, Global Risk and Compliance, Office Legal Counsel, Legal and programing teams, Strategic Partners, and Vendors to ensure data protection initiatives and operations are in line with agency responsible data values and principles, standards and applicable controls.

RESPONSIBILITIES

Roles and Key Responsibilities  

• Oversee design, implementation and operations of privacy and data protection management systems
• Deepen adoption of data protection controls and oversight
• Advise on best practices & implement processes in the areas of data protection and privacy, aligning data protection requirements and risks with capabilities
• Maintain full and complete records of privacy related matters, incidents, breaches, and actions taken; monitor such records to identify trends preparing reports for use by the data protection team  
• Proactively monitor and maintain a detailed knowledge and awareness of current privacy, data protection, and consumer legislative interpretation and other developments including guidance/advice/codes of practice and enforcement practices  
• Work with other members of the Data Protection team to action and administer the Privacy Impact Assessment (PIA) program, identifying where assessments are required and working with business stakeholders to drive completion of PIAs, maintaining full and complete records and timetables for review.
• Support all business areas by providing advice and guidance in relation to data protection governance and procedures.
• Work closely with programming, ICT4D, MEAL and ICT teams to support internal projects to deliver Privacy by Design and Default, maintaining robust evidence and record keeping for publication to regulators where required
• Engage with all areas of the business where personal data may be processed to determine existing processes and assess how privacy is embedded. Identify gaps in control environments, customer journeys and personal data handling to determine privacy risk.
• Assist with the administration of data processing (transfer and sharing) agreements (DPA) and standard contractual clauses (SCCs)
• Develop Data Protection awareness across the agency by providing orientation, on-going communication and implementing educational activities

 Supervisory Responsibilities

None

Key Working Relationships:    

Internal: Members of the Global Knowledge and Information Management (GKIM) Department, Global Risk and Compliance (GRC), Office of the General Counsel (OGC), leaders of CRS' regional ICT organizations, ICT staff, MEAL and ICT4D teams, and owners of CRS business systems.  

External:  NetHope and privacy management Vendors, peers from other NGO's and consortiums focused on the responsible use of data in the relief and development sector.  

QUALIFICATIONS

Basic Qualifications  

• Bachelor's degree in Data Protection or IT related field or equivalent experience
• Minimum of 5 years' experience in the design and implementation of Data Protection systems, processes and procedures
• Experience in Data Protection programs and building cross functional relationships
• Experience in an Incident Response role and Data Subject Rights
• Deep knowledge of global data protection laws, standards, and associated frameworks (e.g. GDPR, CCPA, HIPAA, and others).
• Experience in managing Data Protection compliance
• Comfort influencing business leaders in the promotion of consistent practices and policy
• In depth knowledge of Information risk concepts / relating business needs to Data Protection controls

Preferred Qualifications

• Highly proactive and able to work independently.  
• Excellent written communication skills, demonstrating the ability to document Data Protection policy and briefings with purpose, clarity, and accuracy
• Strong inter-personal and group/team process skills, problem-solving and judgment skills.  
• Demonstrated experience working and interfacing with cross functional teams  
• Strong systems thinking and analytical approaches to problem solving.  
• Very good presentation and listening skills.  
• Culturally sensitive and patience.  
• Demonstrated commitment to organizational learning and development.  
• Demonstrated effectiveness in a customer facing roleLegal academic and professional background
• Familiarity with privacy program management tools (e.g. OneTrust)
• Knowledge of data related initiatives such report/dashboard creation, and web analytics
• CIPP, CIPP, CIPT, or CIPM or equivalent certification
• Knowledge of frameworks and best practices such as PCI DSS, the ISO 27000 family of standards, NIST Cyber Security Framework and/or Cyber Essentials