Mercy Corps is hiring a
Position Description
Location: UK - flexible remote within UK or NL
Position Status: Full-time, 12 months fixed term (leave cover)
Salary: UK: circa 37 - 42K ; NL: circa 39K- 45K - circa ranges flexible based on professional experience
Closing date: Candidates must submit applications before february 16th
Candidates must have the independant right to work in UK or NL at the time of appointment.
Mercy Corps is powered by the belief that a better world is possible. To do this, we know our teams do their best work when they are diverse and every team member feels that they belong. We welcome diverse backgrounds, perspectives, and skills so that we can be stronger and have long term impact.
Team
The role would be responsible for the leadership of the data protection function at Mercy Corps in Europe and will report to the Director of Compliance, Governance and Risk.
The role will be responsible for the leadership of the data protection function across Mercy Corps in Europe (MCinE). The role will also lead on delivery, maintenance and ongoing improvement of MCinE’s strategic approach to data protection and its data protection framework, to ensure compliance with relevant law(s) and regulation(s). In particular, ensuring that MCinE reviews, develops, implements and evidences a compliance programme which meets the requirements of the UK European General Data Protection Regulation and EU GDPR as appropriate. The role has supervisory responsibilities for the Data Protection Officer (based in The Hague).
● Lead and provide oversight of data protection within Europe and represent and advocate for the requirements of MCE and MCNL on matters of data protection at the global level.
● To act as MCE’s Data Protection Officer, the statutory role defined in Articles 37-39 of the General Data Protection Regulation.
Data Protection and Privacy:
● Review, develop, implement, and evidence a compliance programme which meets the requirements of the UK European General Data Protection Regulation and EU GDPR as appropriate.
● Monitor changes to regulatory requirements resulting from the data reform bill and ensure that all policies and stakeholders are updated accordingly.
● Develop and maintain a compliance framework which fulfils MC in E’s obligations to meet the regulatory and operational requirements of the General Data Protection Regulation and any other regulatory domains that may be required.
● Design and deliver effective audits to ensure compliance of key processes
● Advise on cross border transfer requirement including Standard Contractual Clauses
● Establish, undertake and maintain a programme of policy review and development to ensure robust and systematic arrangements in relation to data management related agendas.
● Carry out regular reviews of the ROPA with department leads and provide advice and guidance.
● Develop and lead training and awareness of data protection across MCE and promote a privacy first mindset. In association with department heads identify the needs and lead an on-going suite of data protection awareness programmes tailored to meet the needs of team members and ensure all team members are aware of their responsibilities regarding data protection.
● Work in collaboration with the MCE-IT team to develop and deliver training and awareness on information and cyber security.
● Work with the global Data Protection and Privacy team to establish, develop and maintain data quality standards and associated audit processes to ensure that the quality standards are maintained and to ensure that all data subject to the GDPR is processed in compliance with the GDPR. Advocate for necessary changes and improvements to global ways of working including but not limited to enterprise systems by taking an active part in various global working groups as appropriate.
● Review Privacy Impact Assessments where appropriate on processing of personal data and ensure that all new systems implement privacy by design.
● Lead on driving forward the implementation of existing data protection policies and practices within departments to ensure that MCE embeds a compliant and auditable data protection and management framework that provides assurance of compliance with the General Data Protection Regulation and associated legislation.
● Act as internal point of contact on European data protection and privacy issues including providing pragmatic advice and guidance to colleagues operating in a global context as well as providing updates, advice and guidance to the ESLT.
● Work in collaboration with the Director of Compliance Governance and Risk to develop and update a data protection risk register.
● Build and nurture constructive relationships with key stakeholders across the agency.
● Co-operate with and act as point of contact for the Information Commissioner’s Office as the supervisory authority and any other statutory body in relation to the provision of information as MCE’s first point of contact and where necessary cooperate with any other Data Protection Authority.
● Manage the MCinE data protection email address.
