Data Protection Analyst
Summary:  In terms of Data Protection Program Management, the Data Protection Analyst shall, at the direction of the Director of Information Security and Data Protection Officer, perform the ongoing activities related to the development, implementation, and maintenance of the organization's Information privacy and security program in accordance with applicable laws, regulations, and contractual obligations.

Essential Duties And Responsibilities (Include But Not Limited To)

To perform this job successfully, an individual must be able to perform each essential duty satisfactorily.

  • Builds, maintains and/or executes a strategic and comprehensive data protection program that defines, develops, maintains, and implements policies and processes that enable consistent, effective information privacy and security practices which minimize risk and ensure the confidentiality, integrity and availability of sensitive and/or protected information assets, paper and/or electronic, across all media types. Ensures data protection forms, policies, processes, standards, and procedures are up-to-date.
  • Collaborate with other members of the information security and privacy team to ensure alignment between security and privacy compliance programs including policies, practices, investigations, and acts as a liaison to the organization's technical and business stakeholders.
  • Works with organization senior management, risk, and legal counterparts to establish governance for the data protection program.
  • Serves in a leadership role for privacy and security compliance in their area of accountability and across the organization.
  • Develops and delivers initial and ongoing privacy and security training to the workforce.
  • Initiates, facilitates, and promotes activities to foster information privacy and security awareness within the organization.
  • Performs or oversees initial and periodic privacy and security risk impact assessment/analysis, mitigation, and remediation.
  • Conducts related ongoing compliance monitoring activities in coordination with the organization's other compliance and operational assessment functions.
  • Takes a lead role to ensure the organization has and maintains appropriate privacy and confidentiality consents, authorization forms, and information notices and materials reflecting current organization and legal practices and requirements.
  • Participates in the development, implementation, and ongoing compliance monitoring of all data controllers, processors, business associates, and associated legal agreements to ensure all privacy and security concerns, requirements, and responsibilities are addressed.
  • Works cooperatively with applicable organization units in overseeing data subject rights and facilitation of data subject and/or legal requests, when appropriate.
  • Establishes, maintains, and administers a process for investigating and acting on privacy and security complaints.
  • Establishes, maintains, and administers an ongoing process to track, investigate, and report inappropriate access and disclosure of sensitive and/or protected information. Monitor patterns of inappropriate collection, access, and disclosure of sensitive and/or protected information.
  • Performs required breach risk assessment, documentation, and mitigation. Works with key stakeholders (e.g. Human Resources, Legal, Risk, Senior Management, etc.) to ensure consistent application of sanctions for privacy and security violations.
  • Manages required breach determination, response, notification, and remediation processes in accordance with applicable laws, regulation, and/or contractual obligations and requirements.
  • Maintains current knowledge of applicable privacy and security compliance laws, regulations, and accreditation standards.
  • Works with risk and compliance administration, legal counsel, information services, and other related parties to represent the organization's information privacy interests with external parties (e.g. governmental bodies) who undertake to adopt or amend privacy legislation, regulation, or standard.
  • Serves as information privacy resource to the organization regarding release of information, and to internal/external groups or entities for all privacy related issues.

    Qualifications (Knowledge, Skills, Abilities, And Requirements)

    The requirements listed below are representative of the knowledge, skill, and/or ability required.


  • Supportive of Mercy Ships mission and vision, and committed to its core values.
  • Understand and apply servant leadership, work collaboratively with integrity and demonstrate accountability
  • Able to live in and contribute to community life, requiring stable and healthy interpersonal skills.
  • Demonstrated organization, facilitation, written and oral communication, and presentation skills.
  • Demonstrated skills in collaboration, teamwork, and problem-solving to achieve goals
  • Demonstrated skills in verbal communication and listening
  • Demonstrated skills in providing excellent service to customers
  • A high level of integrity and trust
  • Familiarity with global privacy legislation and/or international security standards
  • Digital Marketing, Healthcare and/or Maritime operations a plus

    Education And Experience

    The requirements listed below are representative of the education and / or experience required.

  • Successful completion of Mercy Ships Entry Training will be required within the first year. 
  • Bachelor's degree in a relevant field.
  • Knowledge of and/or experience in information privacy and security laws and practices.
  • Desired certification in information privacy and/or security such as Certified Information Privacy Professional (CIPP), Certified Data Protection Practitioner (CDPP), Certified Information Security Auditor (CISA), Certified Information Security Systems Professional (CISSP), etc.
  • Experience with privacy and/or security management tools a plus.