Third-Party Risk & Privacy Training Coordinator (Volunteer)

Third-Party Risk & Privacy Training Coordinator (Volunteer)

PromiseShield | Third-Party Risk, Privacy Training & Compliance Awareness

Organization: Mentor A Promise (MAP)

Location: Remote with NYC-based collaboration as needed

Type: Volunteer

Reports To: Chief Legal & Governance Officer / Privacy & Compliance Lead

Works Closely With: IT Security Team, Legal & Compliance Team, Program Leadership, PromiseMeasure (Data & Impact)

About Mentor A Promise

Mentor A Promise (MAP) is a New York City–based nonprofit dedicated to empowering youth experiencing housing instability through mentorship, education, and community. Our work centers dignity, equity, and accountability—ensuring that all systems, partnerships, and practices protect the safety and privacy of the young people and families we serve.

As MAP grows its partnerships and programs, managing data responsibly across both internal teams and external collaborators is essential to maintaining trust and compliance.

About PromiseShield | Privacy, Security & Compliance

PromiseShield is MAP’s division responsible for privacy, compliance, and risk governance. The division ensures that all data—especially student and program data—is handled in accordance with legal requirements, ethical standards, and organizational policies.

PromiseShield protects the organization by strengthening both systems and people.

Role Overview

We are seeking a Third-Party Risk & Privacy Training Coordinator to oversee external data risk management and lead privacy training and awareness across the organization.

This role sits at the intersection of vendor/partner compliance and internal education, ensuring that:

• External partners handle data responsibly
• MAP meets DOE and regulatory expectations
• Staff and mentors are trained to protect sensitive information

The Coordinator plays a key role in reducing both third-party risk and human-driven privacy risks, strengthening MAP’s overall compliance posture.

Key Responsibilities

Third-Party & Vendor Risk Oversight

• Review and assess third-party/vendor data handling practices
• Support compliance with DOE “Outside Provider” requirements
• Monitor and document third-party data risks and mitigation efforts
• Coordinate with Legal & Compliance on vendor-related data governance

Privacy Training & Awareness

• Develop and deliver privacy and data protection training programs
• Promote best practices for handling sensitive data, including student information and PII
• Ensure staff, mentors, and volunteers understand privacy responsibilities
• Track training completion and maintain training records

Compliance & Policy Alignment

• Support alignment with applicable frameworks and regulations, including:
  • FERPA
  • New York SHIELD Act
  • NIST Privacy Framework principles
• Assist in developing internal guidance and training materials
• Support audit readiness and documentation of compliance efforts

Cross-Functional Collaboration

• Partner with IT Security on data protection practices
• Work with Program Leadership to ensure safe data handling in program delivery
• Collaborate with PromiseMeasure to align training with data collection and research practices

Operational Excellence

• Maintain organized records of vendor reviews, training logs, and compliance activities
• Support continuous improvement of privacy awareness and risk management systems
• Maintain timely, professional responsiveness via Google Workspace

Qualifications

Required

• Working knowledge of FERPA and student data privacy requirements
• Familiarity with data privacy and governance principles
• Strong communication and training facilitation skills
• Ability to assess risk and translate requirements into practical guidance
• Strong organizational and documentation skills
• Alignment with MAP’s mission and dignity-centered values

Preferred

• Familiarity with the NIST Privacy Framework and New York SHIELD Act
• Experience in vendor risk management or third-party compliance
• Experience developing or delivering training programs
• Background in nonprofit, education, or youth-serving environments

Commitment

• Volunteer role
• Approximately 5–10 hours per week
• Minimum 6-month commitment preferred
• Fully remote with optional NYC-based collaboration

What You’ll Gain

• Experience in privacy compliance, vendor risk, and training systems
• Exposure to real-world nonprofit data governance and regulatory practices
• Collaboration with legal, technology, and program leadership teams
• Professional references and letters of recommendation
• A meaningful role protecting sensitive data and strengthening organizational integrity

How to Apply

Interested candidates must apply directly through Idealist and submit:

• Resume (required)
• Cover letter (required) describing relevant experience in privacy, training, compliance, or risk management and interest in MAP’s mission

Help ensure that every partnership is responsible—and every person handling data is equipped to do so safely, ethically, and with care.

Thank you for your interest in volunteering with our organization. At this time, volunteer opportunities are limited to individuals based in the United States due to legal, safeguarding, data-privacy, and programmatic requirements. We appreciate your interest in our mission and your understanding of these constraints.