By continuing to browse this site, you agree to our use of cookies. Read our privacy policy

Data Protection and Privacy Specialist, Multiple positions

Remote | Home Based - May require travel

  • Organization: UNOPS - United Nations Office for Project Services
  • Location: Remote | Home Based - May require travel
  • Grade: Mid level - IICA-2, International Individual Contractors Agreement
  • Occupational Groups:
    • Statistics
    • Information Technology and Computer Science
    • Security and Safety
  • Closing Date: Closed

Job categories Information Security
Vacancy code VA/2024/B0063/27752
Level ICS-10
Department/office MP, RCG, Risk and Compliance Group
Duty station Home based
Contract type International ICA
Contract level IICA-2
Duration Building a pool of candidates for ongoing opportunities, retainer engagements and short-term engagements
Application period 18-Mar-2024 to 08-Apr-2024
Applications to vacancies must be received before midnight Copenhagen time (CET) on the closing date of the announcement.

Functional Responsibilities

1. Personal Data Protection & Privacy Governance
  • Support the development and implementation of UNOPS' privacy program and the resulting privacy policies, procedures, and documentation for the processing of personal data in coordination with stakeholders within the organisation.

  • Work to ensure the organisation maintains the appropriate privacy and confidentiality consent procedures, authorization forms, and information notices.

  • Establish and work with a multidisciplinary team, including audit and risk, compliance, HR, legal, business process owners, IT, Cybersecurity, and other internal stakeholders to ensure enterprise-wide coverage of the privacy discipline.

  • Work with procurement, vendor management and the legal department to ensure that third-party suppliers' contracts and operating-level agreements meet privacy requirements.

  • Implement and maintain an internal reporting mechanism for intended (new or changed) personal data processing activities, to which business unit/process owners must adhere.

  • Support the organisation's response activities to privacy-related incidents.

  • Communicate with stakeholders and the public concerning privacy issues (for example, answering data subject’s questions and requests).

2. Privacy Impact Assessments
  • Determine the organisation's specific privacy-related requirements and support projects by conducting privacy impact assessment where applicable.

  • Develop, improve, and manage the privacy impact assessment process, in close collaboration with business stakeholders.

  • Conduct regular privacy policy compliance assessments to ensure that UNOPS's privacy policies are being adhered to.

3. Compliance Monitoring
  • Ensure that business units, technology teams and third parties (service providers) follow UNOPS's privacy program, implement measuring procedures to verify the extent in which these stakeholders meet privacy policy requirements and address privacy concerns.

  • Collaborate with and assist business units and technology areas to develop corrective action plans for identified privacy compliance issues.

  • Continuously monitor the status and effectiveness of privacy controls across service offerings, ensuring that privacy-related key risk indicators are effectively monitored to prevent an unacceptable impact on business objectives and reputation.

  • Conduct frequent compliance report monitoring activities on collaborating partners, third-party service providers' and other data processors' levels of privacy compliance.

  • Report findings in a structural, transparent, and business-relevant manner, allowing the business to decide and instruct on adequate and appropriate mitigating measures.

4. Personal Data Inventory and Usage
  • Support the creation of an inventory that documents how and why UNOPS collects, shares, and uses personal data.

  • Continuously update and reevaluate the extent to which customer and employee information is collected and shared internally and externally.

  • Monitor the data request and usage processes, purpose-based authorised use, and prevention mechanisms' effectiveness against unauthorised use of personal data across UNOPS.

  • Maintain UNOPS's registry of all personal data stores and data processing activities.

  • Influence UNOPS’s retention program to facilitate deletion or anonymization of personal data that is no longer needed for identified purpose(s), and in accordance with applicable requirements.

5. Awareness, Training, and Other Communications
  • Conduct privacy awareness campaigns, training, and orientation for all employees — in particular, application developers, HR, and Procurement.

  • Identify trends in privacy and requirements and compliance enforcement, and account for the necessary changes in the privacy program, updating information to the affected stakeholders.

  • Work with third-party stakeholders (including business partners, suppliers, service providers and IT product vendors) to ensure that they clearly understand and comply with UNOPS's privacy requirements.

Education/Experience/Language requirements

Education Requirements: 
  • Bachelor's degree in business administration, law, finance, accounting, computer science or a related discipline is required.
  • An Advanced Degree is desirable and might substitute for some years of experience.

One or more of the following professional certifications would be considered an advantage.

  • Certified Information Privacy Professional (CIPP)
  • Certified Information Privacy Management (CIPM)
  • Certified Information Privacy Technologist (CIPT)
  • Certified Information Systems Security Professional (CISSP)
  • Certified Information Security Manager (CISM)
  • Certified Information Systems Auditor (CISA)

The following or any other relevant professional certifications are desirable. 

  • Project Management (PMI-PMP, Prince2)
  • ISO/IEC 20000 IT Service Management
  • Information Technology Infrastructure Library (ITIL)
Experience Requirements: 
  • With a Bachelor degree, a minimum of seven (7) years of experience in personal data protection and privacy, and/or security risk management, and/or auditing and compliance in a large international and/or corporate organisation is required. With an Advanced degree, a minimum of 5 years of the above-mentioned relevant experience is required.
  • 2 to 3 years of legal experience, with a focus on privacy is desirable.
Language Requirements:
  • Full working knowledge of English is required
  • Knowledge of another official UN language (Spanish and/or French) is desirable
This vacancy is now closed.
However, we have found similar vacancies for you: