Compliance Manager (Regulatory Change, Legal and Privacy)


Doctors Without Borders/Médecins Sans Frontières (MSF) is an international humanitarian organization that delivers impartial medical care to people affected by conflict, epidemics, disasters, or exclusion from health care in over 70 countries.

We welcome candidates who bring a wide variety of backgrounds and experiences to join us in working toward MSF’s common mission.



The Executive Department works in conjunction with the Board of Directors to guarantee the overall functioning of MSF-USA and MSF-USA's involvement in the larger MSF movement. 



The Compliance Manager (Regulatory Change, Legal and Privacy) plays a critical role within MSF-USA. Reporting to the Director of Internal Operations and to the Governance, Risk and Compliance (GRC) Committee, the Compliance Manager (Regulatory Change, Legal and Privacy) is responsible, in close collaboration with the Directors and Business unit managers of the respective areas, and the Systems team, for the development and implementation of MSF USA’s Corporate Privacy Compliance Framework and Rules, the definition of Vendor Contract Management Guidelines and instructions, for establishing an effective Privacy Regulatory Change Management, Legal and Market Watch.

The Compliance Manager is also responsible to animate discussions about Privacy, in close collaboration with relevant subject matter experts and units. To this end, the Compliance Manager will establish a Privacy Education and Awareness.

The Compliance Manager has a strong understanding of corporate compliances and privacy laws, regulations and is vested with the authority to run the day-to-day activities associated with administering MSF-USA’s corporate privacy compliance program

The Compliance Manager will also establish all needed Key Performance Indicators (KPI) to monitor, evaluate and steer the programs and strategies under his/her management. The Compliance Manager will also lead special projects as instructed by the Director of Internal Operations.


  1. Essential Functions and Responsibilities:

Contributes to the Development and Implementation of the MSF -USA’s Corporate Privacy Compliance Framework and Rules

Supports policy compliance program throughout the organization, recommending effective compliance strategies that apply to department practices.

Maintains corporate compliance and policy documents library and GRC operating models and procedures.

Oversees all corporate policies’ workflow execution and acts as liaison with the management team, staff and legal counsel for policy management and review.


Vendor Contract Management

Coordinates with all Departments to include applicable legal and privacy requirements in the assessment of new and existing vendors.

Supports different budget owners in pre-/post-contracting vendor due diligence assessments.

Reviews and manages third-party agreements for compliance with applicable regulations and ensures the inclusion of relevant compliance clauses and exceptions as applicable.

Establishes vendor management processes in coordination with legal counsel and stakeholders in risk management and the management team.


Privacy Regulatory Change Management, Legal and Market Watch

Coordinates with legal counsel on regulatory change management efforts and communicates with the departments to define potential impacts in business processes in a timely fashion.

Validates and maintains legal basis of data processing.


Privacy and Security Education and Awareness

Ensures continuous education to the different departments on the legal basis of data, privacy and security concepts and other compliance related areas.

Defines and develops training, education and awareness programs (including domestic and applicable compliance laws, potential privacy risks, proper privacy hygiene and best practices).



Maintains privacy compliance artifacts (including Privacy Risk Register, Incident and Legal obligations, Personal data inventory), as needed by regulatory requirements

Serves as the Legal / Compliance Department liaison with the GRC Committee and cross-departmental dedicated privacy resources.

Validates consent language and acts as an advisory in implementation of consent as per the legal and strategic requirement of the organization.

Acts as a front face for privacy contacts and data subject requests.

Supports the development and implementation of data rights management processes and mechanisms for consent management.


  1. Supervisory Responsibilities:



  1. Fiscal Responsibility

Collaborates with Finance Director and Director of Internal Operations in developing departmental budget for review and approval by Executive Director.  Implements, controls and reviews approved unit budget, in accordance with MSF’s policies and procedures.  Responsibilities include quarterly budget review and revision, signing and administering departmental contracts, reviewing and signing off on others’ purchase orders, expense reports, credit card reports, and timesheets, and managing own credit card. 



  1. Extent of Public Contact

Regularly represents the organization to peers of top tier humanitarian and development organizations in the non-profit compliance and privacy areas. Routinely interacts with senior representatives of key vendors and consultants to negotiate terms, direct their work and answer their questions on complex topics. Within the MSF network, interacts with peers and subject matters experts, and might present to the Audit and Risk Committee of the MSF USA Boards or similar committees in other MSF Sections. Interacts with all levels of staff, field volunteers and BoD to strategize approach, plan, and coordinate compliance and privacy activities.

Represents MSF USA within the movement as instructed by the Director of Internal Operations.


  1. Physical Demands

While performing the duties of this job, the employee is required to sit for long periods and to concentrate on work, including typing, and turn out heavy volumes of work accurately, within the context of a moderately noisy office with many interruptions.  Must be able to proofread own work accurately so that only minor corrections are needed on an infrequent basis.

To travel to the field (usually in the developing world), the employee must attest to physical fitness to endure physically difficult, high stress situations which may include the necessity to walk long distances, carry a backpack or other equipment of up to 50 pounds, to ride long distances over very poor road conditions, to eat a limited diet and/or to reside in potentially uncomfortable housing or tents.

The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.


  1. Working Conditions, Travel and Environment

The duties of the job require regular attendance 5 days/week for a minimum of 35 hours.  Must be available to work before 9:00 am, after 5:00 pm or on weekends, as required.

Must be able to travel as required (minimum 10%) for standard domestic and international business travel as well as to MSF field projects.  While performing the duties of this job in the field, the employee may be exposed to precarious settings under high security and/or very basic living conditions and outside weather conditions.



  • Education: Master’s degree or equivalent in academic field related to compliance, privacy, data protection, and/or humanitarian organizations and four to ten years related experience; or equivalent combination of education and experience. J.D. and bar admission are an advantage but are not required.


  • Professional experience in corporate compliance program, data ethics data protection and knowledge of the US privacy compliances an asset


  • Experience with MSF or other humanitarian organization is an asset 


  • Ability to define problems, collect data, establish facts, and draw valid conclusions.


  • Ability to read, analyze, and interpret complex legal documents and ability to translate legal language into operational language
  • Ability to write reports, business correspondence, and procedure manuals.


  • Ability to effectively present information and respond to questions from groups of managers, staff, and the general public.


  • Ability to respond to common inquiries or complaints from donors, regulatory agencies, or members of the business or NGO communities.


  • Ability to effectively present information to top management, public groups, and/or boards of directors.


  • Strong computer skills including proficiency with spreadsheet, database and word processing software. Knowledge of GRC software an asset.
  • Strong risk awareness and analytical ability and change management skills.





Pay Class

Full Time Exempt


Contract Type

Open Ended Contact


Additional Information

Starting salary high 80s to low 90s (commensurate with experience). 


Desired Hiring Date

October/November 2019


Working Time %



How to Apply

To apply, send cover letter and resume to:,  

ATTN: Compliance Manager (Regulatory Change, Legal and Privacy) position.

Submissions without cover letter will not be reviewed. No phone calls please.

Please note that relocation assistance and visa sponsorship will be offered for this position.