Consultant: Senior Data Protection and Compliance Specialist (International)

Consultant: Senior Data Protection and Compliance Specialist

(International)

BACKGROUND 

UNRWA will be modernizing its Refugee Registration Information System (RRIS) to align with updated international standards for civil registration to ensure unhindered, secure, and protected access to UNRWA’s services. This entails the creation of an individual client-based registration system with an integrated online portal for secure access to and updating of registration records by clients that will constitute the master database for all UNRWA service provision and verification of service eligibility. The current system holds the active files of 5.7 million Palestine refugees and 0.7 million other service eligible persons. The system will re-organize existing registration files to link these with historic archival records and prepare the same for an online platform making available documentation for publicly accessible documentation on displacement of Palestine refugees from 1948 to date. The project will be guided by a team of civil registration and data protection experts and implementation of the new system design is foreseen through an external IT service provider.

Legacy RRIS was developed in C# .NET, ASP.NET and SQL Server.  

DUTIES AND RESPONSIBILITIES 

The consultant will be responsible for translating the new approach to refugee registration, as conceptualized by the Relief and Social Services Department’s Registration and Eligibility Division by assessing the current Refugee Registration Information System (RRIS) data privacy and protection functions to ensure compliance with international regulations and best practices.  

Under the direct supervision of the Head of Information Security Office, and the overall supervision of the Chief Information Officer (CIO) and Director of the Information Management and Technology Department (IMTD), in close collaboration with the Relief and Social Services Department (RSSD), and within the framework of the activities of the modernization of RRIS, the consultant will work closely with other project stakeholders to undertake the following activities: 

• Lead the development and implementation of data privacy governance framework for RRIS, to manage data in compliance with applicable international data protection regulations, including developing policies and standards for online registration and identity verification systems;
• Serve as the primary contact and liaison for RRIS data protection related matters; coordinating with applicable internal and external stakeholders when compelled by applicable protection regulations, under the supervision of the Information Security Office;
• Work with key internal stakeholders in the review of projects, related data, and agreements to ensure compliance with local and international data privacy, and where necessary, complete and advise on privacy impact assessments;
• Review staffing responsibilities regarding the data protection of refugees and improve the current framework;
• Coordinates implementing data protection consent forms for refugees to access online registration and verification platforms;
• Review vendor contracts and consents needed to implement RRIS related projects in collaboration with the organization’s Legal and Procurement departments, and under the supervision of the Information Security Office;
• Draft new and amend existing internal data protection policies, guidelines, and procedures, in consultation with key stakeholders and under supervision of the Information Security Office;
• Participates in the Data and Information Technology Governance Committees when requested;
• Support the Information Security Office and IMTD raising awareness and providing staff training for any employees involved in activities related to data processing and data protection compliance;
• Undertake other tasks, as requested.

MINIMUM QUALIFICATIONS AND EXPERIENCE

• An advance University degree from an accredited educational institution in Computer Science, Information Technology, and related fields. Data Protection and/or Privacy certification and auditing such as, but not limited to, CISA, CIPP, CIPT and ISEB highly recommended. 
• At least six years of progressively responsible experience developing policy and compliance frameworks; demonstrated understanding and application of data privacy laws; and experience in conducting data protection impact assessments; of which at least two years outside of the candidate’s home country or a country in which the candidate has a permanent residence.  
• Understanding the environment in which business operates and associated data protection risks.
• Experienced in the operational application of data privacy laws, including data breaches.
• Familiarity with state-of-the-art information security systems.
• Excellent written and spoken English. Knowledge of Arabic is an advantage.
• Experience with working in a team on complex projects and against tight timelines.

DESIRABLE QUALIFICATIONS

• Understanding of humanitarian and development contexts including prior programme or project management experience
• Understanding of civil registration systems and processes
• Familiarity with Information Security and cybersecurity frameworks and industry standards
• Familiarity with Project Management and ITIL frameworks

COMPETENCIES 

• Analyzing
• Planning and Organizing
• Creating and Innovating
• Learning and Researching
• Coping with Pressure and Setbacks

CONDITIONS OF SERVICE

• The incumbent will be based in Beirut.
• The duration of the consultancy is 6 months with possibility of extension subject to availability of funds. 

• Remuneration:

• Remuneration for this consultancy will be at an equivalent of P4 level of international staff salary scale
• Remuneration will depend on qualifications and experience of the candidate.
• One and a half day annual leave days per month. 

APPLICATION PROCESS

Applicants should submit a cover letter and CV or UN Personal History Form demonstrating clearly the knowledge and experience required to meet the consultancy requirements, indicating the title of this consultancy “SENIOR DATA PROTECTION AND COMPLIANCE SPECIALIST” in the subject line of the message. The deadline for the submission of applications is 30/09/2021.

UNRWA is an equal opportunity employer and welcomes applications from both women and men. UNRWA encourages applications from qualified women. Only those applicants shortlisted for interview will be contacted.  UNRWA is a non-smoking environment.

13/09/2021