Team and Job Purpose

The Data Protection Shared Services is critical to increasing and maintaining the maturity of privacy and data protection management capabilities across Save The Children Association (SCA) Members, allowing them to meet their obligations under the Mutual Accountability Framework minimum standard for information security and SCARF (internal risk framework). The role reports to the Head of Information Assurance who is responsible for SCAs Information Assurance and Data Protection maturity and global compliance.
The Data Protection Specialist will act as the primary contact for data protection matters between SCA Member organisations and SCI within the region to which they are assigned and offer independent objective advice, guidance and support for the senior leadership teams and functional teams. They will also be required to lead or assist with incident management / data breach processes both in SCI and SCA Members.

Principal Accountabilities
Data Protection Assessment

• Carrying out regular assessments of current data protection practices across SCA Member organizations.
• Supporting the delivery of Data Protection Impact Assessment (DPIAs), supplier due diligence (and other Shared Services) with the SCI Information Security & Assurance team.
• Establish key performance indicators (KPIs) to measure the effectiveness of privacy and data protection initiatives.
• Regularly report on privacy and data protection metrics and progress toward maturity goals.

Policy Development and Implementation

• Support and advise the Member’s Point of Contacts (PoC) during the implementation, and maintenance of data protection policies, standards, and procedures. This could include the writing and reviewing of new policies and procedures.
• Ensure Member policies align with the Mutual Accountability Framework, SCARF and other regulatory requirements and are implemented effectively within the Member.

Training and Awareness

• Support the delivery of Member information security and data protection training programs for staff at all levels, including training content and phishing simulations.
• Foster a culture of information security and data protection awareness within the organization.
• Incident Management Support
• Assist in information security incident and personal data breach management processes, including identification, containment, eradication, recovery and testing.
• Coordinate communication and reporting of incidents to relevant stakeholders.

Stakeholder Engagement

• Serve as the primary point of contact for information security and data protection matters within assigned regions.
• Develop strong working relationships with Member PoCs and other key stakeholders. Provide expert advice and support to senior leadership and functional teams on all issues relating to information security.
• Prepare and present reports on information security and data protection compliance and maturity to senior management.

Risk and Compliance Management

• Support risk assessment activities to identify and prioritize potential security and privacy threats. Support the development of appropriate risk management processes where not in place.
• Recommend risk mitigation strategies and monitor their effectiveness.
• Support Member’s compliance with local data protection and privacy legal requirements

Collaboration and Communication

• Collaborate with IT teams and other departments to integrate information security into all business processes.
• Help facilitate clear and regular communications regarding security initiatives and concerns.

Continuous Improvement

• Stay informed about the latest trends and best practices in information security.
• Recommend improvements to security strategies based on industry developments and organizational needs.

Experience and Skills

Essential

• Good knowledge of data protection frameworks such as NIST.
• Good understanding of IT infrastructure including cloud, networks and information management systems
• Experience with OneTrust or other tools
• Capability to convey technical information effectively to non-technical stakeholders in a clear and comprehensive manner.
• Ability to work with a range of business stakeholders to understand and articulate their activities in line with defined standards
• Good verbal and written communication skills (in English)
• Self-motivated, with a proactive and collaborative approach, and a strong results orientation
• Commitment to Save the Children mission and values.

Desirable

• Two years of experience working in data protection program or project environment 
• Experienced working for INGOs or NGOs
• Data Protection related certification/s such as CIPP

Education and Qualifications
Essential

• Degree or diploma in Information Security, Law, or relevant field

Desirable

• Data Protection related certification/s such as CIPP