Org. Setting and Reporting

The position is located in the Innovation and Analytics Hub within the Executive Direction and Management, at the Office of the High Commissioner for Human Rights (OHCHR), in Geneva. The Data Protection and Privacy Officer will report to the OHCHR’s Data Protection Focal Point(s). The P-4 Data Protection and Privacy Officer is responsible for performing data protection and privacy tasks in support of the work of the Data Protection Focal Point(s) and, through them, to the High Commissioner as OHCHR Head of Entity. This role involves a range of activities including working on the implementation across OHCHR of the Data protection and privacy policy for the Secretariat of the United Nations (ST/SGB2024/1), and related administrative issuances on data protection and privacy, as well as developing and reviewing policy and procedures in relation thereto including reviewing and conducting data mapping exercises and data impact assessments, managing data subject requests and data breaches, and developing training and awareness programs. The incumbent will work with relevant offices in the setting and approval of technical standards and in the management of data breaches.

Responsibilities

GOVERNANCE: • Provides support to the Data Protection Focal Point and to the High Commissioner as Head of Entity and Data Steward for OHCHR, and to OHCHR’s Data Protection Focal Point(s), to operationalize the Secretariat data protection and privacy programme and facilitate day-to-day implementation of data protection and privacy related activities. • Leads the review of processing of relevant data and provide advice and recommendations through the Data Protection Focal Point(s) to Head of Entity regarding data protection and privacy policy compliance. • Advises and supports in the development of relevant procedures, such as data protection and privacy standard operating procedures, including those relating to the retention and periodic deletion of data maintained by the respective entity, and appropriate safeguards in relation to transfers of data outside the Organisation. • Liaises with data focal points on a regular basis to strengthen collaboration and promote coherence and harmonization of data protection and privacy across the UN System. COMPLIANCE, MONITORING AND REPORTING: • Provides support to the Data Protection focal point(s) and, through them, to the Head of Entity to ensure compliance with relevant regulations, rules, policies, and practices concerning the purposes, content, use, and means of data processing, including maintaining data inventories, managing data breaches, capacity development, and capturing lessons learned and knowledge sharing. • Advises on measures to be taken to ensure compliance with relevant regulations, rules, policies, and practices concerning the purposes, content, use, and means of data processing in relation to Secretariat-wide enterprise systems and controls and liaise with the Information Management and Technology Section (IMTS) and technical focal points for each such system. • Assesses and monitors data protection and privacy risks in partnership with relevant offices and departments. • Leads monitoring activities and ensure that reporting obligations on matters related to data protection and privacy, including relevant bodies and committees are met. • Keeps track of trends and developments in data protection and privacy best practices. • Proactively identifies and brings to the attention of senior management issues of general concern and provide recommendations to strengthen the relevant data protection and privacy regulations, rules, procedures, and policies in place. DATA MANAGEMENT: • Advises and supports entities on data mapping exercises to determine the content, purposes, and means of the processing of data, as well as any mitigation measures, and maintaining a repository of data processing activities. • Advises and supports on data impact assessments, identify safeguards such as technical and organisational measures to apply to mitigate any risks to the rights and interests of the data subjects and determine whether or not the data impact assessment has been correctly carried out and its conclusions are in compliance with relevant regulations, rules, policies and practices. • Guides the development of procedures for the management of data breaches, including notifications to data subjects, and work with OICT on data breach management within information systems. • Collects and analyses data to identify trends or patterns and provides insights through graphs, charts, tables and reports using data visualization methods to enable data-driven planning, decision-making, presentation and reporting. AWARENESS, TRAINING AND OUTREACH: • Leads activities aimed at building capacity of staff on data protection and privacy, including development of trainings for staff members and other personnel. • Ensures a data protection and privacy culture within OHCHR and guide the efforts to implement essential regulatory elements, such as the principles of data processing, data subjects’ rights, data protection and privacy-by-design, records of processing activities, security of processing, and notification and communication of data breaches.

