Director, Data Security & Compliance

Summary

Join DataKind as their Director, Data Security & Compliance and build their data security and compliance function from the ground up. This remote position, based anywhere in the U.S., offers a competitive salary of $150,000-$170,000. You will develop and implement a comprehensive data security strategy, focusing on their enterprise education and communities platforms and products. This role requires establishing and overseeing DataKind’s implementation of ISO27001 and ensuring compliance with regulations like FERPA, GDPR, and SOC2. You will partner with engineering and product teams, advise executive leadership, and educate staff on data protection best practices. This is a unique opportunity to make a meaningful impact by protecting sensitive student data and enabling educational access.

Requirements

• Alignment and enthusiasm for DataKind’s mission and values
• 8+ years of experience in data security and privacy, with at least 3 years focused on compliance and regulatory requirements
• Demonstrated experience with education-specific privacy regulations, particularly FERPA
• Experience directly implementing ISO27001 or a similar data security frameworks in cloud-based software environments
• Experience with SOC2 audit processes
• Understanding of security requirements for products handling sensitive student information
• Networking engineering skills to set up, maintain and document technical security infrastructure
• Knowledge of secure data handling practices and ability to guide engineering teams
• Strong project management skills to handle multiple data security initiatives simultaneously
• Bachelor's degree in Computer Science, Information Security, Data Management, or related field

Responsibilities

• Finalize and execute a comprehensive data security strategy aligned with organizational goals, grant deliverables, and product roadmaps
• Design, implement and maintain data security infrastructure, policies, controls, and procedures across all product environments
• Create and manage security protocols including data access control, encryption, and data loss prevention
• Conduct regular data security assessments, vulnerability testing, and risk evaluations
• Implement data breach response procedures and lead incident investigations when necessary
• Set up organization’s implementation of ISO27001 in preparation for a SOC2 audit
• Ensure organizational adherence to education data privacy regulations including FERPA and GDPR
• Establish data governance policies that protect student information while enabling product functionality
• Monitor regulatory changes and update data security practices accordingly
• Maintain documentation needed for compliance verification and audits
• Build external partnerships with data security vendors and compliance consultants to extend capabilities
• Partner with engineering and product teams to integrate data security considerations into the development lifecycle
• Work closely with the Director of Engineering, Education Software to align data privacy requirements with technical initiatives
• Collaborate with Education Partnerships and Customer Success team members to address data security concerns from educational institutions and users
• Advise executive leadership on data risk management and resource allocation
• Educate staff across the organization on data protection best practices and compliance requirements
• Create a scalable data security and compliance function that can grow with organizational needs
• Develop specialized protocols for protecting student data in educational contexts
• Enable secure data sharing in compliance with educational privacy requirements
• Implement age-appropriate data security measures for student-facing applications
• Build security systems that accommodate the unique data handling needs of educational environments
• Align data security planning and resource allocation with grant commitments and milestone requirements
• Make strategic decisions to prioritize security initiatives that fulfill grant obligations while advancing protection goals
• Establish KPIs and reporting frameworks for data security and compliance functions
• Establish tracking systems to monitor compliance progress against grant milestones and deliverables
• Work with leadership to prepare data security components of grant reports and future funding proposals
• Balance innovation with the disciplined execution required to meet grant-specified security outcomes

Preferred Qualifications

• Demonstrated experience guiding staff through the implementation of new security requirements, including developing training materials, providing hands-on support, and ensuring consistent adoption of updated policies and procedures
• Background in educational technology or working with educational institutions
• Knowledge of COPPA, PPRA, TX-RAMP, state-specific student privacy laws, and other education regulations
• Certifications such as CIPM, CIPP/E, CISSP, CISM, or equivalent
• Experience building data security and compliance functions from scratch in growing organizations
• Familiarity with data security automation tools and processes
• Working knowledge of GDPR and other international data protection standards
• Master's degree in Cybersecurity, Data Privacy, Information Assurance, or related field

Benefits

• Flexibility and time off . Enjoy genuine flexibility that goes beyond adjustable hours. We build in shared time off, organization-wide recharge days, bi-weekly meeting-free days, and flexible PTO (with a minimum of 20 vacation days encouraged annually)
• Comprehensive Wellness Support . We care for your total wellbeing with 100% employer-paid medical, vision, and dental benefits for employees (72% for dependents), a wellness reimbursement program for the activities and purchases that matter to you, and 12 weeks paid parental leave when you need it most
• A Culture of Growth . Every team member receives professional development funding each year, alongside mentorship and advancement opportunities. We invest in your future with a 401(k) plan with 5% employer matching
• Meaningful Connection . Despite being distributed across time zones, we value being able to come together in person for conferences, strategic planning, and at our annual staff retreat