IT Data Protection Consultant

WFP seeks candidates of the highest integrity and professionalism who share our humanitarian principles

Selection of staff is made on a competitive basis, and we are committed to promoting diversity and gender balance

Job Title: IT Data Protection Consultant

Type of Contract: Regular Consultant Level I

Division: TECM, Technology Division

Duty Station: Remote

Duration: 11 months

ORGANIZATIONAL CONTEXT:

The United Nations World Food Programme (WFP) is the world's largest humanitarian agency, fighting hunger worldwide. The WFP Technology Division (TEC) seeks to digitally enable the organization to deliver this mandate in an effective and efficient manner, with sufficient agility required for humanitarian operations.

Digital technology and data are rapidly reaching some of the most vulnerable people and places affected by crisis, while also expanding operational approach to those same crises. As one of the main humanitarian actors, WFP has the opportunity and obligation to leverage data and technology to better know and serve those in need by digitally transforming the way it works. Such ambition has led to developing a new WFP IT Strategy whose core elements inform the end-to-end business processes of the organization.

BACKGROUND AND PURPOSE OF THE ASSIGNMENT:

Under the general supervision of the Chief TECI and direct supervision of the Head of Cyber Advisory Services, the consultant will ensure the Organization relies upon state-of-the-art, risk-based controls over IT systems and data.

ACCOUNTABILITIES/RESPONSIBILITIES:

The consultant will be responsible for the following tasks:

• Manage Data Protection compliance:

• Provide expert advice on privacy and data protection.
• Update and maintain IT Security governance frameworks ensuring consistency with TEC goals and industry best practices, including drafting, updating and amending relevant policy documents and procedures.
• Be the primary liaison between the IT Security branch and the Global Privacy Office (GPO), ensuring privacy requirements are appropriately implemented through IT Security technical and administrative controls.
• Guide the organisation on data classification and data security.
• Manage 3rd party breaches, ensuring cross-divisional collaboration to assess and act on any associated risks.
• Lead any official activity on behalf of TEC that relates to personal and sensitive data disclosure. This will include collating information which may be required by the Office of Internal Audit (OIGA) and the Office of Internal Investigation (OIGI) as requested by any investigation or enforcement body.
• Efficiently manage requests for information or action, be they from external bodies, Risk Management, Evaluation, OIG or other authorized areas.
• Work with the Chief Information Security Officer (CISO) and Cybersecurity Heads of Unit to maintain a register of Information Owners for sets of information and educate Information Owners on their responsibilities.
• Expertly review legal agreements, partnerships, contracts, and other related documentation, flagging areas of concern for data sharing and other use.

• Perform high quality risk assessments of solutions presented to the TEC division for review, applying WFP policies, recognised frameworks and best practices.
• Develop and advise on the development of new policies and/or best practices with regard to data sharing, either in-house between departments or with external third parties, participating in cross functional committees and panels.
• Continuously benchmark the TEC division’s governance instruments against recognized frameworks and standards, including NIST, GDPR, ISO and ENISA.
• Provide expert professional legal advice on all matters relating to cybersecurity.
• Lead responses for all audits and evaluations that have an IT security component, organizing specific tasks for various focal points across TEC and collating responses to satisfactorily address all findings and recommendations.
• Produce high quality responses to assessments performed by the Joint Inspection Unit (JIU), IT Advisory Board (ITAB), Enterprise Risk Management (ERM), Digital Business and Technology Committee (DBTC) and other bodies relating to WFP’s cybersecurity position and programme.
• Collaborate across WFP divisions to analyse the security posture of third parties.
• Champion the evolution of the corporate Cyber Risk Management Framework.
• Perform other related duties as assigned

DELIVERABLES:

• Legal documents and contracts expertly reviewed.
• Applicable standards defined, resulting from new policy releases.
• Cybersecurity related policies drafted and sent for approval / dissemination.
• Elevation of risk management relating to cybersecurity in WFP.

QUALIFICATIONS & EXPERIENCE REQUIRED:

Education:

University Degree in Computer Science, Information Technology, Data Protection, Law, or other related field. A master’s degree in Law or Data Protection would be highly regarded.

Experience:

• 5 years of experience in Data Classification / Protection / Governance / Privacy / Legal initiatives in IT related environments.
• Ability to work with precision under pressure on multiple activities.
• Ability to work autonomously with minimal supervision as well as to cooperate within a team with pre-defined reporting lines.
• In-depth understanding of data at rest, in motion and in-use.

Technical Skills & Knowledge:

• Detail-oriented, Excellent communication, Ethics & Values, Teamwork, Client Orientation, Cognitive Capacity, Stress Resistance, Behavioural Flexibility, Leadership Capabilities.
• General knowledge of WFP Business Process Areas or baseline IT Security knowledge is desirable.
• Knowledge of legal terminology used in contracts, policies and frameworks.
• Certifications such as ITIL or IAPP would be an asset.
• Certified ability to audit data management systems is desirable.

Language:

Fluency in oral and written English with an intermediate knowledge of another official UN language (Arabic, Chinese, French, Russian and Spanish) or Portuguese (one of WFP’s working languages) is desirable.

TERMS AND CONDITIONS:

WFP offers a competitive compensation package, which will be determined by the contract type and selected candidate’s qualifications and experience.

Please visit the following websites for detailed information on working with WFP.

http://www.wfp.org Click on: "Our Work" and "Countries" to learn more about WFP's operations.

Deadline for applications: 19 December 2022 at 11:59 Rome time (CET/CEST)

Qualified female applicants and qualified applicants from developing countries are especially encouraged to apply.

WFP has zero tolerance for discrimination and does not discriminate on the basis of HIV/AIDS status.

No appointment under any kind of contract will be offered to members of the UN Advisory Committee on Administrative and Budgetary Questions (ACABQ), International Civil Service Commission (ICSC), FAO Finance Committee, WFP External Auditor, WFP Audit Committee, Joint Inspection Unit (JIU) and other similar bodies within the United Nations system with oversight responsibilities over WFP, both during their service and within three years of ceasing that service.

Saving lives, changing lives

Apply For Job