IT Data Protection Officer - Consultant
WFP seeks candidates of the highest integrity and professionalism who share our humanitarian principles
Selection of staff is made on a competitive basis, and we are committed to promoting diversity and gender balance
The United Nations World Food Programme (WFP) is the world's largest humanitarian agency, fighting hunger worldwide. We are seeking to fill a consultancy position of IT Data Protection Officer based at our Headquarters in Rome, Italy.
Under the direct supervision of the Chief of TECI, the consultant will ensure that the Organization always relies upon state-of-the-art, risk-based systems of control over personal data and beneficiary data processed in IT workflows.
Duties & Responsibilities:
The consultant will be responsible for the following tasks:
1. Manage Data Protection compliance:
- Develop, implement and enforce a suitable and relevant Data Protection Policy and ensure it is revised on a regular basis.
- Support the Organization in establishing a formal Data Protection Steering Committee by drafting the related Terms of Reference, Scope of Work and related framework
- Update procedures and internal guidance where necessary relating to the processing of personal information and sensitive data.
- Act as the contact point for any official activity related to personal and sensitive data disclosure. This should include collating information that may be required by the Office of Internal Audit (OIGA) and the Office of Internal Investigation (OIGI) as requested by any investigation or enforcement action.
- Ensure that related requests for information or action, be they from data subjects, external bodies, OIGA, OIGI or other authorized bodies are dealt with efficiently. Check their validity. Co-ordinate and approve responses before they are sent. Maintain a log of all such requests and produce summary reports as required.
- Liaise with the Chief Information Security Officer (CISO) to establish and maintain a register of Information Owners for sets of information (e.g. paper files, databases) and educate the Information Owners on their responsibilities (what is the data, how is it used, who has access to it).
- Maintain a log of any data protection incidents and remedial recommendations and actions.
- Develop or advise on the development of new policies and/or best practice with regard to data sharing, either in-house between departments or with external third parties, and sit on relevant groups and forums to represent the organization as appropriate.
- Ensure that data protection impact assessments are performed when appropriate (e.g.: major system or product developments etc.). Advise the units performing such impact assessments as necessary.
2. Lead Data Protection projects:
- Drive and manage the implementation of a Data Loss Protection (DLP) solution as scoped, devised and procured by the RMTI team.
- Liaise with all the stakeholders involved in the DLP implementation project (RMTI, PMO, any external implementing partner, RMTM technical teams, other WFP business units, etc.) in order to ensure a smooth delivery of the solution in Production.
3. Monitor Data Protection Compliance:
- Regularly review compliance with relevant internal policy framework and related best practices. The reviews should include third-party data processors used by the Organization.
- Highlight and develop solutions for any issues relating to the fair obtaining, use and storage of personal data, information quality and integrity, technical and organizational security.
4. Data Protection Training and Awareness:
- Provide advice and training to staff and managers to raise awareness and understanding about their responsibilities regarding Data Protection and related policies or good practice.
- Liaise with the Chief Information Security Officer (CISO) to develop and implement a Data Protection awareness and training programme.
- Be a resource for other employees by providing expert advice on data protection framework and other relevant issues.
- Ensure written information on Data Protection is available for provision to customers and employees, including appropriate privacy notices and guidelines on data consuming.
Qualifications & Experience Required:
Education: Advanced University Degree in Computer Science or Information Technology.
- 6+ years of experience in IT Security Projects with 2+ years of experience in Data Classification and Protection initiatives in IT related environments.
- Ability to work with precision under pressure on multiple activity streams.
- Ability to work autonomously with minimal supervision as well as to cooperate within a team with pre-defined reporting lines.
- General knowledge of Content Monitoring and Filtering (CMF), Information Protection and Control (IPC) and Extrusion Preventing (EPS) systems.
- Hands-on knowledge in at least one Data Loss Prevention (DLP) system.
- In-depth understanding of data storage (at-rest), retrieval of information in complex IT infrastructures (in-motion) and workflow-driven data processing (in-use).
Knowledge & Skills:
- General knowledge of WFP Business Process Areas would be an asset.
- Any ITIL certification would be desirable. Baseline IT Security knowledge would be a distinct advantage.
- Certified ability to audit data management systems is a plus.
- Previous experience in international contexts with coordination of multiple workgroups will be considered a plus.
- Detail-oriented, Excellent communication, Ethics & Values, Team Work, Client Orientation, Cognitive Capacity, Interpersonal Relations, Stress Resistance, Behavioural Flexibility, Leadership Capabilities.
Languages: Fluency (level C) in English language. Intermediate knowledge (level B) of a second official UN language: Arabic, Chinese, French, Russian, Spanish, and/or WFP’s working language, Portuguese is desirable.
Terms and Conditions
WFP offers a competitive compensation package which will be determined by the contract type and selected candidate’s qualifications and experience.
Please visit the following websites for detailed information on working with WFP.
http://www.wfp.org Click on: “Our work” and “Countries” to learn more about WFP’s operations.
Deadline for applications: 28 December 2018
Ref.: VA No. 102341
Qualified female applicants and qualified applicants from developing countries are especially encouraged to apply
WFP has zero tolerance for discrimination and does not discriminate on the basis of HIV/AIDS status
No appointment under any kind of contract will be offered to members of the UN Advisory Committee on Administrative and Budgetary Questions (ACABQ), International Civil Service Commission (ICSC), FAO Finance Committee, WFP External Auditor, WFP Audit Committee, Joint Inspection Unit (JIU) and other similar bodies within the United Nations system with oversight responsibilities over WFP, both during their service and within three years of ceasing that service.