Competencies

PROFESSIONALISM: Knowledge of data protection and privacy policies, rules and procedures in relation to and including reviewing and conducting data mapping exercises and data impact assessments, managing data subject requests and data breaches, and developing training and awareness programs. Ability to advise on data impact assessments and related technologies. Shows pride in work and in achievements. Demonstrates professional competence and mastery of subject matter. Is conscientious and efficient in meeting commitments, observing deadlines and achieving results. Is motivated by professional rather than personal concerns. Shows persistence when faced with difficult problems or challenges; remains calm in stressful situations. Takes responsibility for incorporating gender perspectives and ensuring the equal participation of women and men in all areas of work. COMMUNICATION: Speaks and writes clearly and effectively. Listens to others, correctly interprets messages from others and responds appropriately. Asks questions to clarify, and exhibits interest in having two-way communication. Tailors language, tone, style and format to match the audience. Demonstrates openness in sharing information and keeping people informed. PLANNING & ORGANIZING: Develops clear goals that are consistent with agreed strategies. Identifies priority activities and assignments; adjusts priorities as required. Allocates appropriate amount of time and resources for completing work. Foresees risks and allows for contingencies when planning. Monitors and adjusts plans and actions as necessary. Uses time efficiently.

Education

Advanced university degree (Master’s degree or equivalent degree) in law, business, public administration, computer science, information management, social sciences, or a related field. A first-level university degree in combination with two additional years of qualifying work experience may be accepted in lieu of the advanced university degree.

Job – Specific Qualification

Not available.

Work Experience

Demonstrates a minimum of seven years of progressively responsible experience only for the knowledge, skills, and abilities below labelled with is required. Demonstrated knowledge of data protection and privacy standards is required. Demonstrated knowledge of widely recognised data protection and privacy principles, best practices, and methodologies is required. Demonstrated knowledge of national and/or international data protection and privacy practices and frameworks is required. Demonstrated knowledge of privacy by design-related concepts and methodologies is desirable. Demonstrated knowledge of cloud computing, online services, web and enterprise applications, and data analytics is desirable. Demonstrated knowledge of data privacy and security risk management concepts, methodologies, and best practices is desirable. Demonstrated knowledge of technologies that assist data protection and privacy programmes, such as data discovery, data mapping, authorisation or access management tools is desirable.

Languages

English and French are the working languages of the United Nations Secretariat. For the position advertised, fluency in oral and written English is required. Knowledge of French is desirable. Knowledge of another official United Nations language is an advantage.

Assessment

Evaluation of qualified candidates may include an assessment exercise which may be followed by competency-based interview.

Special Notice

THIS POSITION IS TEMPORARILY AVAILABLE UNTIL 31 DECEMBER 2024, SUBJECT TO AVAILABILITY OF FUNDS. While this temporary assignment may provide the successful applicant with an opportunity to gain new work experience, the selection for this position is for a limited period and has no bearing on the future incumbency of the post. A current staff member who holds a fixed-term, permanent or continuing appointment may apply for temporary positions no more than one level above his or her current grade. However, a current staff member who holds an appointment at the G-6 or G-7 level may also apply to temporary positions in the Professional category up to and including the P-3 level, subject to meeting all eligibility and other requirements for the position. A staff member holding a temporary appointment shall be regarded as an external candidate when applying for other positions, and may apply for other temporary positions at any level, subject to section 5.7 below and staff rule 4.16 (b) (ii). Therefore, a staff member holding a temporary appointment in the General Service or related categories may only apply to positions within those categories. For full information on eligibility requirements, please refer to section 5 of ST/AI/2010/4 Rev.1 on Temporary Appointments. If the selected candidate is a staff member from the United Nations Secretariat, the selection will be administered as a temporary assignment. Staff members of the United Nations common system organizations who will reach the mandatory age of separation or retirement within the duration of the current temporary need period are not eligible to apply. Submitting an application or selection for the current temporary job opening does not delay or increase the mandatory age of separation. Retirees above the mandatory age of separation who wish to be considered for the current temporary job opening must indicate the reason for their last separation as “retirement.” Such retirees shall not be employed by the Organization, unless (a) the operational requirements of the Organization cannot be met by staff members who are qualified and available to perform the required functions; and (b) the proposed employment would not adversely affect the career development or redeployment opportunities of other staff members and represents both a cost-effective and operationally sound solution to meet the needs of the service. At the United Nations, the paramount consideration in the recruitment and employment of staff is the necessity of securing the highest standards of efficiency, competence and integrity, with due regard to geographic diversity. All employment decisions are made on the basis of qualifications and organizational needs. The United Nations is committed to creating a diverse and inclusive environment of mutual respect. The United Nations recruits and employs staff regardless of gender identity, sexual orientation, race, religious, cultural and ethnic backgrounds or disabilities. Reasonable accommodation for applicants with disabilities may be provided to support participation in the recruitment process when requested and indicated in the application. The United Nations Secretariat is committed to achieving 50/50 gender balance in its staff. Female candidates are strongly encouraged to apply for this position.

