Job Title: Data Privacy & Protection Officer – IRC
Sector: Information Technology
Employment Category: Fixed Term
Employment Type: Full-Time
Open to Expatriates: No
Location: Nairobi, IHUB, Kenya
Work Arrangement: In-person
Job Description
IRC in Europe and Worldwide
The IRC has legal entities in the UK, Germany, Belgium, Sweden, Greece and Poland in addition to other branch offices. Activities in Europe combine country program implementing integration projects for refugees and other vulnerable populations, with representational functions of IRC’s global work vis-à-vis the EU and Member State governments and raising funds for project work worldwide.
IRC also operates in other jurisdictions with differing risk profiles and growing data protection regulation. The growing complexity and scope of our activities across the world sees the need for a dedicated data protection function to ensure IRC’s compliance with local regulations and protect the data of vulnerable persons we serve, of our staff and supporters, and of all other individuals who trust us with their Data.
Purpose of the role
As part of creating a global Data Privacy Team, we are recruiting a Data Privacy Officer to support the creation of a global privacy framework and practice, ensuring the IRC can meet its legal and ethical obligations under all applicable regulatory and ethical frameworks. The Data Privacy Officer will play a key role in advising and supporting staff on questions of privacy and data protection.
Key accountabilities
The Data Privacy Officer will advise and support teams across the IRC in all countries of operation and will further participate in the development, implementation and monitoring of a global data protection program.
Duties will include:
• Providing subject matter expertise on the implementation of data protection measures as required under relevant privacy laws, including the EU GDPR, the Kenya Data Protection Act, various US laws and those of countries in which the IRC operates.
• Acting as a change agent to further embed data protection practices throughout the IRC.
• Working with key partners internally to review projects and related data processing activities to ensure compliance with privacy-by-design obligations and local data privacy law obligations.
• Participating in the development and delivery of both general and function-specific training, and awareness campaigns.
• Supporting, advising on and monitoring PIAs, DPIAs and TIAs as needed.
• Advising IRC teams on the drafting of privacy notices and leading or supporting on DSR response processes.
• Supporting on ROPA maintenance.
• Participate in building a global privacy and data protection framework and practice.
• Leading and rolling out data protection-related projects as part of implementation of the global privacy programme.
• Serving as a point of contact for IRC staff on privacy and data protection-related questions.
Key Working Relationships
Position Reports to: Senior Director Technology, Operations and Information security/ Global Data Privacy Director
Other Internal and/or external contacts:
Internal: IRC staff across all regions, including IT leadership and Office of General Counsel.
External: Industry/sector peers and vendors. Participates in sector discussions on privacy and Data Protection-related issues.
Person specification
Education, Qualifications and Experience
• Masters degree or equivalent in any area related to Data, Data Management, Data Ethics, IT, Information Security, or other relevant field of study.
• A minimum of 4+ years of demonstrated experience in Data Protection programme implementation.
• Excellent applied knowledge of the EU GDPR and other major privacy frameworks of relevance.
• At least one recognized Data Protection certification (CIPP/CIPM/CIPT/ISEB/PECB Certification/Other).
• Experience in developing and delivering policy and compliance training.
• Experience of operating in a sophisticated international environment and providing advice across multiple countries.
• Proficiency in the use of privacy management software is desirable.
• Experience in the humanitarian or non-profit sector is highly desirable.
Demonstrated Skills and Competencies
• Strong project management skills, including the ability to organize time well, prioritize effectively, and prioritize multiple contending needs.
• Demonstrated capacity to be a self-starter and work remotely with limited reliance on supervision.
• A pragmatic and outcomes-based approach.
• Strong discernment as regards risk identification and mitigation.
• Excellent oral and written communication skills in English; French or Arabic a plus.
• Integrity, professional discretion and ability to handle sensitive/confidential matters.
• Proactive, creative problem solver, with excellent judgment and analytical skills.
• Strong, credible communicator, able to listen adeptly and make complex privacy matters understandable to staff.
• Strong curiosity about the work of the IRC and dedication to Data Protection in a humanitarian context.