Data Protection & Privacy Engineering Manager

Position title: Data Protection & Privacy Engineering Manager 

Position type: Temporary until 31 December 2025

Location: Geneva

Purpose of the position: This role is responsible for supporting the development and implementation of the data protection framework, fostering a culture of treating data as an asset and protecting it accordingly, to enable Gavi’s mission.  

Department: Public Engagement and Information Services

Team: Knowledge Management & Technology Solutions

Reports to: Head of Data Governance & Analytics / Data Protection Officer

N° of positions supervised (if applicable): 2-5 managed service resources 

Career step level: 3

BACKGROUND

In 2020, Gavi released its first data governance framework, a set of data policies and data processes to promote the treatment of data as a critical and valuable asset. With this increase in awareness established, the organization is now taking further strides to ensure the safeguarding and protection of our information and data assets accordingly, in line with industry best practices.   

Through identifying, governing, and securing our information and data, the data protection initiative aims to ensure a Gavi working environment that is aligned with international best practice and effectively mitigates any financial and reputational damage to the organization. The mandate for developing and implementing the data protection framework sits within the Knowledge Management & Technology Solution (KMTS) team, who are responsible for leading engagement and collaboration across the organization and with key stakeholders on this topic. 

The Data Protection and Privacy Engineering Manager specializes in data security and privacy. They work with security and data architects as well as project/product managers and data analysts to understand the data protection and engineering needs and requirements of an organization and then apply the best practices and standards to protect the data from unauthorized access, modification, or loss. The Data Protection and Privacy Engineering Manager will be involved in data governance, compliance, auditing, and risk management activities, as well as educating and training other stakeholders on data protection policies and procedures. The Data Protection and Privacy Engineering Manager will also support the implementation of the current Data Protection strategy. They will be responsible for promoting training and awareness campaigns based on internal policies and standards, fostering engagement across stakeholder groups, as well as delivering reports on key data protection initiatives. They will be measured on the ability to effectively support awareness and deliver communication efforts in this area. 

MAIN DUTIES/RESPONSIBILITIES

• Contribute to the development and implementation of Gavi’s data protection vision, strategy, and framework and overseeing the information lifecycle by developing and maintaining policies, standards, and guidelines for data protection, conducting periodic reviews of data governance practices, identifying gaps, and implementing mitigation strategies to reduce risks associated with data handling. 
• Assess, implement, and oversee technologies that enhance data protection, including data loss prevention (DLP), automated classification, anonymization, pseudonymization, and encryption solutions.
• Lead privacy risk management activities, including conducting regular privacy impact assessments (PIA/DPIA), coordinating data mapping efforts, and ensuring compliance with privacy by design principles across the organization.
• Integrate data protection risk assessments, including Data Protection Impact Assessments (DPIAs), into the organisation's overall IT risk management framework, ensuring that privacy risks are effectively identified, assessed, and mitigated in line with enterprise risk management practices.
• Support the Head of Data Governance & Analytics with inquires of data subjects for data protection topics.
• Collaborate with IT and infrastructure teams to ensure that retention, deletion, backup and recovery processes are aligned with data protection policies, including encryption, secure restoration, and proper handling of personal data.
• Lead the data protection working group to ensure compliance, implement Privacy by design, and conduct data mapping and risk assessments across the organization.
• Develop and deliver training and awareness campaigns across the organization.
• Facilitate and support Gavi’s data protection day event.
• Engage project teams with information and data protection requests and support. 
• Lead investigations of privacy breaches and coordinate remediation efforts. 
• Collaborate with the cybersecurity team to improve incident response capabilities.
• Develop metrics and dashboards to track the effectiveness of privacy and compliance programs.
• Prepare and deliver strategic data protection communications and reports for key stakeholders, including senior leadership, in collaboration with change management colleagues as needed. 

Note: The essential functions listed in this section are not exhaustive of the job responsibilities; other duties may be assigned according to the department’s needs.

QUALIFICATIONS

ACADEMIC

• Bachelor's or Master's degree in computer science, information management, law or a related field. 
• Certifications such as CIPP/E, CIPP/US, CIPM, CIPT or CDPSE are mandatory. 
• Project management certifications such as PMI or Agile frameworks are a plus.  

WORK EXPERIENCE

• 5 years of experience in data governance, data protection domains and privacy engineering. 
• At least 2 years of experience in large, cross-functional teams influencing key stakeholders effectively across the organisation and within complex contexts. 

