Data Protection Officer (DPO) (m/f/d)

Background:

The Syria Recovery Trust Fund (SRTF) was established for the financing of reconstruction activities to rebuild the country and alleviate the suffering of the Syrian people as a result of the ongoing conflict. The SRTF was created to provide the international community with a vehicle to offer financial support to the National Coalition for responding to the needs of the Syrian people.

The Management Unit (MU) was established to manage the Fund and its allocations to projects addressing reconstruction, recovery, and stabilisation to alleviate the suffering of the Syrian people.

Governing bodies of SRTF are:

• The Steering Board (SB), with frequent meetings two times a year.
• The Management Committee (MC), meeting every three months.
• The Director General of SRTF (DG).

General:

The Data Protection Officer (DPO) will be responsible for overseeing the company's data protection strategy, ensuring compliance with the relevant applicable laws of Jordan including Jordanian Personal Data Protection Law and the regulations and instructions issued pursuant thereto, and acting as the point of contact for data protection-related queries, which will also include the company, its shareholders, departments, services providers and any other institution associated with the company as determined by the company from time to time (Group).

While the primary focus is on the laws pertaining data protection including the Jordanian Personal Data Protection Law and the regulations and instructions issued pursuant thereto, knowledge of MENA, Turkey, GDPR and EU rules would be considered an asset.

Key Responsibilities

1. Data Protection Strategy:

• Develop, implement, and monitor the company's data protection strategy to ensure compliance with relevant applicable laws, regulations and instructions issued pursuant thereto.
• Stay updated on changes in relevant applicable laws including Jordanian Personal Data Protection Law and the regulations and instructions issued pursuant thereto and inform the Group as well as other relevant stakeholders about their implications.
• Utilise knowledge of GDPR and EU data protection rules as an asset in enhancing the overall data protection practices of the company and the Group.

1. Privacy Compliance:

• Monitor, ensure and document the company's compliance with data protection laws, including but not limited to Jordanian Personal Data Protection Law and the regulations and instructions issued pursuant thereto, GDPR, and other relevant regulations and instructions.
• Conduct regular privacy impact assessments and audits to identify and mitigate potential risks. Additionally, perform assessments and examinations of database systems, data processing systems, and systems for maintaining the security, integrity, and protection of data in the company and the Group.
• Provide recommendations based on the results of assessments and examinations for data protection and monitor the implementation of such recommendations.

1. Point of Contact:

• Act as the main point of contact for data protection authorities, security, and judicial authorities.
• Act as the main point of contact for data protection matters with the employees, staff, advisors and other institutions within the Group as well as external parties associated therewith.
• Collaborate with other departments within the Group to address and resolve privacy-related issues.

1. Employee Training:

• Develop and deliver training programs on data protection and privacy for employees, staff, and advisors within the Group as well as the relevant data processors.
• Raise awareness of data protection policies and best practices across the company and the Group.

1. Rights of the “concerned person/ data subject”:

• Enable concerned persons /data subjects to exercise their rights over their data in accordance the relevant applicable laws including Jordanian Personal Data Protection Law and the regulations and instructions issued pursuant thereto.
• Develop internal rules and polices for receiving and handling requests for data correction, erasure, concealment, or transfer made by concerned persons /data subjects in accordance with the applicable laws and regulations.

1. Data Breach and Complaints:

• Develop internal rules for receiving and handling complaints in accordance with the relevant applicable laws including Jordanian Personal Data Protection Law and the regulations and instructions issued pursuant thereto.
• Develop and maintain a data breach response plan, ensuring timely and effective responses to incidents.
• Work with relevant stakeholders including the department within the Group to investigate and report on data breaches as required by the relevant applicable laws.

1. Data Mapping and Classification:

• Collaborate with IT and other relevant departments within the Group to map and classify data according to its sensitivity.
• Ensure that appropriate security measures are in place for different categories of data.

1. Documentation and Record-Keeping:

• Maintain records of data processing activities and privacy-related documentation.
• Ensure that data protection policies and procedures are documented and regularly reviewed.
• Perform any other tasks or responsibilities assigned to him/her in accordance with the relevant applicable laws including Jordanian Personal Data Protection Law and the regulations and instructions issued pursuant thereto.

Minimum qualifications

• Bachelor's degree in a relevant field (e.g. Information Technology, Law, Business);
• Certification in data protection or privacy (e.g. Certified Information Privacy Professional (CIPP), Certified Information Systems Security Professional (CISSP)) is a plus;
• 3 years of relevant experience in data protection and privacy;
• Excellent written and verbal communication skills.

Soft skills

• Strong understanding of data protection laws and regulations;
• Excellent communication and interpersonal skills;
• Ability to work collaboratively with cross-functional teams;
• Detail-oriented with strong analytical and problem-solving skills.

______________________________________________________________

Diversity, Equity & Inclusion

Achieving our mission begins with how we build our team and work together. Through our commitment to enriching our organization with people of different origins, beliefs, backgrounds, and ways of thinking, we are better able to leverage the collective power of our teams and solve the world’s most complex challenges. We strive for a culture of trust and respect, where everyone contributes their perspectives and authentic selves, reaches their potential as individuals and teams, and collaborates to do the best work of their lives.

Equal Employment Opportunity

We are committed to providing an environment of respect and psychological safety where equal employment opportunities are available to all. We do not engage in or tolerate discrimination based on race, colour, gender, religion, age, ethnic origin, disability, or any other protected group in the locations where we work.

Ethics

Team members are expected to conduct themselves in a professional manner and respect local laws, customs, and GOPA/ SRTF Project policies, procedures, and values all the time and in all in-country venues.

GOPA/ SRTF Project has the right to select one or more candidates from this vacancy announcement. We may also retain applications and consider candidates applying to this post for other similar positions with GOPA/ SRTF Project at the same grade level and with similar job descriptions, experience, and educational requirements.

This Job Description only serves as a guide for the position available. GOPA/ SRTF Project reserves the right to amend this document.

We can work together on it.