Your Team responsibilities

The role of the Data Privacy Compliance and Operations Officer is to ensure MSCI is in continuous compliance with the GDPR - and any future privacy regulations.

MSCI has implemented a GDPR compliance program which has been operational since May 2018. This program needs to be managed and enhanced across many dimensions including controls oversight, privacy event management, documentation change management, and program enhancements. This position will also address expansions to our privacy data controls as required to address emerging regulation in this area.

What we will offer you: Depending on your location of your role, you can expect ...

• Competitive fixed and variable compensation, holiday/vacation allowance & retirement savings plans/pensions
• Employee Resource Groups to support you in and out of the office
• A wide range of benefits including - healthcare, dental plans, risk insurances and (location dependent) - cycletowork schemes, gym benefits, retail discounts,
• A purposeful approach to Wellbeing including training, support networks, membership to wellness platforms and vendors, and active local office communities
• A specific and deliberate planning to the physical offices in which we work, and support for everyone spending periods of time working remotely or at home. This approach mirrors our commitment to transparency and sustainability and puts the safety and wellness of our employees at the center of all we do. We aim to provide productive and sustainable work environments and technology that encourages collaboration, creativity and innovation.

• Privacy Impact Assessments - all new vendor service agreements and internal systems development investments must be screened for potential privacy-related concerns. When such concerns are identified, then the appropriate assessments must be performed and, if needed, the approach to the planned investment must be amended. This position is responsible for maintaining and improving our PIA processes and for executing PIAs when required.
• Privacy breach incident management - GDPR has strict requirements with respect to privacy breach management and reporting. This position would be directly involved in assessing any privacy-related aspect of a data breach. This position would work directly with InfoSec on the initial investigation and with Legal on any decision to report an incident to authorities.
• Individual Rights Management process operationalization and oversight - GDPR gives individuals in the EU various rights with respect to how companies like MSCI use and store their personal data. MSCI has established processes for managing such individual rights requests. This position would be responsible for the continuous oversight, reporting and enhancement of these processes.
• Maintenance of GDPR/Privacy Data documentation - MSCI's GDPR compliance program relies on extensive documentation, including but not limited to, Data Maps and Data Inventories, Privacy Impact Assessments, Audit Trails of events such as privacy breach or individual rights requests, Controls Framework, etc. Some documentation requires updating to reflect changes in organization or processes. This position would responsible for the effective management of all Privacy program documentation.
• Ongoing Privacy Data training - MSCI provided online training to all firm personnel in May 2018 as part of our initial roll-out of GDPR compliance. This position will be responsible for improving on this training program and improving the effectiveness of our GDPR/Privacy training efforts.
• Public facing Privacy notices - Working with Legal and Marketing, this position will ensure that all Privacy-related notices on our website are current and complete.
• Monitoring and reacting to developments in privacy regulations globally - Privacy regulation is under development in several jurisdictions around the world. Working with Legal, this position will play a leadership role in helping MSCI understand and prepare for such emerging regulation and for adapting our existing GDPR compliance program to cover new compliance requirements.
• Requests for Privacy information - This position will help respond to requests for information about MSCI's GDPR compliance and privacy protections from clients and other parties.
• Oversight and Reporting - This position will serve as the Secretary to a to-be-established Privacy Oversight Committee. This position will set the agenda, prepare materials and manage follow-ups. This position will also develop and support ongoing privacy program status reporting and metrics.
• Support of Audit - Over time, our privacy activities will be subject to Internal or External Audit. This position will play a leadership role in supporting such audits.

• Minimum 7 years relevant work experience
• Candidate may have various backgrounds, including Legal/Compliance, Audit, IT, etc.
• Direct experience in, and understanding of, data privacy generally and GDPR specifically
• Ideally candidate has hands-on experience in establishing and/or ongoing management of a GDPR/Privacy compliance program
• Position will interact heavily with colleagues in various functions and locations including InfoSec, Legal/Compliance, Internal Audit, Procurement, Project Management, Marketing, etc.
• Experience in a multinational corporation
• Experience in financial services is a plus
• Strong MS Office skills
• Excellent communications skills
• Strong work ethic, self-starter, organized, team player

• Coaching and support from experts in your team
• A performance and growth-oriented culture and values
• Opportunities for continuous learning to aid progression
• Goal based objectives and development plans
• Transparent performance-based compensation schemes
• Employee resource groups such as the Women's Leadership Forum, MSCIPRIDE, and Eco-Groups.