HEAD OF GOVERNANCE, RISK MANAGEMENT AND COMPLIANCE

Head Of Governance, Risk Management And Compliance Overview: The Head of Governance, Risk Management and Compliance (GRC), reporting to the General Director, is directly responsible for implementing, maintaining, and improving policies, procedures, and internal controls to ensure compliance with applicable regulatory and legal requirements and best practices and minimize the risks for the organization. He/she leads risk analysis for strategic and operational internal and external third-party risk assessments, designing controls and implementing best practice processes. Responsibilities: Governance and risk management: - Designs and develops the governance and risk analysis strategy in line with the overall strategy, ensuring that adequate control mechanisms are in place; - Carries out risk diagnosis on processes with reference to Italian and European laws, regulations and standards in general; - Carries out follow-up actions to risk management actions; - Drafts and monitors annual governance, risk and compliance budgets considering the organization's strategic plans. Compliance management: - Oversees the implementation of the function's policies, systems, processes, procedures, and controls to meet all relevant procedural/legislative requirements. Obligations related to the reform of the third sector: - Acquires information on the reform of the third sector with the support of a tax advisor and informs the areas concerned with an internal consultancy approach, preparing possible implementations; - Ensures the collection and transmission of information required by the Ministry of Foreign Affairs concerning the NGO register and the use of institutional funds; - Verifies compliance with the regulations on the preparation of annual financial and social statements and the keeping of organization's books. Tax obligations: - Together with the tax advisor, informs the relevant areas of any updates and changes in regulations concerning their activities; - Supports the management of reporting issues such as, for example, error reports or donations made without reporting the tax code; - Verifies that the Finance Department has prepared the 5*1000 reporting and informs it of any changes in legislation; - Prepares documentation regarding anti-mafia and anti-money laundering legislation, verifying the existence of the necessary requirements for MSF as NGO; Obligations relating to worker Health & Safety: - Coordinates worker safety activities by ensuring that existing procedures are kept up to date; - Oversees the activities of the safety management officer. Privacy: - Acts as Data Protection Officer for all data protection issues or incidents, working with the DPO to ensure consistency and compliance; - Identifies opportunities to implement new systems to improve compliance adoption, employee engagement and efficiency; - Develops, improves and operationalizes organization-wide security, risk and privacy policies, processes and controls to reduce risk and comply with applicable laws and regulations; - Performs monitoring and evaluation of security, risk and privacy controls on an ongoing basis; - Works with key stakeholders to review critical factors and, if necessary, perform and advise on privacy impact assessments; - Supports procurement in the definition of contractual clauses concerning privacy; - Oversees the activities of the cybersecurity officer in managing cybersecurity protocols, monitoring processes and in case of data breaches; - Implements measures and a governance framework to manage the use of data in compliance with laws and regulations, including developing templates for data collection, assisting with data mapping and vendor management reviews; - Identifies, tracks, and monitors controls over all applicable data privacy requirements; - Coordinates privacy training for all employees and contractors. Organizational model 231/01: - Prepares updates requested by the ODV (Organismo di Vigilanza), including internal procedures; - Ensures internal communication and coordinates mandatory training on the 231/01; - Verifies the Management Team's reporting obligations to the ODV; - Informs the Board of MSF of the need to replace members of the ODV. Reporting, Monitoring obligations & MoUs: - Ensures compliance with GRC regulatory and legal requirements for agreements and contracts of MSF; - Verifies that the Directorates have updated a database concerning all agreements and MoUs signed by the section with public bodies and MSF sections for the purpose of humanitarian operations to be made available to the control bodies. Legal disputes: - Coordinates the initial actions to be introduced regarding legal disputes that the organization is called upon to handle. Acts in support of the crisis teams dedicated to the required legal action. Qualifications: Key requirements: - Bachelor's degree consistent with the profile; - Minimum of 7 years of relevant experience. #J-18808-Ljbffr