United Nations Considerations

According to article 101, paragraph 3, of the Charter of the United Nations, the paramount consideration in the employment of the staff is the necessity of securing the highest standards of efficiency, competence, and integrity. Candidates will not be considered for employment with the United Nations if they have committed violations of international human rights law, violations of international humanitarian law, sexual exploitation, sexual abuse, or sexual harassment, or if there are reasonable grounds to believe that they have been involved in the commission of any of these acts. The term “sexual exploitation” means any actual or attempted abuse of a position of vulnerability, differential power, or trust, for sexual purposes, including, but not limited to, profiting monetarily, socially or politically from the sexual exploitation of another. The term “sexual abuse” means the actual or threatened physical intrusion of a sexual nature, whether by force or under unequal or coercive conditions. The term “sexual harassment” means any unwelcome conduct of a sexual nature that might reasonably be expected or be perceived to cause offence or humiliation, when such conduct interferes with work, is made a condition of employment or creates an intimidating, hostile or offensive work environment, and when the gravity of the conduct warrants the termination of the perpetrator’s working relationship. Candidates who have committed crimes other than minor traffic offences may not be considered for employment. Due regard will be paid to the importance of recruiting the staff on as wide a geographical basis as possible. The United Nations places no restrictions on the eligibility of men and women to participate in any capacity and under conditions of equality in its principal and subsidiary organs. The United Nations Secretariat is a non-smoking environment. Reasonable accommodation may be provided to applicants with disabilities upon request, to support their participation in the recruitment process. By accepting a letter of appointment, staff members are subject to the authority of the Secretary-General, who may assign them to any of the activities or offices of the United Nations in accordance with staff regulation 1.2 (c). Further, staff members in the Professional and higher category up to and including the D-2 level and the Field Service category are normally required to move periodically to discharge functions in different duty stations under conditions established in ST/AI/2023/3 on Mobility, as may be amended or revised. This condition of service applies to all position specific job openings and does not apply to temporary positions. Applicants are urged to carefully follow all instructions available in the online recruitment platform, inspira, and to refer to the Applicant Guide by clicking on “Manuals” in the “Help” tile of the inspira account-holder homepage. The evaluation of applicants will be conducted on the basis of the information submitted in the application according to the evaluation criteria of the job opening and the applicable internal legislations of the United Nations including the Charter of the United Nations, resolutions of the General Assembly, the Staff Regulations and Rules, administrative issuances and guidelines. Applicants must provide complete and accurate information pertaining to their personal profile and qualifications according to the instructions provided in inspira to be considered for the current job opening. No amendment, addition, deletion, revision or modification shall be made to applications that have been submitted. Candidates under serious consideration for selection will be subject to reference checks to verify the information provided in the application. Job openings advertised on the Careers Portal will be removed at 11:59 p.m. (New York time) on the deadline date.

No Fee

THE UNITED NATIONS DOES NOT CHARGE A FEE AT ANY STAGE OF THE RECRUITMENT PROCESS (APPLICATION, INTERVIEW MEETING, PROCESSING, OR TRAINING). THE UNITED NATIONS DOES NOT CONCERN ITSELF WITH INFORMATION ON APPLICANTS’ BANK ACCOUNTS.