Senior Director, Privacy and Cybersecurity

POSITION SUMMARY

(Eligible for Hybrid/ 3 days in office - Alexandria, VA)

The Senior Director, Privacy and Cybersecurity provides leadership to protect United Way Worldwide’s (UWW) data, systems and reputation. The Senior Director oversees and executes a comprehensive privacy and cybersecurity program aligned with global best practices.

The Senior Director leads and manages a team and acts as a thought leader, coach, and advisor, ensuring that privacy and cybersecurity are embedded across all business operations. The Senior Director partners regularly with others in the Technology Services department and with team members in UWW’s Marketing and Communications department, Development department, and the Office of General Counsel to foster a culture of trust, resilience, and compliance.

The Senior Director serves as the organization’s Data Protection Officer (DPO), overseeing data protection strategies, compliance with global privacy regulations (GDPR, CCPA, HIPAA, etc.), and vendor risk management.

KEY RESPONSIBILITIES/ESSENTIAL DUTIES OF POSITION

An individual must be able to perform each essential duty listed below at a satisfactory level:

Security and Privacy | UWW Internal Operations

Privacy

• Serve as the Data Protection Officer (DPO) for United Way Worldwide
• Monitor, interpret, and implement compliance with global privacy regulations (GDPR, CCPA, HIPAA, PIPEDA, etc.), along with analyzing and advising on recent trends for non-profit organizations
• Lead alignment with established and emerging privacy laws and regulations applicable to local United Ways at a global level.
• Develop, deliver, and drive awareness of data privacy and security privacy programs and training
• Champion Privacy by Design when developing, implementing, or considering new data systems
  • Provide guidance and feedback in contracting/purchasing process to ensure vendors meet security/privacy requirements and to advise on optimizing data matters such as data minimization, flow, and security
• Conduct Privacy Impact Assessments (PIA: Privacy of Data) and Data Privacy Impact Assessments (DPIA: Risk) and Transfer Impact Assessments (TIA)
• Identify, build, or implement tools to manage privacy across systems
• Oversee and manage Data Subject Access Request processes

Cybersecurity Leadership

• Lead cybersecurity program in alignment with NIST CSF and NIST SP 800-53. Operationalize security practices.
  • Work with system administrators to support security patching, monitoring and user account best practices
  • Develop annual calendar for security related activities
• Lead adoption of zero-trust architecture across networks, applications, and cloud platforms.
• Oversee Identity and Access Management (IAM), encryption standards, and endpoint security
• Direct vulnerability management, penetration testing cycles, and lead team exercises
• Establish and contribute to Data and System classification records
• Co-Lead Vendor Assessment process
• Co-lead IT Incident Response and IT portion of UWW Business Continuity Plan

Risk Management & Governance

• Develop, maintain. and monitor cybersecurity KPIs and dashboards.
• Partner with MDM/Data Governance Team to determine data use and data flothe MDM/Data Governance Team to determine data use and data flows, to align governance mechanisms with the to align governance mechanisms with enterprise strategy.
• Collaborate with Audit and Compliance teams to support annual internal and external annual audits and contribute to risk assessment activities.

External UWW Network

• Monitor and maintain the InfoSec page on United Way Online (UWO)
• Contribute to Membership Standards by providing local United Way basic compliance measures and tools or training to support Membership compliance across the network
• Provide expert guidance to local United Ways experiencing an IT or data related crisis to reinforce and guide based on best practices for incident management and to protect the United Way brand.

JOB REQUIREMENTS

• Bachelor’s degree required; Master’s in Cybersecurity, Computer Science, or related field strongly preferred.
• CISSP, CISM, CIPT or other Security Certification required.
• 10+ years of expert-level experience in privacy, cybersecurity, or cyber law, with 5+ years experience in managing security team.
• Excellent organization, communication, and motivational skills with an attention to detail.
• Demonstrated success in cybersecurity program development and staff training/awareness.
• Experience in facilitation bringing end users to appropriate solutions involving an appropriate balance between end user requirements and risk minimization.
• A self-starter attitude and strong interpersonal skills with the ability to work independently and collaboratively and ability to interact with people at all levels.
• Solid understanding of Privacy regulations, data management practices, and IT systems.
• Understanding of large-scale System Development Life Cycle (SDLC) in addition to experience with implementation, integration, interfaces, data use mapping and flow design.
• Experience in using efficient methodologies/frameworks, such as Agile and NIST or ISO.

This job description describes the general nature and level of work performed by employees assigned to this position. It should not be construed as an exhaustive list of all required duties, responsibilities, and skills. Reasonable accommodations may be made to enable disabled individuals to perform the essential functions of the job. You should be able to work on-site in the Alexandria, VA location; relocation assistance is not offered.

SALARY STATEMENT

The budgeted salary range for this position is currently $144,000 to $180,000 per year. Salary is determined by several factors including applicant’s knowledge, ­­­skills, experience, position, equity, and market.

ABOUT UNITED WAY WORLDWIDE

United Way Worldwide seeks diverse, qualified professionals who want to make a difference in the world. If you are passionate about your work and desire to help others achieve enhanced education, income, and health, United Way Worldwide is the place for you.

United Way Worldwide is an equal opportunity employer. We evaluate qualified applicants without regard to race, color, religion, creed, disability, veteran status, marital status, age, sex (including pregnancy), sexual orientation, gender identity, gender expression, national origin or ancestry, genetic information, and other legally protected characteristics, in accordance with applicable laws. If you need a reasonable accommodation because of a disability for any part of the employment process, please e-mail recruitment@uww.unitedway.org and provide the nature of your request and your contact information.

We are a charter member of Employers of National Service and encourage AmeriCorps, Peace Corps, and other national service alumni to apply.

United Way Worldwide is located in Old Town Alexandria, VA. We offer competitive salary and excellent benefits including: health, dental, life, short-term and long-term disability, employee assistance program, 403(b) plan, tuition assistance, paid time off, family sick leave, medical appointment leave, parental/adoption leave, dress for your day, free parking, onsite gym, monthly volunteering opportunities, and more.

We kindly request that you do not call to inquire about the status of your application. All candidates selected for consideration will be contacted by a United Way Worldwide team member via email or phone regarding next steps.