NIST Privacy & Cybersecurity Expert (Volunteer)

NIST Privacy & Cybersecurity Expert (Volunteer)

PromiseShield | Privacy Frameworks, Cybersecurity & Data Governance

Organization: Mentor A Promise (MAP)

Location: Remote with NYC-based collaboration as needed

Type: Volunteer

Reports To: Chief Legal & Governance Officer / IT Security & Privacy Lead

Works Closely With: IT Security Team, Data Governance Team, Legal & Compliance, PromiseMeasure (Data & Impact)

About Mentor A Promise

Mentor A Promise (MAP) is a New York City–based nonprofit dedicated to empowering youth experiencing housing instability through mentorship, education, and community. As MAP expands its digital infrastructure and partnerships, protecting sensitive data—especially student information—is essential to maintaining trust, safety, and compliance.

About PromiseShield | Privacy, Security & Compliance

PromiseShield is MAP’s division responsible for privacy, cybersecurity, and data governance. The division ensures that all systems, platforms, and data practices meet rigorous standards for security, compliance, and ethical responsibility.

Role Overview

We are seeking a NIST Privacy & Cybersecurity Expert to guide the implementation and alignment of MAP’s data systems with recognized frameworks, including the NIST Privacy Framework and NIST Cybersecurity Framework (CSF).

This role will help establish structured, scalable systems for:

• Risk identification and mitigation
• Data protection and governance
• Security controls and compliance readiness

The Expert will serve as a strategic advisor, ensuring MAP builds infrastructure that is secure, compliant, and resilient.

Key Responsibilities

Framework Implementation & Alignment

• Guide adoption of the NIST Privacy Framework and NIST Cybersecurity Framework (CSF)
• Translate framework principles into operational policies and procedures
• Support integration of privacy-by-design and security-by-design practices

Risk Assessment & Mitigation

• Identify cybersecurity and privacy risks across systems and workflows
• Support development of risk management and mitigation strategies
• Conduct or advise on security and privacy assessments

Data Governance & Security Controls

• Advise on data classification, access controls, and secure data handling
• Support development of policies for data minimization, retention, and protection
• Collaborate with IT to strengthen system security and infrastructure

Compliance & Readiness

• Align practices with applicable laws and standards (FERPA, NY SHIELD Act, DOE expectations)
• Support audit readiness and compliance documentation
• Provide guidance on secure third-party/vendor integrations

Training & Cross-Team Collaboration

• Support internal education on cybersecurity and privacy best practices
• Collaborate with IT, Legal, and Program teams to ensure system-wide alignment
• Maintain timely, professional responsiveness via Google Workspace

Qualifications

Required

• Strong knowledge of the NIST Privacy Framework and/or NIST Cybersecurity Framework (CSF)
• Experience in cybersecurity, privacy, or data governance
• Ability to translate technical frameworks into practical systems and policies
• Strong analytical and problem-solving skills
• Alignment with MAP’s mission and dignity-centered values

Preferred

• Experience in nonprofit, education, or youth-serving environments
• Familiarity with FERPA, New York SHIELD Act, and DOE compliance requirements
• Experience conducting risk assessments or implementing security frameworks
• Background in IT security, compliance, or data protection

Commitment

• Volunteer role
• Approximately 5–10 hours per week
• Minimum 6-month commitment preferred
• Fully remote with optional NYC-based collaboration

What You’ll Gain

• Strategic experience implementing industry-standard cybersecurity frameworks
• Opportunity to shape secure systems in a mission-driven organization
• Collaboration with leadership across legal, tech, and program teams
• Professional references and letters of recommendation
• A meaningful role protecting sensitive data and strengthening organizational trust

How to Apply

Interested candidates must apply directly through Idealist and submit:

• Resume (required)
• Cover letter (required) describing relevant experience in cybersecurity, privacy frameworks, or data governance and interest in MAP’s mission

Help build systems that protect what matters most—because trust is built on security, and security is built with intention.

Thank you for your interest in volunteering with our organization. At this time, volunteer opportunities are limited to individuals based in the United States due to legal, safeguarding, data-privacy, and programmatic requirements. We appreciate your interest in our mission and your understanding of these constraints.