Data Protection Specialist

Information Technology Anywhere, United States


Location: Remote; US East Coast, Africa, Middle East or EU.

Position Status:
Full-time, Exempt, Regular

About Mercy Corps

Mercy Corps is powered by the belief that a better world is possible. To do this, we know our teams do their best work when they are diverse and every team member feels that they belong. We welcome diverse backgrounds, perspectives, and skills so that we can be stronger and have long term impact.

The Program / Department / Team

The Data Protection and Privacy team works to transform the way Mercy Corps secures and handles personal information and sensitive data, including compliance with our regulatory and ethical requirements to safeguard data. To this end, the program focuses on a variety of privacy, data protection and security awareness and compliance efforts across the agency. The team sits under Mercy Corps Global IT, and works with global team members, with key stakeholders in Legal, Compliance, and Programs.

The Position

Provide technical, logistical and project management support for Mercy Corps' Data Protection and Privacy team and its objectives. Serve as subject matter expert for data protection, privacy and security awareness for the agency, with an emphasis on support for country teams in Africa and Asia. Analyze data protection and privacy needs of the organization and identify opportunities for improvement. Assist with content development, presentations, training and other materials as needed.

Essential Responsibilities

  • Serve as subject matter expert for data protection, privacy and security awareness for the agency, with an emphasis on support for country teams in Africa and Asia. This includes advocacy, analysis, training and support for compliance with:

    • Mercy Corps’ Responsible Data Policy, related policies, best practices and procedures, including but not limited to risk analysis, Privacy Impact Assessments (PIA) and Records of Processing Agreements (ROPA).
    • Regional and/or national data protection laws as they apply to Mercy Corps, such as the GDPR or Kenyan Data Protection Act
  • Provide technical, logistical and project management support as part of implementing Data Protection and Privacy activities, including implementation of OneTrust for the agency.
  • Lead or co-lead regional working group meetings, trainings and other calls with Data Protection and Privacy team.
  • Create or co-create responsible data program materials, documentation and templates
  • Craft and send written communications on behalf of the Data Protection and Privacy team, through email, internal platforms, and regular reports.
  • Create and/or assist with quarterly reports using Excel and/or Power BI.
  • Analyze Data Protection and Privacy needs of the organization, particularly at the regional level, and identify opportunities for improvement.
  • Collaborate on Data Protection and Privacy strategy and future planning efforts.
  • Review and advise on data sharing agreements from or with third parties, and work with others. to develop templates and guidance on the DSA process.
  • Regional support for incident/breach management with data protection or privacy implications.
  • Regional support for procurement activities with data protection needs
  • Additional duties as assigned

Supervisory Responsibility



Reports Directly To: Director, Global Data Protection and Privacy

Works Directly With: Data Protection and Privacy team including Europe DPO/ Head of Operations & Data Protection, Europe, plus team members and program stakeholders across the agency. Priority stakeholders are from the Africa and Asia regions, Legal, Compliance, and Programs (PaQ, MEL, RPT)

Accountability to Participants and Stakeholders

Mercy Corps team members are expected to support all efforts toward accountability, specifically to our program participants, community partners, other stakeholders, and to international standards guiding international relief and development work. We are committed to actively engaging communities as equal partners in the design, monitoring and evaluation of our field projects.

Minimum Qualification & Transferable Skills

  • 4+ years of project management, stakeholder management, and business analysis
  • 2+ years of demonstrated experience with data protection, privacy or responsible data activities, or data management with a compliance focus
  • Experience with digital security awareness topics and best practices
  • Experience with remote facilitation and training
  • Experience working in a diverse global organization. Experience with international development is preferred
  • Experience creating and maintaining dashboards in Excel or Power BI is preferred.
  • IAPP certification or similar is strongly preferred.
  • Experience with GSuite (Google) and Microsoft 365 is preferred.
  • Fluency in English is required. Fluency in French is strongly preferred, followed by other languages spoken in Africa or Asian countries

Success Factors

Ability to work independently and collaboratively with multi-disciplinary teams. Ability to understand quickly the business issues and data challenges of the organization. Effective verbal and written communication skills. Ability to communicate business cases and build consensus. Ability to conceptualize and design new processes and identify how changes will impact current processes. Adept at proposing options for managing change in a cost-effective manner. Strong analytical skills. Must be organized, have an eye for detail, and be able to put ideas into a tangible form. Ability to prioritize and manage work to critical project timelines.

Living Conditions / Environmental Conditions

The position is 100% remote and does not need to be based near a Mercy Corps office. The position will be supporting global stakeholders and will often require work outside of a traditional schedule to accommodate time zone differences. Expected business hours: 7am - 4pm UTC, though early morning or evening calls may be expected.

Ongoing Learning

In support of our belief that learning organizations are more effective, efficient and relevant to the communities we serve, we empower all team members to dedicate 5% of their time to learning activities that further their personal and/or professional growth and development

Diversity, Equity & Inclusion

Achieving our mission begins with how we build our team and work together. Through our commitment to enriching our organization with people of different origins, beliefs, backgrounds, and ways of thinking, we are better able to leverage the collective power of our teams and solve the world’s most complex challenges. We strive for a culture of trust and respect, where everyone contributes their perspectives and authentic selves, reaches their potential as individuals and teams, and collaborates to do the best work of their lives.

We recognize that diversity and inclusion is a journey, and we are committed to learning, listening and evolving to become more diverse, equitable and inclusive than we are today.

Equal Employment Opportunity

Mercy Corps is an equal opportunity employer that does not tolerate discrimination on any basis. We actively seek out diverse backgrounds, perspectives, and skills so that we can be collectively stronger and have sustained global impact.

We are committed to providing an environment of respect and psychological safety where equal employment opportunities are available to all. We do not engage in or tolerate discrimination on the basis of race, color, gender identity, gender expression, religion, age, sexual orientation, national or ethnic origin, disability (including HIV/AIDS status), marital status, military veteran status or any other protected group in the locations where we work.

Safeguarding & Ethics

Mercy Corps is committed to ensuring that all individuals we come into contact with through our work, whether team members, community members, program participants or others, are treated with respect and dignity. We are committed to the core principles regarding prevention of sexual exploitation and abuse laid out by the UN Secretary General and IASC and have signed on to the Interagency Misconduct Disclosure Scheme. We will not tolerate child abuse, sexual exploitation, abuse, or harassment by or of our team members. As part of our commitment to a safe and inclusive work environment, team members are expected to conduct themselves in a professional manner, respect local laws and customs, and to adhere to Mercy Corps Code of Conduct Policies and values at all times. Team members are required to complete mandatory Code of Conduct elearning courses upon hire and on an annual basis.

As a safeguarding measure, Mercy Corps screens all potential US-Based employees. This is done following the conclusion of recruitment and prior to assuming full employment.

Our screening process is designed to be transparent and completed in partnership with new Team Members. You will have the opportunity to disclose any prior convictions at the conclusion of the recruitment process before the check is initiated. We ask that you do not disclose any prior convictions in your application materials or during the recruitment process.