CORE SKILLS/COMPETENCIES

Job-related

The ideal candidate will have: 

• Strong knowledge of data protection laws and regulations such as GDPR, Swiss Federal Act on Data Protection (FADP) with a keen interest to stay informed on trends in data protection laws and best practices.   
• Experience in data protection, data governance, compliance and risks best practices, and the ability to communicate effectively with stakeholders.
• Experience collaborating with data engineering teams and understanding of data modelling, data pipelines, data warehousing, data quality, and data integration is a plus. 
• Proficiency in various data protection technologies and methods, such as encryption, hashing, masking, anonymization, tokenization.
• Experience implementing industry standards and frameworks such as ISO 27701 (Privacy Information Management System), NIST Privacy Framework, GDPR and International Association of Privacy Professionals (IAPP).
• Awareness of emerging trends in privacy, including AI ethics, data sovereignty, and global regulatory changes, with a proactive approach to adapting policies and practices. 
• Excellent written, verbal communication, and presentation skills, with the ability to convey complex privacy and data protection concepts to both technical and non-technical audiences.
• Proficiency in key technology platforms, including M365 (e.g., Microsoft Purview), and experience with BI tools for privacy and compliance reporting. Familiarity with enterprise systems such as SAP and Salesforce are an advantage.
• Strong influencing skills to drive compliance and privacy-by-design and privacy-by-default practices.  
• Skills in developing and delivering data protection training programs and awareness campaigns for employees, leadership, and stakeholders.
• Familiarity with data governance methodologies and frameworks (such as DAMA-DMBOK).
• Experience in developing and maintaining records of processing activities (ROPAs) and ensuring accountability measures are well established. 
• Experience preparing/presenting reports to senior management on data protection status on key metrics.
• Strong expertise in assessing, recommending, and implementing data protection tools and technologies to enhance data security and privacy, with hands-on experience in privacy management software (e.g., OneTrust, TrustArc), data mapping and compliance platforms (e.g: Microsoft Purview).
• Experience performing privacy impact assessments, data protection impact assessments (DPIAs) and privacy risk assessments 

Organizational 

• Ability to collaborate across different teams within the organization. 
• Ability to manage a team with members located locally, nearshore, and offshore.
• Strong customer-oriented service skills.
• Analytical thinker with a proactive approach to identifying, addressing, and resolving issues while offering actionable recommendations.
• Self-starter with a strong ability to take initiative and drive tasks. 

LANGUAGES

• Fluency in written and spoken English is required.
• Any other language would be an advantage.

CONTACTS

• Gavi Secretariat, Business unit leaders and data owners
• Chief Technology and Knowledge Officer, Chief Information Security Officer, IT Operations and Infrastructure team, Security Governance, Risk and Compliance Manager
• Legal and Ethics, Risk and Compliance teams
• Human Resources teams
• Audit and Investigation

Gavi is committed to diversity within its workforce and encourages applications from all qualified candidates.

If you wish to apply, please provide a cover letter and resume through our Careers webpage and apply by clicking on “Data Protection & Privacy Engineering Manager”. The deadline for applications is on the 22nd of January 2025.

Become part of our community and join us on Facebook and Twitter for updates about our mission to save children’s lives! You can also follow our hashtag #vaccineswork. 

In support of Gavi’s commitment to diversity, equality and inclusion, we hire globally and welcome applications regardless of age, disability, ethnicity, national origin, family status, sex, gender identity or expression, physical characteristics, race, religion, spirituality or sexual orientation. Gavi has zero tolerance towards sexual harassment, sexual exploitation and abuse as well as any form of discrimination or harassment. Everyone at Gavi is expected to conduct themselves with integrity and respect towards each other. Gavi is committed to creating a work environment that is safe and professional, therefore all selected candidates will undergo rigorous reference checks. Read more here. 

Gavi brings together the public and private sectors to save lives and protect people’s health by increasing equitable and sustainable use of vaccines against 18 infectious diseases. You will be joining an organisation at the centre of the international COVID-19 response, at the most critical time in global health in a lifetime. You will work in a culturally diverse environment with over 70 nationalities. You will collaborate with partners such as WHO, UNICEF, the Bill & Melinda Gates Foundation, the World Bank – and from business, civil society and government. And you will work in the first global health organisation to receive equal gender salary certification. Your unique experience, skills and talents can help us achieve our vision of leaving no one behind without the life-saving power of vaccines.