Data Protection Officer

Médecins Sans Frontières

Organization

Doctors Without Borders/Médecins Sans Frontières (MSF) is an international humanitarian organization that delivers impartial medical care to people affected by conflict, epidemics, disasters, or exclusion from health care in over 70 countries.

We welcome candidates who bring a wide variety of backgrounds and experiences to join us in working toward MSF’s common mission.

Department

The Data Protection Officer ensures that MSF USA is compliant with the legal framework applicable to data protection as intended by GDPR and the local applicable regulations. The DPO will be a member of the newly formed Information Security and Privacy Compliance team within the Executive Office at MSF-USA, reporting to the Director of Information Security and Privacy Compliance.

Project

  1. Manage Data Protection Compliance and Mainstreaming (40%)

Ensure that MSF USA complies with all applicable regulations relating to data protection, privacy, and security of personal data.

Develop, implement, and enforce a suitable and relevant data protection policy. This will initially involve identifying the gaps between the current state of data protection within MSF and the requirements of applicable privacy laws including setting out a roadmap (based on the MSF Baseline Framework and on priority identified risks) for achieving acceptable levels of data protection across the Organization.

Establish a formal Data Protection Committee tasked with ensuring ongoing oversight of all data protection requirements. Inform the Data Protection Committee of any risks identified in the day-to-day handling of personal data within MSF USA.

Update procedures and internal guidance where necessary relating to the processing of personal information. Maintain a register documenting all personal information processing activities and legal basis within MSF USA.

Manage all data protection incidents, including notification to relevant authorities and relevant individuals as required.

Liaise with the Information Security Officer to establish and maintain a register of information owners for sets of information and educate the information owners on their responsibilities (what is the data, how is it used, who has access to it).

Ensure that data protection impact assessments are performed when appropriate (e.g. major system or product developments etc.).

Develop or advise on the development of new policies and/or best practice with regard to data sharing internally between departments, within the MSF Movement between Sections or with external third parties, and sit on relevant working groups, platforms and other forums to represent MSF USA as appropriate.

Consult internally and with the wider MSF movement to develop an action plan for how privacy by design and default can be mainstreamed within MSF USA, to enable the organization to move from a culture of compliance to positive mainstreaming of privacy as a humanitarian right.

Advise the MSF USA Management Team on how Diversity and inclusion (D&I) strategic initiatives integrate Privacy by Design and Default, while also ensuring that privacy initiatives mainstream (D&I) under a common human rights framework.

2. Monitor Data Protection Compliance and Mainstreaming (30%)

Develop and implement a procedure for regular reviewing of compliance with relevant legislation and related organizational policies, doing so in a fully independent manner. The reviews should include third-party data processors used by MSF USA.

Highlight and develop solutions for any issues relating to the fair obtaining, use and storage of personal data, information quality and integrity, technical and organizational security.

Act as the contact point for the International Data Protection Taskforce responsible for monitoring the overall compliance of the MSF Movement, providing updates on the status of MSF USA as requested, and participate as an active member of the taskforce.

Provide comprehensive annual reports on MSF USA’s data protection compliance, training and awareness to the Data Protection Committee and to the MSF International Privacy Coordination Office (IPCO) as part of the annual privacy monitoring exercise across the MSF Movement.

3. Training & Awareness (30%)

Provide advice and training to staff and managers to raise awareness and understanding about their responsibilities regarding data protection and other associated legislation or good practice.

Develop and implement a strategy to ensure that data protection mainstreaming is part of the culture within MSF USA and is understood as an opportunity rather than a constraint.

Ensure written information on data protection is available for provision to donors, partners, vendors, and employees, including appropriate privacy notices etc.

Continue to keep abreast of developments in the field of data protection. Keep the Data Protection Committee informed of new developments and make recommendations for changes to policies and procedures where appropriate

Tasks

In this Role, we can expect:

In Three Months

  • Review MSF-USA’s strategic plan and propose ways to address gaps in the legal and policy framework
  • Develop working relationships with the risk management team, general counsel, and information security as well as other stakeholders in the technology and fundraising teams respectively.

In Six Months

  • Align proposed privacy and data protection initiatives and outcomes with MSF-USA’s strategic plan. Proposed initiatives here should have buy-in from senior leadership.
  • Establish working relationships with international privacy and data protection stakeholders within MSF movement
  • Develop policies, training and change management initiatives as needed for MSF-USA.

In One Year

  • Mainstream privacy and data protection into relevant governance and risk management structures within MSF-USA.
  • Participate in MSF movement wide platforms and committees around privacy and data protection.

Qualifications

Required

  • Genuine interest in and commitment to the humanitarian principles of MSF.
  • At least 2 years of significant relevant experience in a similar role within an organization of similar size and structure and with numerous cross-border data flows.
  • A good foundation of Privacy Law, technology, and project management.
  • Relevant academic degree or equivalent significant experience within the area (IT, law, audit, risk analysis, compliance, management, project management, change management, policy development, governance, mainstreaming change).
  • Experience with Privacy Management Software like One Trust
  • Expertise in designing and implementing data protection and privacy compliance.
  • Ability to audit data management systems.
  • Confidence in providing advice to staff at all levels across the Organization and to take and defend a minority position where necessary.
  • Experience developing and delivering guidance, advice and training to staff about their responsibilities regarding data protection.
  • Sufficient knowledge around technology issues and understanding in terms of data storage, retrieval and information security. Will be required to discuss requirements and solutions confidently with technology staff.
  • Recommend technology best practices such as privacy-by-design.
  • Strong communication skills and the ability to explain complex matters in simple terms.
  • A commitment to advancing Equality, Diversity and Inclusion (EDI) across the MSF Movement, and an understanding of how privacy and EDI mainstreaming can be aligned under a common human rights framework in MSF.

Expected to work in a hybrid work environment with the ability to come into either the NYC office or regional hub (Washington, DC or Bay Area, California) a minimum of 2 times a week.

We offer a generous comprehensive benefits package inclusive of Wellness initiatives to support a healthy work life balance

No phone calls or emails please. Only shortlisted candidates will be contacted

Application Deadline: March 31, 2023

Your Safety Matters: Vaccination and booster against COVID-19 is a requirement at MSF – USA

Equal Employment Opportunity and Non-Discrimination:

MSF-USA is committed to building a diverse, unbiased, and inclusive workforce. MSF-USA is an equal opportunity employer; we recruit, hire, train, promote, develop, and provide other conditions of employment without regard to a person’s gender identity or expression, sexual orientation, race, religion, age, national origin, disability, marital status, pregnancy status, veteran status, genetic information, or any other differences consistent with applicable laws. This includes providing reasonable accommodation for disabilities, or religious beliefs and practices. Members of communities historically underrepresented in the Humanitarian Aid sector are encouraged to apply.

If you have a disability of some kind and are interested in applying for employment and need special accommodations to use our website to apply for a position, please contact Human Resources by emailing us: [email protected]. Reasonable accommodation requests are considered on a case-by-case basis.

How to apply

https://jobs.doctorswithoutborders.org/job/New-York-City-Data-Protection-Officer-NY-10006/998555500/


Deadline: 31 Mar 2023