• Contract
  • Remote
  • TBD USD / Year

Mercy Corps

Location: Position is remote but must be in a country where Mercy Corps operates, this includes countries such as the United Kingdom, or the US(US location is subject to review and approval). For list of countries where Mercy Corps operates see our website.

Valid unrestricted work authorization in the country in which you will be based is required at the time of application for this position.

Position Status:Full-time, Exempt, Regular

Salary ranges**:** Base pay depends on various factors including geographical location and review of experience, knowledge, skills, abilities of the applicant. Sample salary ranges include USA ($84,000 – $99,750), UK (£66,117 – £78,000), KE (KES 637,000 – 716,000 monthly).

About Mercy Corps

Mercy Corps is powered by the belief that a better world is possible. To do this, we know our teams do their best work when they are diverse and every team member feels that they belong. We welcome diverse backgrounds, perspectives, and skills so that we can be stronger and have long term impact.

About the Data Protection & Privacy Team

We are a proactive and forward-thinking unit who is taking humanitarian data protection and privacy to the next level of maturity and scalability. Data protection is people protection and the mission of the Data Protection and Privacy team (DPP) is to build capacity for implementing responsible data practices throughout Mercy Corps in support of our commitments to safeguarding, protecting, and “doing no harm.” Our primary objective is to provide policies, tools, and training to Mercy Corps staff so that they can manage risks to data that the organization is entrusted with and build trust with program participants, the communities in which Mercy Corps works, partners, and donors. We work closely with other IT staff including cybersecurity experts and system administrators as well as stakeholders in compliance and legal departments and our country offices around the globe.

DPP Core Values

  • Diversity: DPP is composed of individuals with a range of lived and professional experience, which makes us better suited to working in a global context where differences in culture, regulatory environments, and priorities mean embracing difference while working towards common goals. We welcome applications from LGBTQIA+, BIPOC, and female identifying candidates as well as those who come from, or are located in, the countries in which Mercy Corps works.
  • Commitment to safeguarding and the humanitarian principle of doing no harm.
  • Ethical use of personally identifiable information that is collected, managed, or shared in the course of our work.
  • Adaptability: we are committed to balancing the various needs of regional and country staff to improve data protection and privacy. We are committed to Mercy Corps’ localization agenda and make every effort to create practical, accessible, material to support our goals.
  • Innovation and working with change-makers to test, co-create, and scale more effective responsible data solutions in an era of exponentially growing technology.

The Position

As the Data Protection and Privacy Technologist, your primary mission would be to:

  • act as system owner for our two primary data protection platforms (OneTrust, and Proofpoint) with an emphasis on configuring user roles and establishing workflows.
  • Partner in developing solutions to improve the use of technology at Mercy Corps to ensure the highest standards of data protection and privacy.
  • play an active role in developing data protection and privacy throughout the organization. We are looking for a skilled technologist with an entrepreneurial spirit who wants to help our team grow and define their role.
  • contribute to compliance frameworks such as CIS or Microsoft Purview and make appropriate enhancements or troubleshoot technical issues as needed.

As a member of DPP, you will help the team think strategically about the roles that technology can play in making data protection and privacy actions easier for staff including leveraging the potential of Microsoft tools such as PowerApps to facilitate responsible data practices for country teams.

Essential Responsibilities

  • Act as system owner for OneTrust, Proofpoint, and contribute to compliance frameworks in M365.
  • Maintain DPP’s PowerBI dashboard and help create new dashboard products to help prioritize DPP’s work.
  • Develop, implement, and maintain data protection-related policies, procedures and associated training plans for a range of software (examples include Ona, Commcare, PowerBI, and messaging apps).
  • Serve as a subject matter expert and provide internal consulting to teams who are building their own technical workflows or bespoke applications.
  • Perform privacy impact assessments on new technologies.
  • Provide direction and guidance for implementation of best practices as they pertain to data protection and privacy technology.
  • Analyze Data Protection and Privacy needs of the organization, particularly at the regional level, and identify opportunities for improvement.
  • Provide stakeholders with accurate, timely and relevant information to enable informed decisions.
  • Lead or co-lead regional working group meetings, trainings and other calls with DPP.
  • Create or co-create responsible data program materials, documentation and templates.

Minimum Qualification & Transferable Skills

  • Bachelor’s degree in a related field (Information Security, Computer Science, Law, Cybersecurity or equivalent)
  • 4+ years of project management, stakeholder management, and business analysis in IT, compliance, cybersecurity, or related field.
  • 3+ years of demonstrated experience with data protection, privacy or responsible data activities, or data management, preferably with a compliance focus or in a humanitarian context.
  • Experience with digital security awareness topics and best practices and/or implementing regulations such as GDPR, NDPR, CCPA, HIPAA or frameworks such as NIST, ISO, etc.
  • Experience working in a diverse global organization. Humanitarian experience is preferred
  • Experience creating and maintaining dashboards in Power BI is preferred.
  • IAPP certification or similar is preferred.
  • Experience with GSuite (Google) and Microsoft 365 is preferred.
  • Fluency in English is required. Fluency in Spanish, Arabic, or Asian languages is strongly preferred.
  • Effective written and oral communication and the ability to present technical material to a wide variety of audiences, including non-technical audiences.
  • Be able to run working groups and meetings in an entirely online environment. As a remote team, the ability to connect online and build consensus with each other and with stakeholders to help drive change is critical.
  • Be detailed oriented and well organized.
  • Prioritize communication, collaboration, and teamwork.

