Mercy Corps
Location: Remote
Position Status: Full-time – 3 to 6 months duration
About Mercy Corps
Mercy Corps is powered by the belief that a better world is possible. To do this, we know our teams do their best work when they are diverse and every team member feels that they belong. We welcome diverse backgrounds, perspectives, and skills so that we can be stronger and have long term impact.
The Program / Department / Team
The Data Protection and Privacy team works to transform the way Mercy Corps secures and handles personal information and sensitive data. To this end, the program focuses on a variety of privacy, data protection and security awareness efforts across the agency. The team sits under Mercy Corps Global IT, and works with global team members, with key stakeholders in Legal, Compliance, and Programs.
The Position
Provide technical, logistical and project management support for data protection and privacy activities as part of Mercy Corps’ emergency response in Ukraine and nearby countries. Serve as subject matter expert for data protection, privacy and security awareness for local teams and partners. Analyze responsible data needs of response activities in Ukraine and identify opportunities for improvement. Assist with content development, presentations, training and other materials as needed.
Essential Responsibilities
- Provide technical, logistical and project management support as part of implementing Data Protection and Privacy activities for Ukraine response.
-
Serve as subject matter expert for data protection, privacy and security awareness. This includes advocacy and support for compliance with:
-
Mercy Corps’ Responsible Data Policy, related policies, best practices and procedures
-
Regional and/or national data protection laws as they apply to Mercy Corps and Mercy Corps-funded programs, including GDPR, in Ukraine and response efforts in EU and non-EU member countries.
-
Mercy Corps’ Information Security policies and procedures
-
Key compliance activities:
-
Act as data protection point of contact to Ukrainian ombudsman (per The Law of Ukraine No. 2297 VI ), Moldovan The National Centre for Personal Data Protection (“NCPDP”) (per Moldovan law 133 and 182) and Dutch Autoriteit Persoonsgegevens (AP) as Mercy Corps’ lead authority within the EU. Make all necessary registrations and notifications to all relevant authorities and coordinate with local teams and program leads to establish process for any required notification to data subjects
-
Work with legal counsel to ensure that adequate safeguards are in place to ensure sufficient protection and legal international transfers of personal data, particularly from non-EU member states that have restrictions on international transfers.
-
Review and advise on Data Sharing Agreements (DSA) from or with third parties, and work with others to develop templates and guidance on the DSA process.
-
Analyze and assess local teams and partners for their data protection and privacy needs and capacity to be GDPR compliant. Identify opportunities for improvement and mitigation strategies.
-
Create a GDPR-compliant protocol for participant information gathering in both EU and EU-adjacent countries, for use in proposals and other activities
-
Create process for managing and complying the rights of a data subject as defined by the GDPR (right of access, right to be forgotten, right to rectification, right to data portability and right to restricted processing)
-
Create and work with key stakeholders to update and maintaining a Record of Processing Activities in line with article 30 of the GDPR
-
Coordinate GDPR and data protection activities with other cash/program consortium members
-
Support creation and updating of Privacy Impact Assessments and appropriate policy documents for special category sensitive data
-
Lead or co-lead data protection-related meetings and trainings, such as GDPR compliance
-
Create or co-create training and assessment materials, documentation and templates, both for local teams and partners
-
Craft and send communications on cybersecurity, data protection and privacy via email, internal platforms, and regular reports
-
Continuously document the data protection, privacy and security needs, activities and corresponding deliverables tied to the Ukraine response
-
Additional duties as assigned
Supervisory Responsibility
None
Accountability
Reports Directly To: Ukraine Response Director and Global Data Protection and Privacy Director
Works Directly With: Ukraine response team members and program stakeholders, global Data Protection and Privacy, Programs, Compliance and Legal teams.
Accountability to Participants and Stakeholders
Mercy Corps team members are expected to support all efforts toward accountability, specifically to our program participants, community partners, other stakeholders, and to international standards guiding international relief and development work. We are committed to actively engaging communities as equal partners in the design, monitoring and evaluation of our field projects.
Minimum Qualification & Transferable Skills
- 5+ years of project management and business analysis
- 2+ years of experience with data protection, privacy or responsible data activities. Must include at least one year of hands-on experience with GDPR compliance activities.
- Experience with digital security awareness topics and best practices, particularly cybersecurity
- Experience with remote facilitation and training
- Experience working in a diverse global organization. Experience with international development is preferred
- IAPP certification is strongly preferred.
- Experience with GSuite (Google) and Microsoft 365 is preferred.
- Fluency in English is required. Capacity in Ukrainian and/or Russian language is preferred
Success Factors
Ability to work independently and collaboratively with multi-disciplinary teams. Ability to understand quickly the business issues and data challenges of the organization. Effective verbal and written communication skills. Ability to communicate business cases and build consensus. Ability to conceptualize and design new processes and identify how changes will impact current processes. Adept at proposing options for managing change in a cost-effective manner. Strong analytical skills. Must be organized, have an eye for detail, and be able to put ideas into a tangible form. Ability to prioritize and manage work to critical project timelines.
Living Conditions / Environmental Conditions
The position is 100% remote and does not need to be based near a Mercy Corps office. The position will be primarily supporting European stakeholders and may require work outside of a traditional schedule to accommodate time zone differences. This position also has potential for up to 30% travel to support country programs, which may include travel to insecure locations where freedom of movement is limited and areas where amenities are limited. Housing for this role is in individual housing and staff will have access to good medical services and the living situation is of a high standard.
Ongoing Learning
In support of our belief that learning organizations are more effective, efficient and relevant to the communities we serve, we empower all team members to dedicate 5% of their time to learning activities that further their personal and/or professional growth and development
Diversity, Equity & Inclusion
Achieving our mission begins with how we build our team and work together. Through our commitment to enriching our organization with people of different origins, beliefs, backgrounds, and ways of thinking, we are better able to leverage the collective power of our teams and solve the world’s most complex challenges. We strive for a culture of trust and respect, where everyone contributes their perspectives and authentic selves, reaches their potential as individuals and teams, and collaborates to do the best work of their lives.
We recognize that diversity and inclusion is a journey, and we are committed to learning, listening and evolving to become more diverse, equitable and inclusive than we are today.
Equal Employment Opportunity
Mercy Corps is an equal opportunity employer that does not tolerate discrimination on any basis. We actively seek out diverse backgrounds, perspectives, and skills so that we can be collectively stronger and have sustained global impact.
We are committed to providing an environment of respect and psychological safety where equal employment opportunities are available to all. We do not engage in or tolerate discrimination on the basis of race, color, gender identity, gender expression, religion, age, sexual orientation, national or ethnic origin, disability (including HIV/AIDS status), marital status, military veteran status or any other protected group in the locations where we work.
Safeguarding & Ethics
Mercy Corps is committed to ensuring that all individuals we come into contact with through our work, whether team members, community members, program participants or others, are treated with respect and dignity. We are committed to the core principles regarding prevention of sexual exploitation and abuse laid out by the UN Secretary General and IASC. We will not tolerate child abuse, sexual exploitation, abuse, or harassment by or of our team members. As part of our commitment to a safe and inclusive work environment, team members are expected to conduct themselves in a professional manner, respect local laws and customs, and to adhere to Mercy Corps Code of Conduct Policies and values at all times. Team members are required to complete mandatory Code of Conduct elearning courses upon hire and on an annual basis.