Data Protection and Privacy Specialist, Multiple positions

• Support the development and implementation of UNOPS' privacy program and the resulting privacy policies, procedures, and documentation for the processing of personal data in coordination with stakeholders within the organisation.

• Work to ensure the organisation maintains the appropriate privacy and confidentiality consent procedures, authorization forms, and information notices.

• Establish and work with a multidisciplinary team, including audit and risk, compliance, HR, legal, business process owners, IT, Cybersecurity, and other internal stakeholders to ensure enterprise-wide coverage of the privacy discipline.

• Work with procurement, vendor management and the legal department to ensure that third-party suppliers' contracts and operating-level agreements meet privacy requirements.

• Implement and maintain an internal reporting mechanism for intended (new or changed) personal data processing activities, to which business unit/process owners must adhere.

• Support the organisation's response activities to privacy-related incidents.

• Communicate with stakeholders and the public concerning privacy issues (for example, answering data subject’s questions and requests).

• Determine the organisation's specific privacy-related requirements and support projects by conducting privacy impact assessment where applicable.

• Develop, improve, and manage the privacy impact assessment process, in close collaboration with business stakeholders.

• Conduct regular privacy policy compliance assessments to ensure that UNOPS's privacy policies are being adhered to.

• Ensure that business units, technology teams and third parties (service providers) follow UNOPS's privacy program, implement measuring procedures to verify the extent in which these stakeholders meet privacy policy requirements and address privacy concerns.

• Collaborate with and assist business units and technology areas to develop corrective action plans for identified privacy compliance issues.

• Continuously monitor the status and effectiveness of privacy controls across service offerings, ensuring that privacy-related key risk indicators are effectively monitored to prevent an unacceptable impact on business objectives and reputation.

• Conduct frequent compliance report monitoring activities on collaborating partners, third-party service providers' and other data processors' levels of privacy compliance.

• Report findings in a structural, transparent, and business-relevant manner, allowing the business to decide and instruct on adequate and appropriate mitigating measures.

• Support the creation of an inventory that documents how and why UNOPS collects, shares, and uses personal data.

• Continuously update and reevaluate the extent to which customer and employee information is collected and shared internally and externally.

• Monitor the data request and usage processes, purpose-based authorised use, and prevention mechanisms' effectiveness against unauthorised use of personal data across UNOPS.

• Maintain UNOPS's registry of all personal data stores and data processing activities.

• Influence UNOPS’s retention program to facilitate deletion or anonymization of personal data that is no longer needed for identified purpose(s), and in accordance with applicable requirements.

• Conduct privacy awareness campaigns, training, and orientation for all employees — in particular, application developers, HR, and Procurement.

• Identify trends in privacy and requirements and compliance enforcement, and account for the necessary changes in the privacy program, updating information to the affected stakeholders.

• Work with third-party stakeholders (including business partners, suppliers, service providers and IT product vendors) to ensure that they clearly understand and comply with UNOPS's privacy requirements.

• Bachelor's degree in business administration, law, finance, accounting, computer science or a related discipline is required.
• An Advanced Degree is desirable and might substitute for some years of experience.

One or more of the following professional certifications would be considered an advantage.

• Certified Information Privacy Professional (CIPP)
• Certified Information Privacy Management (CIPM)
• Certified Information Privacy Technologist (CIPT)
• Certified Information Systems Security Professional (CISSP)
• Certified Information Security Manager (CISM)
• Certified Information Systems Auditor (CISA)

The following or any other relevant professional certifications are desirable. 

• Project Management (PMI-PMP, Prince2)
• ISO/IEC 20000 IT Service Management
• Information Technology Infrastructure Library (ITIL)

• With a Bachelor degree, a minimum of seven (7) years of experience in personal data protection and privacy, and/or security risk management, and/or auditing and compliance in a large international and/or corporate organisation is required. With an Advanced degree, a minimum of 5 years of the above-mentioned relevant experience is required.
• 2 to 3 years of legal experience, with a focus on privacy is desirable.

• Full working knowledge of English is required
• Knowledge of another official UN language (Spanish and/or French) is desirable