CRS

Compensation

Full Description

Job Title: Responsible Data Analyst I Reports to: Manager, Responsible Data Department: GKIM Salary Grade: 9 Note: Candidates should be based on the U.S. East Coast (Eastern Time Zone) to ensure effective time zone alignment. Job Summary The Analyst I, Responsible Data will support the implementation of CRS’s Responsible Data Policy and data protection practices across country programs, departments and business units. This role will focus on ensuring regulatory compliance, embedding privacy principles into operations, and supporting the rollout of privacy management systems such as OneTrust. The Analyst will work closely with country teams, regional advisors, and global stakeholders to translate policy into practice, assess and mitigate data protection risks, and build capacity in responsible data stewardship. Working closely with Manager I, Responsible Data, the Analyst I, will require coordination and communication with all levels of CRS business, MEAL, ICT4D, Global Risk and Compliance, Office Legal Counsel, Legal and programing teams, Strategic Partners, and Vendors to ensure data protection initiatives and operations are in line with agency responsible data values and principles, standards and applicable controls. The role will cover the AMERICA region. Applicants must be fluent in both English and Spanish and possess demonstrated experience in data protection. Further details are provided below. Roles and Key Responsibilities • Maintain up-to-date knowledge of relevant data protection regulations and provide contextualized guidance to country programs, departments, and project teams. • Serve as the primary point of contact and advisor for data protection compliance within their zone. • Support the implementation of the agency’s Responsible Data Policy across country programs. • Translate global policy into actionable, context-appropriate practices and workflows that promote privacy, confidentiality, and ethical data use. • Promote and support the adoption of privacy by design and default principles in project lifecycles and business processes. • Oversee the identification, documentation, and regular review of personal data processing activities across operations and programs. • Proactively identify and escalate areas of elevated data protection risk, including those related to specific sectors (e.g., health, HR, finance), systems, technologies, projects, or vulnerable groups. • Coordinate the planning, execution, and documentation of Privacy Impact Assessments (PIAs) for new and existing projects, systems, and partnerships. • Collaborate with agreement owners to review contracts, grant agreements, vendor relationships, and data sharing arrangements to ensure data protection clauses are included and compliant. • Support the operationalization of the OneTrust Privacy Management platform to automate and track compliance activities such as PIAs, data mapping, and data subject requests. • Lead responsible data training and awareness sessions for program and operations staff. • Build zonal capacity in responsible data stewardship, privacy principles, secure data handling, and compliance expectations. Supervisory Responsibilities None Key Working Relationships: Internal: Members of the Global Knowledge and Information Management (GKIM) Department, leaders of CRS' regional ICT organizations, ICT staff, and owners of CRS business systems. External: NetHope and IT Vendors, peers from other NGO's and consortiums focused on use of ICT in the relief and development sector Knowledge, Skills and Abilities • Knowledge of global data protection laws, standards, and associated frameworks (e.g. GDPR, CCPA, HIPAA, and others). • Knowledge of data lifecycle management, including data classification, retention, and destruction practices. • Awareness of techniques such as pseudonymization, anonymization, and encryption as privacy enhancing technologies. • Awareness of cloud privacy risks and security controls across common platforms (e.g., Microsoft 365, Azure). • Familiarity with technical and organizational measures related to data protection compliance. • Knowledge of data protection considerations specific to humanitarian, health or nonprofit sectors. Required Languages: Fluency in English and Spanish is required. French is a plus. Travel: Must be willing to travel up to 10%.