What makes an ideal candidate?

Our work spans the domains of technology, legal, compliance, and training: everybody on the team contributes something unique. We are looking for self-motivated people who prioritize collaboration and who are willing to take on new challenges. You may not have in-depth experience in every single thing on our list, but you are willing to learn and can make a clear case for how your experience is a good fit and provide examples of successfully taking on new technical or compliance challenges. This is a growth position, and we want to invest in someone who can contribute to humanitarian data protection over the long-term. Examples of our current projects include Mercy Corps’ Responsible Data Toolkit or the Data Protection and Privacy Guides.

Other helpful skills include successful project management experience and the ability to manage multiple projects simultaneously. A strong background in IT management and privacy; demonstrated experience applying security or privacy practices to ICT4D programs or data analysis pipelines.

Supervisory Responsibility: None

Reports Directly To: Director, Global Data Protection and Privacy

Accountability to Participants and Stakeholders
Mercy Corps team members are expected to support all efforts toward accountability, specifically to our program participants, community partners, other stakeholders, and to international standards guiding international relief and development work. We are committed to actively engaging communities as equal partners in the design, monitoring and evaluation of our field projects.

Success Factors

Ability to work independently and collaboratively with multi-disciplinary teams. Ability to quickly understand the business issues and data challenges of the organization. Effective verbal and written communication skills. Ability to communicate business cases and build consensus. Ability to conceptualize and design new processes and identify how changes will impact current processes. Adept at proposing options for managing change in a cost-effective manner.

Living Conditions / Environmental Conditions

The position is 100% remote and does not need to be based near a Mercy Corps office, however you must reside in a country where Mercy Corps maintains an office. The position will support global stakeholders and will often require work outside of a traditional schedule to accommodate time zone differences. Preferred business hours: 7am – 4pm UTC.

Ongoing Learning
In support of our belief that learning organizations are more effective, efficient and relevant to the communities we serve, we empower all team members to dedicate 5% of their time to learning activities that further their personal and/or professional growth and development

Diversity, Equity & Inclusion

Achieving our mission begins with how we build our team and work together. Through our commitment to enriching our organization with people of different origins, beliefs, backgrounds, and ways of thinking, we are better able to leverage the collective power of our teams and solve the world’s most complex challenges. We strive for a culture of trust and respect, where everyone contributes their perspectives and authentic selves, reaches their potential as individuals and teams, and collaborates to do the best work of their lives. We recognize that diversity and inclusion is a journey, and we are committed to learning, listening and evolving to become more diverse, equitable and inclusive than we are today.

Equal Employment Opportunity

Mercy Corps is an equal opportunity employer that does not tolerate discrimination on any basis. We actively seek out diverse backgrounds, perspectives, and skills so that we can be collectively stronger and have sustained global impact.

We are committed to providing an environment of respect and psychological safety where equal employment opportunities are available to all. We do not engage in or tolerate discrimination on the basis of race, color, gender identity, gender expression, religion, age, sexual orientation, national or ethnic origin, disability (including HIV/AIDS status), marital status, military veteran status or any other protected group in the locations where we work.

Safeguarding & Ethics

Mercy Corps is committed to ensuring that all individuals we come into contact with through our work, whether team members, community members, program participants or others, are treated with respect and dignity. We are committed to the core principles regarding prevention of sexual exploitation and abuse laid out by the UN Secretary General and IASC. We will not tolerate child abuse, sexual exploitation, abuse, or harassment by or of our team members. As part of our commitment to a safe and inclusive work environment, team members are expected to conduct themselves in a professional manner, respect local laws and customs, and to adhere to Mercy Corps Code of Conduct Policies and values at all times. Team members are required to complete mandatory Code of Conduct elearning courses upon hire and on an annual basis.

As a safeguarding measure, Mercy Corps screens all potential US-Based employees. This is done following the conclusion of recruitment and prior to assuming full employment.

Our screening process is designed to be transparent and completed in partnership with new Team Members. You will have the opportunity to disclose any prior convictions at the conclusion of the recruitment process before the check is initiated. We ask that you do not disclose any prior convictions in your application materials or during the recruitment process.

Covid-19 Vaccine Policy for US-Based Employees

Mercy Corps has determined that, in an effort to protect the health, safety, and well-being of all Mercy Corps employees working in the United States, all U.S.-based employees must be fully vaccinated for COVID-19, regardless of prior COVID-19 infection status. This policy is necessary to ensure not only the safety of our workforce, but the ongoing functionality of the organization.

This policy will be revised as needed to comply with federal, state, and local requirements, and to respond to changing guidance from public health authorities.

For new employees this requirement goes into effect within 10 business days of employment. Team members that travel are expected to comply with host-country requirements, including vaccinations. Failure to comply may impact your employment. Proof of vaccination or exemption must be provided.

How to apply

Mercy Corps Careers – Data Protection & Privacy Technologist – US or UK (

To apply for this job please visit