We are seeking a proactive and skilled Data Protection & Compliance Manager to join our team! Reporting directly to the Chief Information Security Officer (CISO), you will play a crucial role in overseeing data protection and governance initiatives. Your focus will be on managing compliance and third-party risks while collaborating with stakeholders to promote security awareness and deliver exceptional customer service. If you're ready to drive operational excellence and lead in the protection of critical data, this role is the perfect fit for you!

Here's some of what you will be doing:

Data Protection and  Governance Oversight

• Ensure compliance with global data protection regulations such as GDPR, CCPA, COPPA, and other relevant laws and regulations.
• Develop, implement, and maintain data protection policies, procedures, and standards to mitigate risk and ensure compliance.
• Monitor and audit data processing activities to ensure adherence to data protection and privacy standards.
• Serve as a point of contact for data subjects, regulatory authorities, and internal stakeholders regarding privacy and regulatory inquiries and complaints.
• Collaborate with legal on data protection and governance matters.

Compliance Management

• Oversee compliance with industry standards and frameworks such as NIST Privacy Framework and NIST CSF.
• Conduct privacy protection and compliance assessments to identify risk areas.
• Develop remediation plans to address data protection and compliance gaps and monitor execution of plans.
• Prepare compliance and risk reports as required for ministry leadership and regulatory bodies as required.

Third-Party Risk Management

• Provide guidance for data protection and regulatory requirements of the ministry for the Third-Party Risk Management program.
• Develop governance policies and procedures for third-party risk management.
• Collaborate with legal regarding third-party risk oversight.

Other duties

• Assist in responding to data breaches and data protection incidents.
• Collaborate on training and awareness matters for data protection and governance.
• Stay updated on data protection and compliance laws and requirements.

Here's some experience we are seeking: 

• Bachelor’s degree in information security, data protection, business administration or related field, or combination of education/training with relevant experience.
• Professional certifications such as CIPP/US, CIPP/E, CIPM, or CISSP or other relevant training and certifications highly desirable.
• Minimum of 5 years of experience in data protection and privacy, compliance, or third-party risk management.
• In-depth knowledge of data protection regulations (GDPR, CCPA, COPPA) and compliance frameworks (e.g. NIST Privacy Framework, NIST CSF, PCI, DSS, HIPAA).
• Experience working with cross-functional teams and managing multiple workstreams/projects simultaneously.
• Strong organizational skills and attention to detail.
• A collaborative and flexible style, with a strong service mentality. Ability to collaborate with cross-functional teams.
• Excellent interpersonal skills with the ability to develop sincere business/ministry relationships.
• Strong written and verbal communication and presentation skills.
• Proactive mindset with a focus on continuous learning and improvement.
• Demonstrated commitment to the social sector with a passion for our mission and values
•  

What can we offer you?

• Industry leading Medical, Dental & Vision coverage
• Short/long term disability and life insurance
• Robust 401K with company match
• Parental leave with Baby Bonding pay
• Generous PTO, holiday and sick pay
• Unique company culture that includes exclusive access to concerts, movie premieres, media industry events, and more
• Leadership and Career Development Programs including free access to LinkedIn Learning platform

Why work for Educational Media Foundation, K-LOVE/Air1?

Educational Media Foundation (EMF) is a nonprofit, multi-platform media company on a mission to draw people closer to Christ. Founded in 1982 in Santa Rosa, CA, with a single radio station, EMF today owns and operates the nation's two largest Christian music radio networks (K-LOVE and Air1) with over 1,000 broadcast signals across all 50 states and beyond, streaming audio reaching around the world, and a growing family of media ministries including podcasts, books, films, concerts, and events. EMF employs nearly 500 team members between its offices in Nashville, TN, Rocklin, CA, and field locations around the country. You can view our mission and values here Mission, Beliefs & Values. 

“As an Equal Opportunity Employer, EMF makes employment decisions based on merit and other legitimate reasons. The Company is committed to a diverse and inclusive work environment and the promotion of equal employment opportunities regardless of protected class, characteristic or status.  However, EMF is also a religious non-profit organization where all team members contribute to the Company’s mission of encouraging our audiences “to have a meaningful relationship with Christ.” Therefore, pursuant to the Civil Rights Act of 1964, Section 702 (42 U.S.C. 2000e I(a)), EMF has the right to hire only candidates who agree with the Company’s Statement of Faith.  Also, as a religious non-profit organization, the Company is not governed by the CA Fair Employment and Housing Act.”