Data Protection Specialist
WFP celebrates and embraces diversity. It is committed to the principle of equal employment and encourages qualified candidates
to apply irrespective of race, color, national origin, ethnic or social background, genetic information, gender, gender identity
and/or expression, sexual orientation, religion or belief, HIV status, physical or mental disability.
Job Title: Data Protection Specialist
Type of Contract: Consultant
Division: CG – Chief of Staff / Global Privacy Office
Duty Station (City, Country): Rome HQ, Italy
Duration: 11 months
BACKGROUND AND PURPOSE OF THE ASSIGNMENT:
This position is located in the Global Privacy Office (GPO) of the World Food Programme Headquarters in Rome, Italy.
WFP is on a focused path towards digitally transforming how it operates and how it best serves those in need so that it can accelerate the goal of achieving zero hunger by 2030. Data Protection is at the core of these services to make sure we protect the people we serve.
Under the direct supervision of WFP’s Global Data Protection Officer (DPO), the Data Protection Specialist will provide strategic, technical, and operational support as part of the WFP Global Privacy Office and will play a central role in the successful shaping and implementation of a comprehensive Privacy Program across all division-wide organization.
As Data Protection Specialist, the incumbent will either support or lead multiple initiatives, where the development has already taken place; he/she will be expected to transform these initiatives into action, managing the day-to-day delivery by working with a broad range of colleagues, partners and other internal and external stakeholders.
MAIN ACCOUNTABITLITIES / RESPONSIBILITIES:
- Develop, implement and operationalize Data Protection and Privacy policies, governance mechanisms, procedures and tools to maximize program efficiency and comprehensive roll out across WFP different divisions and offices.
- Review current WFP’s policy and governance framework in Personal Data Protection (e.g. policies, guidelines and toolkits) to adapt them to WFP’s Privacy strategy and operational needs.
- Draft SOPs/ position papers/guidance as well as conduct legal research and documentation activities, with the objective of keeping abreast of key global Data Protection developments, trends and regulations on personal Data Protection and Privacy (e.g. biometrics, digital identities, blockchain, big data) and its impact on the humanitarian environment.
- Provide consistent advice to HQ divisions, regional bureaus and field offices on a variety of issues in the context of Data Protection and Privacy, identifying needs and priorities arising out of the interpretation or application of WFP principles, policies, guidelines, relevant international standards, conventions and best practices on Personal Data Protection and Privacy.
- Collaborate with cross-functional internal and external points of contact to effectively roll out the Data Protection and Privacy Program, ensure regulatory compliance and mitigate organizational risks.
- Operationalize the different elements of WFP’s Data Protection and Privacy Program (e.g. privacy notices, PIAs, register of processing, LIAs, training and awareness campaigns, SARs and data breach response mechanisms).
- Prepare and/or review Data Protection and Privacy agreements and contracts with public and private entities including participation in negotiation, to meet unique client needs.
- Proactively contribute to continuously improve systems, tools, processes and templates to shape them to WFP’s operational needs.
- Develop reporting mechanisms to allow monitoring of Data Protection and Privacy activities and identify related risks and gaps and support remediation.
- Document, track and report relevant program metrics and milestones on the implementation of the Privacy Program.
- Prepare reports, memoranda, talking points and correspondence on data protection issues as required.
- Effectively communicate needs and insights to different levels of cross-functional audiences.
- Conduct training and awareness activities as required.
- Coordinate and draft responses to audit findings and evaluation requirements.
- Perform any other related duties, as required.
QUALIFICATIONS AND EXPERIENCE REQUIRED:
Education:
Advanced university degree in relevant discipline (including but not limited to law, computer science, information technology) or related field with relevant work experience.
LLM or Master of Law on data protection, privacy, computer and communications law, compliance, international, digital or media law.
Certifications such as CIPP/E/U and CIPM, CIPT desired.
Knowledge of international security management systems industry standards (ISO 27001, ISO 27701, NIST…) desired.
Qualification to practice law or admitted to practice by a recognized national or state bar or law society desired.
Experience:
At least 7 years of responsible professional experience in Data protection, Privacy and Information Security, in a law/ consultancy firm and/or large
public/private sector organization on Data Protection.
Proven experience in building and implementing global Privacy and Data Protection compliance programs, operations and/or risk management programs in large corporations.
Experience in conducting PIAs, LIAS, maintaining records of processing activities, of incident response management and SARs mechanisms, drafting contracts, SOPs, policies and guidelines.
Experience in one of the following: operational risk management, compliance, audit and implementation or management of control frameworks.
Experience working in a global, large-scale, complex, and fast-paced environments.
Experience in roles that demand accuracy and quality, prioritization and execution against timelines, managing a high volume of project milestones.
Experience working autonomously with minimal supervision and as part of a team, well as to cooperate within a team, across different regions and time zones.
Knowledge and Skills:
- In depth knowledge of Data protection, Privacy and Information Security regulations, international security standards and specific key legal issues;
- Solid understanding of information technologies and their impact in the protection of personal data (e.g. privacy by design and by default, AI, big data, biometric technologies, digital identities, blockchain, SNSs…);
- Ability to identify Data Protection related risks and gaps based on local legal environment, developments and projects;
- Ability to contribute to large cross-functional projects requiring innovative analysis, recommendations and approaches;
- Strong analytical interpersonal, communications and presentational skills;
- Excellent drafting skills with the ability to write concisely and synthetize information from a variety of legal and jurisprudential sources;
- Demonstrated negotiating, cultural sensitivity and diplomatic skills;
- Demonstrated problem solving skills; client focus and results oriented;
- Ability to work harmoniously with people of different national and cultural backgrounds;
- Ability to plan and organize work programme with pre-defined reporting lines;
- Effectiveness orientation and pro-activity;
- Strong sense of responsibility, confidentiality and accountability.
Languages:
Fluency (level C) in English language. Intermediate knowledge (level B) of a second official UN language: Arabic, Chinese, French, Russian, Spanish,
and/or WFP’s working language, Portuguese is desirable.
Terms and Conditions
WFP offers a competitive compensation package which will be determined by the contract type and selected candidate’s qualifications and experience.
Please visit the following websites for detailed information on working with WFP.
http://www.wfp.org Click on: “Our work” and “Countries” to learn more about WFP’s operations.
Deadline for applications: 28 April 2023 11.59pm Rome Time
Ref.: VA No. 793727
All employment decisions are made on the basis of organizational needs, job requirements, merit, and individual qualifications. WFP is committed to providing an
inclusive work environment free of sexual exploitation and abuse, all forms of discrimination, any kind of harassment, sexual harassment, and abuse of authority.
Therefore, all selected candidates will undergo rigorous reference and background checks.
No appointment under any kind of contract will be offered to members of the UN Advisory Committee on Administrative and Budgetary Questions (ACABQ), International
Civil Service Commission (ICSC), FAO Finance Committee, WFP External Auditor, WFP Audit Committee, Joint Inspection Unit (JIU) and other similar bodies within the
United Nations system with oversight responsibilities over WFP, both during their service and within three years of ceasing that service.