Senior Director, Privacy and Cybersecurity

POSITION SUMMARY

(Eligible for Hybrid/ 3 days in office - Alexandria, VA)

The Senior Director, Privacy and Cybersecurity provides executive leadership to protect United Way Worldwide’s data, systems and reputation. The Senior Director establishes a comprehensive security, privacy, AI and data governance program rooted in NIST Cybersecurity, NIST Privacy, and NIST AI Risk Management Frameworks, aligned with global best practices.

The Senior Director acts as a thought leader, coach, and advisor, ensuring that privacy, cybersecurity, and AI governance principles are embedded across business operations. The Senior Director partners with Information Technology, Marketing and Communications, Development, and the Office of General Counsel to foster a culture of trust, resilience, and compliance.

The Senior Director also serves as the organization’s Data Protection Officer (DPO), overseeing data protection strategies, compliance with global privacy regulations (GDPR, CCPA, HIPAA, etc.), vendor risk management, and the secure and responsible adoption of Artificial Intelligence (AI). This includes embedding privacy and security controls in AI systems, evaluating AI vendors, and ensuring alignment with emerging regulations (EU AI Act, US AI Bill of Rights).

KEY RESPONSIBILITIES/ESSENTIAL DUTIES OF POSITION

An individual must be able to perform each essential duty listed below at a satisfactory level:

Security and Privacy | UWW Internal Operations

Privacy

• Serve as the Data Protection Officer (DPO) for United Way Worldwide
• Monitor, interpret, and implement compliance with global privacy regulations (GDPR, CCPA, HIPAA, PIPEDA, etc.), along with analyzing and advising on recent trends for non-profit organizations.
• Lead alignment and compliance with established and emerging privacy laws and regulations applicable to LUWs at a global level.
• Develop, deliver and drive awarenes of data privacy and security privacy awareness programs and training. While providing coaching & educating staff about applicable privacy practices, drive awareness on data privacy and security issues, including development of training, policies, and guidelines that help business stakeholders spot and address data protection and privacy issues as they emerge in development of new products and technologies
• Champion Privacy by Design when developing, implementing, or considering new data systems
  1. Provide guidance and feedback in contracting/purchasing process to ensure vendors meet security/privacy requirements and to advise on optimizing data matters such as data minimization, flow and security
• Conduct Privacy Impact Assessments (PIA: Privacy of Data) and Data Privacy Impact Assessments (DPIA: Risk) and Transfer Impact Assessments (TIA)
• Identify, build or implement tools to manage privacy across systems
• Oversee & Manage DSAR processes (Data Subject Access Requests)

Cybersecurity Leadership

• Establish and lead cybersecurity program in alignment with NIST CSF and NIST SP 800-53. Operationalize security practices.
  • Work with system administrators to support security patching, monitoring and user account best practices
  • Develop annual calendar or security related activities
• Lead adoption of zero-trust architecture across networks, applications, and cloud platforms.
• Oversee Identity and Access Management (IAM), encryption standards, and endpoint security.
• Direct vulnerability management, penetration testing cycles, and lead team exercises.
• Lead IT Incident Response Plan and cybersecurity components of the Business Continuity and Disaster Recovery Plans.
• Develop annual security roadmaps benchmarked against NIST CSF, ISO 27001/27701, and SOC 2 standards.
• Develop and support change management logging and practices
• Establish and contribute to Data and System classification records
• Co-Lead Vendor Assessment process
• Co-lead IT Incident Response and IT portion of UWW Business Continuity Plan

Risk Management & Governance

• Drive enterprise-wide risk assessments and report outcomes to leadership and to the Board.
• Develop, maintain and monitor cybersecurity and AI KPIs and dashboards.
• Evaluate new data use initiatives and vendor security capacities prior to contracting with new vendors/partners
• Partner with MDM/Data Governance Team to determine data use, data flows, to align governance mechanisms with enterprise strategy.
• Develop and monitor meaningful metrics
• Collaborate with Audit and Compliance teams to support annual internal and external annual audits and contribute to risk assessment activities.

External UWW Network

• Monitor and maintain the InfoSec page on UWO including collaboration with Membership when issues occur
• Contribute to Membership Standards by providing local United Way basic compliance measures and tools or training to support Membership compliance across the network
• Collaborate with UWW Membership, US and International Network teams to elevate security/privacy through Membership standards, thought leadership and guidance
• Provide expert guidance to local United Ways experiencing an IT or data related crisis to reinforce and guide based on best practices for incident management and to protect the United Way brand.

Other Duties

1. Interface with internal constituents and stakeholders to ensure technology products sufficiently support area divisions/departments at meeting their respective goals and objectives.
2. Work with the Senior Vice President Technology to manage resources, including utilization of team resources, forecasting and budget management.
3. Work with IT Leads to support broad UWW IT needs, planning and collaboration
4. Document all aspects of project development and evolution through concise meeting notes, action items, and task management. Eliminate barriers in completion of projects and manage scope, including identifying issues and working with the resources and client on resolution plans.
5. Must be able to multi-task and enjoy working in a fast-paced environment.
6. Other duties as assigned.

