The International Rescue Committee (IRC) responds to the world's worst humanitarian crises, helping to restore health, safety, education, economic wellbeing, and power to people devastated by conflict and disaster. Founded in 1933 at the call of Albert Einstein, the IRC is one of the world's largest international humanitarian non-governmental organizations (INGO), at work in more than 40 countries and 29 U.S. cities helping people to survive, reclaim control of their future and strengthen their communities. A force for humanity, IRC employees deliver lasting impact by restoring safety, dignity and hope to millions. If you're a solutions-driven, passionate change-maker, come join us in positively impacting the lives of millions of people world-wide for a better future.

Job Overview:

As stewards of personal data belonging to clients, staff, donors, and other parties, the IRC must navigate complex legal requirements and ethical considerations to protect their rights and ensure compliance. The IRC collects highly sensitive data through its operations across the globe and relies on thousands of staff across 50 countries to uphold the organization's legal and ethical obligations to protect this data to the greatest extent possible.

Despite the significant risks associated with mismanagement, non-compliance, and breaches, there has been an extended absence of global leadership and coordination in data protection. As of FY24, only CRRD has practice-oriented support for privacy and data protection through the Data Protection and Ethics Specialist (DP&E). Other business units currently lack formal coverage and accountability for data protection issues aside from support provided by OGC and their proactive work on regulatory compliance.

To address this gap and mitigate IRC’s global risk, the Privacy and Data Protection Lead will set the strategic agenda and priorities for data protection. This role will be responsible for developing and implementing a global data protection program based on international standards and best practices, working in close collaboration with global leadership in OGC, IT, RAI & CRRD Programs and AMU. This role will assume many of the existing responsibilities of the DP&E and extend accountability to a global remit.

The Privacy and Data Protection Lead will serve as the primary point of escalation for Data Protection issues, working in collaboration with OGC, Global IT and other business units to coordinate and manage technical support and improve practice. This role will coordinate Data Protection focal points across IRC business units through a dedicated coordination body and support structure.

 

Core areas of oversight:

·        Privacy and Data Protection Strategy

·        Privacy Risk Management

·        Front-line Technical Support

·        Data Protection Training and Awareness Raising

 

Management balance:

FY25 – FY26

60% Global, 40% CRRD

First year will require additional time dedicated to spending time with other business units, learning structures, building relationships, assessing practice and establishing global coordination mechanism and practice group.

Personal data of CRRD clients remains the most important area of focus and that which presents the most significant gaps and challenges.

 

Responsibilities (FY25 and FY26 visibility):

1)     Develop strategy and workplan for global Privacy program.

 

2)     Register of Processing Activities

Ø  Establish and support maintenance a register of personal data processing activities (ROPA), ensuring compliance with relevant data protection regulations such as GDPR. Collaborate with all IRC departments to ensure timely and accurate reporting and maintenance of the ROPA.

 

3)     Compliance and Risk Management

Ø  Advise IRC offices on compliance issues relating to Privacy and Data Protection in collaboration with OGC, ensuring adherence to relevant laws, regulations, and internal and donor policies (contributes to technical support objective).

Ø  Conduct and/or support delivery of Data Protection Impact Assessments (DPIA) for large-scale, systematic and privacy-invasive activities to identify and mitigate data protection risks. Provide resources and technical support to staff assessing risk of data processing activities.

Ø  Support IRC staff on contractual arrangements with donors, service providers, partners involving the shared processing, sharing or transfer of personal data.

Ø  Work with other departments to ensure adequate procedures and planning are in place to respond to breaches and security incidents.

Ø  Remain apprised of regulatory trends and newly emerging risks relating to personal data protection. Advise stakeholders including country, regional and global leadership of changes when relevant.

 

4)     Coordination

Ø  Develop terms of reference for Global Privacy and Data Protection practice group, assembling key stakeholders across business areas and disciplines to proactively address systematic and organizational data protection issues.

Ø  Coordinate internal and external experts on Privacy topics to host regular information and training sessions for IRC staff.

Ø  Engage with peer organizations to improve alignment and advocate on key data protection issues with donors, institutions and other actors.

 

5)     Policy and Resources

Ø  Implement a comprehensive data protection policy and supporting policy to support data sharing and data transfers.

Ø  Lead communications campaign to support policy roll-out, presenting policy and compliance across organizational units.

Ø  Contribute to development of governance for personal data containing systems based on sensitivity and risk to ensure adequate protection measures are applied.

Ø  Develop and deploy data protection toolkit, providing resources to staff to enable adequate safeguarding of all personal data.

Ø  Equip data protection focal points with the necessary knowledge and resources to conduct core data protection activities and identify challenges which need to be addressed by existing guidance resources or escalated for technical assistance.

 

6)     Accountability

Ø  Identify and document focal points for data protection in all areas of the IRC where personal data is processed. Verify and document points of contact for regulatory authorities, where required.

Ø  Represent the IRC when liaising with external parties (host governments, donors, other institutions) on Privacy and Data Protection issues, when appropriate.

 

7)     Training and Awareness

Ø  Ensure all IRC staff have access to adequate training resources on Privacy and Data Protection.

 

8)     Technical Support and Advice

Ø  Establish a global technical support channel on questions of data protection and privacy-invasive challenges across the IRC – led by Privacy and Data Protection Lead, in collaboration with OGC, IT and other relevant units.

Ø  Advocate and ensure data protection is represented and is a core consideration in organizational processes which involve decision making about processing and protection of sensitive personal data (IRB, working groups, etc.)

 

Key working relationships:

Position has shared management structure, reporting to Sr. Director, Data (IT O&S) and Sr. Director, Measurement Unit (CRRD, TechEx)

Position directly supervises: None

Works closely with:

·        Sr. Director – Data

·        Sr. Director – Measurement, CRRD

·        Associate General Counsels, OGC

·        Delegated focal points from global IT and Information Security functions

·        Delegated Data Protection Officers

·        Deputy Director – Measurement, RAI

·        Data and Technology Practice Leads – Tech Ex

·        Regional Measurement Advisors and MEAL Technology Specialists

·        Delegated focal points from Learning and Development

·        Data Protection Officer, Signpost

 

 

Standard of Professional Conduct:The IRC and the IRC workers must adhere to the values and principles outlined in the IRC Way – our Code of Conduct. These are Integrity, Service, Accountability, and Equality.