Back Data Protection and Digital Risk Advisor (Risk/ Harm Assessment Methodology)

Location: Any MSF office*

Contract: Fixed-term, full-time

Duration: 6 months

Starting date: ASAP

Deadline to apply: 11 April 2022

*By default, the successful candidate will be offered a contract in the MSF office of their country of residence at the time of application.

I. MSF INTERNATIONAL

Médecins Sans Frontières (MSF) is an international, independent, medical humanitarian organisation that delivers emergency aid to people affected by armed conflict, epidemics, healthcare exclusion and natural disasters. MSF offers assistance to people based only on need and irrespective of race, religion, gender or political affiliation.

MSF International is the legal entity that binds MSF’s 23 sections, 26 associations and other offices together. Registered in Switzerland, MSF International provides coordination, information, and support to the MSF Movement, as well as implements international projects and initiatives as requested.

II. POSITION BACKGROUND

MSF is committed to protecting and responsibly managing data entrusted in the organization. Notably, it recognizes the critical importance of assessing and mitigating risks related to data/digital data that could harm individuals (data subjects such as patients, donors, or MSF staff) and/or MSF operations.

III. PLACE IN THE ORGANISATION

The Data Protection and Digital Risk Advisor is part of IPCO team (MSF International Privacy Coordination Office) of MSF International. IPCO has two functions. First, it is responsible for coordinating data protection efforts across the Movement and the development of global data protection policies and cross-border processes required to ensure MSF responsibly manages and protects the data entrusted to the organization, in line with its humanitarian mandate. Secondly, IPCO is tasked with carrying out the function of Data Protection Officer for MSF International.

The Data Protection and Digital Risk Advisor reports to Head of IPCO. He/ she will collaborate with cross-functional teams, conduct interviews and work closely with MSF data protection stakeholders, function line specialists (medical, HR, fundraising, communication etc.), the international legal department, and MSF information security experts to promote quality, fit-for-purpose, and coherent data protection and digital risks’ expertise and practices.

IV. OBJECTIVES OF THE POSITION

The purpose of the position of Data Protection and Digital Risk Advisor is to lead the development of a methodology for risk assessment that would allow to identify and prioritize potential risks/ harm to people and/ or MSF operations that are caused by or related to the data MSF processes.

The strategic objective is to identify where the main risks are, in line with MSF mandate – thus allowing MSF to prioritize its data protection and digital risks efforts (in terms of awareness, prevention, policy, etc.).

V. MAIN RESPONSIBILITIES

1. Methodology Development: Create and test a practical and comprehensive methodology for non-specialists on assessing, mapping, and prioritizing data-related risks (notably data protection, responsible data management, digital risks).

2. User-Friendly Approach: Ensure the methodology is tailored to MSF activities, devoid of jargon, and easily understandable by non-technical stakeholders.

3. Data Asset Mapping: Develop guidelines on effectively mapping data assets.

4. Training Program: Design a training program to educate staff on applying the methodology.

5. Research and Stakeholder Engagement: Conduct literature reviews, internal interviews, and external consultations to inform the methodology.