● Produce an annual report on data protection for the executive director and provide regular updates to the MCinE Data Oversight group.
● Serve as part of the MCinE Data Oversight group.
Data Protection Officer (based in The Hague)
Reports Directly To: Director of Compliance, Governance and Risk
Works Directly With: Operations team, IT Infrastructure Manager, Executive Director- Europe, Managing Director- Mercy Corps Netherlands, Global Data Protection and Privacy Team, Global IT team
Mercy Corps team members are expected to support all efforts toward accountability, specifically to our program participants, community partners, other stakeholders, and to international standards guiding international relief and development work. We are committed to actively engaging communities as equal partners in the design, monitoring and evaluation of our field projects.
● Data protection qualification (such as IAPP) or relevant degree preferred but not essential
● 4+ years of experience as a in a Data Protection related role
● Knowledge of EU General Data Protection Regulation (GDPR) as well as International data protection rules.
● Adapt to shifting priorities, work well under pressure, and adhere to deadlines
● Strong written and verbal communication skills including presentation and facilitation capabilities
● Proven self-starter and ability to work independently is a necessity
● Demonstrated project and change management skills
● Familiarity with sector preferred but not essential
● Detail oriented and resilient.
● Excellent communication across varied audiences and interpersonal skills - providing advice without jargon.
● Ability to work collaboratively and effectively with stakeholders across the organization.
Living Conditions / Environmental Conditions
The position is based in Edinburgh and it requires up to minimal travel to support country programs, which may include travel to insecure locations where freedom of movement is limited and areas where amenities are limited. Housing for this role is in individual housing and staff will have access to good medical services and the living situation is of a high standard.
In support of our belief that learning organizations are more effective, efficient and relevant to the communities we serve, we empower all team members to dedicate 5% of their time to learning activities that further their personal and/or professional growth and development
Achieving our mission begins with how we build our team and work together. Through our commitment to enriching our organization with people of different origins, beliefs, backgrounds, and ways of thinking, we are better able to leverage the collective power of our teams and solve the world’s most complex challenges. We strive for a culture of trust and respect, where everyone contributes their perspectives and authentic selves, reaches their potential as individuals and teams, and collaborates to do the best work of their lives.
We recognize that diversity and inclusion is a journey, and we are committed to learning, listening and evolving to become more diverse, equitable and inclusive than we are today.
Equal Employment Opportunity
Mercy Corps is an equal opportunity employer that does not tolerate discrimination on any basis. We actively seek out diverse backgrounds, perspectives, and skills so that we can be collectively stronger and have sustained global impact.
We are committed to providing an environment of respect and psychological safety where equal employment opportunities are available to all. We do not engage in or tolerate discrimination on the basis of race, color, gender identity, gender expression, religion, age, sexual orientation, national or ethnic origin, disability (including HIV/AIDS status), marital status, military veteran status or any other protected group in the locations where we work.
Mercy Corps is committed to ensuring that all individuals we come into contact with through our work, whether team members, community members, program participants or others, are treated with respect and dignity. We are committed to the core principles regarding prevention of sexual exploitation and abuse laid out by the UN Secretary General and IASC and have signed on to the Interagency Misconduct Disclosure Scheme. We will not tolerate child abuse, sexual exploitation, abuse, or harassment by or of our team members. As part of our commitment to a safe and inclusive work environment, team members are expected to conduct themselves in a professional manner, respect local laws and customs, and to adhere to Mercy Corps Code of Conduct Policies and values at all times. Team members are required to complete mandatory Code of Conduct elearning courses upon hire and on an annual basis.
As a safeguarding measure, Mercy Corps screens all potential US-Based employees. This is done following the conclusion of recruitment and prior to assuming full employment.
Our screening process is designed to be transparent and completed in partnership with new Team Members. You will have the opportunity to disclose any prior convictions at the conclusion of the recruitment process before the check is initiated. We ask that you do not disclose any prior convictions in your application materials or during the recruitment process.