ICC/23/MUL/39 - Cybersecurity Officer (Data Protection and Privacy)
The UNICC workforce consists of many diverse nationalities, cultures, languages, and opinions. UNICC seeks to sustain and strengthen this diversity by ensuring equal opportunity and an inclusive working environment for its entire workforce. Applications are encouraged from all qualified candidates without distinction on grounds of race, ethnicity, sex, national origin, age, religion, disability, sexual orientation, and gender identity.
Purpose of the Position:
The High-Level Committee on Management (HLCM) of the UN formally adopted the Principles on Personal Data Protection and Privacy at its 36th Meeting on 11 October 2018. These principles set out a basic framework for processing “personal data”, defined as information relating to an identified or identifiable natural person, by or on behalf of the United Nations System Organizations in carrying out their mandated activities.
UNICC has developed and established a supporting framework to support UN Partners in implementing Privacy Framework or Management System. The incumbent of the position will act as a Data Protection and Privacy Specialist and will work on internal Privacy framework implementation as well as providing data protection related services to UNICC Partners. The position will be responsible for consulting on privacy matters, development, implementation, maintenance, and execution of policy and procedural documentation in support of UNICC or UNICC Partners’ Privacy Programmes. This person will also coordinate with multiple business areas including GRC, Finance, Legal, HR, IT Operations, etc. to ensure privacy requirements are effectively implemented and monitored for effectiveness.
Objectives of the Programme:
The objective of the Centre is to provide trusted ICT services and digital business solutions to its Clients and Partner Organizations.
Main duties and responsibilities
The incumbent will work under the direct supervision and guidance of the Head, Data Protection & Privacy (CSGD) within the Cybersecurity Division (CS) and in close collaboration with the Management and Strategy Division (MS). The incumbent could be requested to do any other tasks of similar level in related fields.
- Develop and maintaining privacy related notices, policies, standards, guidelines and processes
- Conduct assessments, review results and work with stakeholders to mitigate privacy risks across the organization
- Provide deep technical privacy guidance, analysis, and feedback to business leaders, engineers, solutions and application architects. Help develop, implement and manage processes, internal controls relating to privacy frameworks and offer privacy support to various departments
- Collaborate with compliance and security professionals on projects related to compliance with global data protection and privacy laws
- Assist in developing and administering privacy training and awareness campaigns for various groups within the company
- Establish and manage tools and develop run books for managing and tracking compliance with UNICC’s global privacy obligations such as privacy impact assessments, technical implementation of privacy by design and default, and operational workflows
- Coordinate internal and external audits of our privacy systems and procedures
- Lead Data Protection and Privacy Impact assessments (PIA)
- Provide ongoing management, content development and oversight of the privacy program, including training, risk management, exception handling and process improvement
- Lead other tasks related to Cybersecurity governance when
- Provide other ad hoc support either within your team or in other teams as required – this includes the participation in special projects or support to service delivery for short period of time on a part-time or full-time basis upon request from the senior management
Experience and Skills required:
- At least seven (7) years of demonstrated experience in Cybersecurity, Governance, Risk, Compliance (GRC) and Privacy/Data Protection domains
- Strong knowledge of privacy and data protection frameworks such as GDPR, ePrivacy, etc.
- Successful track record in establishing Information Security Management System (ISMS) based on ISO 27001:2013
- Proven experience with the implementation of Privacy Information Management Systems (PIMS) such as ISO 27701:2018
- Proven experience conducting privacy reviews, control assessments and privacy impact assessments
- Strong knowledge in privacy engineering techniques including privacy by design and default techniques
- Customer facing experience and oral communication skills
- Ability to effectively write documentation & reports for diverse audience
- Creativity/ability to find innovative solutions
- Willingness to learn on the job
- Ability to manage and resolute conflicts
- Project management skills and ability to manage multiple projects under strict timelines
- First university degree in computer science, information systems, mathematics, statistics or related field
- Professional security management certification, such as a Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Cloud Security Professional (CCSP), ISO 27001 lead implementer/auditor, or other similar credentials
- Specialisation courses or degree in law
- English: Expert knowledge is required
- Knowledge of another official United Nations language is an advantage
UNICC Global Competencies:
- Teamwork: Develops and promotes effective relationships with colleagues and team members. Deals constructively with conflicts.
- Communicating: Expresses oneself clearly in conversations and interactions with others; listens actively. Produces effective written communications. Ensures that information is shared.
- Producing results: Produces and delivers quality results. Is action oriented and committed to achieving outcomes.
- Moving forward in a changing environment: Is open to and proposes new approaches and ideas. Adapts and responds positively to change.
- Promoting UNICC’s position: Positions UNICC as a leader in ICT services. Gains support for UNICC’s Coordinates plans and communicates in a way that attracts support from intended audiences.
Annual Salary Estimation (net of tax at single rate):
- Brindisi (Italy), including post adjustment (26,0% on March 2023): US$ 78,991.
- Geneva, (Switzerland), including post adjustment (79,4% on March 2023): US$ 112,469.
- New York, (USA), including post adjustment (80,5% on March 2023): US$ 113,159.
- Rome (Italy), including post adjustment (32,0% on March 2023): US$ 82,753.
- Valencia (Spain), including post adjustment (30,0% on March 2023): US$ 81,499.
UNICC also offers generous leave and absence allowances, flexible working hours, overtime compensation, teleworking, access to training, and depending on eligibility other benefits such as relocation grants, dependency allowances, language allowances, or education grants.
Closing date for applications:
Applications will be accepted until midnight (Geneva Time) on 14 April 2023.
- Technical and/or personality tests may be carried out as part of the selection process
- Only short-listed candidates will be contacted
- Though you may not be selected for this advertised position, the UNICC will keep your application in a roster if your profile is deemed to be of potential interest for the Centre. You may thus be solicited by our HR department to participate in an interview for another position
* For UNICC staff members who do not meet the minimum educational qualifications, please refer to the applicable WHO e-Manual Annex 6 – Guidelines on Standard Minimum Experience Exposure and Education Requirements
UNICC is an international organisation with a strong global impact. They have developed many actions such as applications to help refugees get money when they arrive in a new country. This humanitarian aspect is very important not only from a commercial perspective, but from a human-centered organisation perspective that also focuses on building projects to benefit our society, a significant consideration in a world where everything is profit-oriented. In terms of management, the organisation has a high gender score, and a low turnover rate, which means that people want to stay in this company. And for women, the company also offers a supportive workplace, with a strong commitment to women's well-being and a fair career path.
– Caroline & the 50inTech team