Location: Any MSF office*
Contract: Fixed-term, full-time
Duration: 6 months
Starting date: ASAP
Deadline to apply: 11 April 2022
*By default, the successful candidate will be offered a contract in the MSF office of their country of residence at the time of application.
I. MSF INTERNATIONAL
Médecins Sans Frontières (MSF) is an international, independent, medical humanitarian organisation that delivers emergency aid to people affected by armed conflict, epidemics, healthcare exclusion and natural disasters. MSF offers assistance to people based only on need and irrespective of race, religion, gender or political affiliation.
MSF International is the legal entity that binds MSF’s 23 sections, 26 associations and other offices together. Registered in Switzerland, MSF International provides coordination, information, and support to the MSF Movement, as well as implements international projects and initiatives as requested.
II. POSITION BACKGROUND
MSF is committed to protecting and responsibly managing data entrusted in the organization. Notably, it recognizes the critical importance of assessing and mitigating risks related to data/digital data that could harm individuals (data subjects such as patients, donors, or MSF staff) and/or MSF operations.
III. PLACE IN THE ORGANISATION
The Data Protection and Digital Risk Advisor is part of IPCO team (MSF International Privacy Coordination Office) of MSF International. IPCO has two functions. First, it is responsible for coordinating data protection efforts across the Movement and the development of global data protection policies and cross-border processes required to ensure MSF responsibly manages and protects the data entrusted to the organization, in line with its humanitarian mandate. Secondly, IPCO is tasked with carrying out the function of Data Protection Officer for MSF International.
The Data Protection and Digital Risk Advisor reports to Head of IPCO. He/ she will collaborate with cross-functional teams, conduct interviews and work closely with MSF data protection stakeholders, function line specialists (medical, HR, fundraising, communication etc.), the international legal department, and MSF information security experts to promote quality, fit-for-purpose, and coherent data protection and digital risks’ expertise and practices.
IV. OBJECTIVES OF THE POSITION
The purpose of the position of Data Protection and Digital Risk Advisor is to lead the development of a methodology for risk assessment that would allow to identify and prioritize potential risks/ harm to people and/ or MSF operations that are caused by or related to the data MSF processes.
The strategic objective is to identify where the main risks are, in line with MSF mandate – thus allowing MSF to prioritize its data protection and digital risks efforts (in terms of awareness, prevention, policy, etc.).
V. MAIN RESPONSIBILITIES
1. Methodology Development: Create and test a practical and comprehensive methodology for non-specialists on assessing, mapping, and prioritizing data-related risks (notably data protection, responsible data management, digital risks).
Collaborate with functional lines (medical, HR, fundraising, communication etc.), DPOs, legal, InfoSec/ IT teams to understand existing processes and identify gaps.Develop a step-by-step methodology that covers risk identification, assessment, and prioritization based on potential harm to individuals and organizational impact.2. User-Friendly Approach: Ensure the methodology is tailored to MSF activities, devoid of jargon, and easily understandable by non-technical stakeholders.
Ensure clarity, simplicity, and relevance for non-specialists.3. Data Asset Mapping: Develop guidelines on effectively mapping data assets.
Create guidelines for mapping data assets, considering various data types (personal and non-personal, sensitive, etc.).Simplify terminology and provide practical examples related to MSF practice.4. Training Program: Design a training program to educate staff on applying the methodology.
Develop training materials (e.g., presentations) based on the methodology and MSF practice.Conduct workshops or webinars to train staff in risk assessment techniques.5. Research and Stakeholder Engagement: Conduct literature reviews, internal interviews, and external consultations to inform the methodology.
Review relevant literature, frameworks, and best practices.Interview internal stakeholders (e.g., data custodians) to understand their workflows and data handling.Engage with external experts or consultants, if necessary.