JOB REQUIREMENTS

• Bachelor’s degree required; Master’s in Cybersecurity, Computer Science, or related field strongly preferred.
• CISSP, CISM, CIPT or other Security Certification required.
• 10+ years of expert-level experience in cybersecurity, privacy, AI governance, or cyber law, with 5+ years experience in managing Security Team.
• Excellent organization, communication, and motivational skills with an attention to detail.
• Demonstrated success in cybersecurity program development and staff training/awareness aligned to NIST CSF, SP 800-53, ISO 27001/27701, and NIST AI RMF.
• Demonstrated Knowledge of emerging AI regulations (EU AI Act, US AI Bill of Rights, etc.).
• Experience in facilitation bringing end users to appropriate solutions involving an appropriate balance between end user requirements and risk minimization.
• A self-starter attitude and strong interpersonal skills with the ability to work independently and collaboratively and ability to interact with people at all levels.
• Solid understanding of Privacy regulations, data management practices and IT systems.
• Understanding of large-scale System Development Life Cycle (SDLC) in addition to experience with implementation, integration, interfaces, data use mapping and flow design.
• Experience in using efficient methodologies/frameworks, such as Agile and NIST or ISO.

ROLE SPECIFIC COMPETENCIES

AI Risk, Governance & Enhanced Cybersecurity

Applies NIST AI RMF and ISO/IEC 42001 to ensure safe and ethical AI Adoption. Anticipates AI-related risks (bias, adversarial attacks, model drift). Leverages AI tools for threat detection and privacy while mitigating risks.

Innovation/ Foresight

Anticipates future risks including AI-driven attacks, deepfakes, and quantum threats.

Evaluates UWW work processes, products and systems. Promotes ways to continuously improve them. Encourages and guides others to consider alternatives to current

Accountability/Results Orientation

Takes ownership of work and outcomes achieved, selecting the best work approach, while delivering against commitments, models ethical integrity. Is accountable for the achievement of assigned work projects. Collaborates with others to establish work project parameters, desired results/outcomes, and resource requirements. Keeps team leader(s) informed on work progress and changes in work direction. Behaves ethically and honestly in all activities performed on behalf of UWW. Demonstrates a commitment to UWW’s values, including diversity and inclusiveness.

Decision-Making/Risk-Taking

Balances innovation, compliance, and risk minimization. Evaluates available information and recommends a course of action. Contributes own assessment of risks and implications of decisions in team decision-making efforts. Uses judgment appropriately in decision-making. Knows when to shift decision-making upwards.

Teamwork Collaboration

Builds trust across diverse stakeholders and adapts to change.Contributes to the achievement of team objectives by helping others to complete tasks on own initiative. Shares information/ideas with other team members. Carries out assigned work projects. Identifies ways to make a greater contribution to the team. Able to adapt quickly to changing conditions or performance expectations. Able to focus on assignments during periods of change and/or uncertainty.

Relationship Management

Develops partnerships to elevate organizational maturity. Utilizes rapport to build trust and collaboration with others. Identifies and shares mutual benefits/needs in working together. Is ethical in dealing with others to achieve the desired results. Interacts and communicates with diverse stakeholders effectively. Fosters and maintains working relationships across the UW system.

Communications

Distills complex issues into actionable insights for technical and non-technical audiences. Expresses work issues and problems in a clear and concise manner. Communicates effectively with others up, down, and across the organization to achieve expected organization results. Gives and receives constructive feedback. Seeks direct input on team effectiveness and environment.

This job description describes the general nature and level of work performed by employees assigned to this position. It should not be construed as an exhaustive list of all required duties, responsibilities, and skills. Reasonable accommodations may be made to enable disabled individuals to perform the essential functions of the job. You should be able to work on-site in the Alexandria, VA location; relocation assistance is not offered.

SALARY STATEMENT

The budgeted salary range for this position is currently $136,000 to $155,000 per year. Salary is determined by several factors including applicant’s knowledge, skills, experience, position, equity, and market.

ABOUT UNITED WAY WORLDWIDE

United Way Worldwide seeks diverse, qualified professionals who want to make a difference in the world. If you are passionate about your work and desire to help others achieve enhanced education, income, and health, United Way Worldwide is the place for you.

United Way Worldwide is an equal opportunity employer. We evaluate qualified applicants without regard to race, color, religion, creed, disability, veteran status, marital status, age, sex (including pregnancy), sexual orientation, gender identity, gender expression, national origin or ancestry, genetic information, and other legally protected characteristics, in accordance with applicable laws. If you need a reasonable accommodation because of a disability for any part of the employment process, please e-mail recruitment@uww.unitedway.org and provide the nature of your request and your contact information.

We are a charter member of Employers of National Service and encourage AmeriCorps, Peace Corps, and other national service alumni to apply.

United Way Worldwide is located in Old Town Alexandria, VA. We offer competitive salary and excellent benefits including: health, dental, life, short-term and long-term disability, employee assistance program, 403(b) plan, tuition assistance, paid time off, family sick leave, medical appointment leave, parental/adoption leave, dress for your day, free parking, onsite gym, monthly volunteering opportunities, and more.