Background Information – Job-specific

 

The United Nations Office for Project Services (UNOPS) is an operational arm of the United Nations, supporting the successful implementation of its partners’ peacebuilding, humanitarian, and development projects around the world. Mandated as a central resource of the United Nations, UNOPS provides sustainable project management, procurement, and infrastructure services to a wide range of governments, donors, and United Nations organisations.

UNOPS operating environments and projects are inherently risky. Furthermore, they are increasingly technology-enabled and data-intensive. This makes Data Protection, Privacy and Information Security key elements to the way projects are delivered across the global organisation and the way processes are digitised to better enable that.

The position is located in the Risk Unit, part of a broader Risk and Compliance Group, which covers the functions of Risk Management, Information Security, Compliance, Internal Control, Due Diligence and the organisation’s Contract Property Committees. The Risk unit is headed by UNOPS Chief Risk Officer (CRO). The Chief Information Security Officer (CISO), reporting to the CRO, leads the Information Security and Privacy function to ensure consistent and high-quality information security management in support of risk management, strategy, projects, and assurance.

One of the priorities of the Information Security and Privacy function is to establish, scale and sustain a privacy program to manage privacy risks, enable and support the organisational goals.

Under the overall guidance of the Chief Information Security Officer (CISO), each Data Protection and Privacy Specialist will be responsible for a broad range of tasks, including tactical, operational, and strategic activities to support the development and execution of the UNOPS’s privacy management program.

Working with us

UNOPS offers short- and long-term work opportunities in diverse and challenging environments across the globe. We are looking for creative, results-focused professionals with skills in a range of disciplines.

Diversity

With over 5,000 UNOPS personnel and approximately 7,400 personnel recruited on behalf of UNOPS partners spread across 80 countries, our workforce represents a wide range of nationalities and cultures. We promote a balanced, diverse workforce — a strength that helps us better understand and address our partners’ needs, and continually strive to improve our gender balance through initiatives and policies that encourage recruitment of qualified female candidates.

Work life harmonisation

UNOPS values its people and recognizes the importance of balancing professional and personal demands.

 

Functional Responsibilities

1. Personal Data Protection & Privacy Governance

• Support the development and implementation of UNOPS’ privacy program and the resulting privacy policies, procedures, and documentation for the processing of personal data in coordination with stakeholders within the organisation.
• Work to ensure the organisation maintains the appropriate privacy and confidentiality consent procedures, authorization forms, and information notices.
• Establish and work with a multidisciplinary team, including audit and risk, compliance, HR, legal, business process owners, IT, Cybersecurity, and other internal stakeholders to ensure enterprise-wide coverage of the privacy discipline.
• Work with procurement, vendor management and the legal department to ensure that third-party suppliers’ contracts and operating-level agreements meet privacy requirements.
• Implement and maintain an internal reporting mechanism for intended (new or changed) personal data processing activities, to which business unit/process owners must adhere.
• Support the organisation’s response activities to privacy-related incidents.
• Communicate with stakeholders and the public concerning privacy issues (for example, answering data subject’s questions and requests).

2. Privacy Impact Assessments

• Determine the organisation’s specific privacy-related requirements and support projects by conducting privacy impact assessment where applicable.
• Develop, improve, and manage the privacy impact assessment process, in close collaboration with business stakeholders.
• Conduct regular privacy policy compliance assessments to ensure that UNOPS’s privacy policies are being adhered to.

3. Compliance Monitoring

• Ensure that business units, technology teams and third parties (service providers) follow UNOPS’s privacy program, implement measuring procedures to verify the extent in which these stakeholders meet privacy policy requirements and address privacy concerns.
• Collaborate with and assist business units and technology areas to develop corrective action plans for identified privacy compliance issues.
• Continuously monitor the status and effectiveness of privacy controls across service offerings, ensuring that privacy-related key risk indicators are effectively monitored to prevent an unacceptable impact on business objectives and reputation.
• Conduct frequent compliance report monitoring activities on collaborating partners, third-party service providers’ and other data processors’ levels of privacy compliance.
• Report findings in a structural, transparent, and business-relevant manner, allowing the business to decide and instruct on adequate and appropriate mitigating measures.

4. Personal Data Inventory and Usage

• Support the creation of an inventory that documents how and why UNOPS collects, shares, and uses personal data.
• Continuously update and reevaluate the extent to which customer and employee information is collected and shared internally and externally.
• Monitor the data request and usage processes, purpose-based authorised use, and prevention mechanisms’ effectiveness against unauthorised use of personal data across UNOPS.
• Maintain UNOPS’s registry of all personal data stores and data processing activities.
• Influence UNOPS’s retention program to facilitate deletion or anonymization of personal data that is no longer needed for identified purpose(s), and in accordance with applicable requirements.

5. Awareness, Training, and Other Communications

• Conduct privacy awareness campaigns, training, and orientation for all employees — in particular, application developers, HR, and Procurement.
• Identify trends in privacy and requirements and compliance enforcement, and account for the necessary changes in the privacy program, updating information to the affected stakeholders.
• Work with third-party stakeholders (including business partners, suppliers, service providers and IT product vendors) to ensure that they clearly understand and comply with UNOPS’s privacy requirements.

 

Competencies

 

Develops and implements sustainable business strategies, thinks long term and externally in order to positively shape the organization. Anticipates and perceives the impact and implications of future decisions and activities on other parts of the organization.(for levels IICA-2, IICA-3, LICA Specialist- 10, LICA Specialist-11, NOC, NOD, P3, P4 and above)

Treats all individuals with respect; responds sensitively to differences and encourages others to do the same. Upholds organizational and ethical norms. Maintains high standards of trustworthiness. Role model for diversity and inclusion.

Acts as a positive role model contributing to the team spirit. Collaborates and supports the development of others. For people managers only: Acts as positive leadership role model, motivates, directs and inspires others to succeed, utilizing appropriate leadership styles.

Demonstrates understanding of the impact of own role on all partners and always puts the end beneficiary first. Builds and maintains strong external relationships and is a competent partner for others (if relevant to the role).

Efficiently establishes an appropriate course of action for self and/or others to accomplish a goal. Actions lead to total task accomplishment through concern for quality in all areas. Sees opportunities and takes the initiative to act on them. Understands that responsible use of resources maximizes our impact on our beneficiaries.

Open to change and flexible in a fast paced environment. Effectively adapts own approach to suit changing circumstances or requirements. Reflects on experiences and modifies own behavior. Performance is consistent, even under pressure. Always pursues continuous improvements.

Evaluates data and courses of action to reach logical, pragmatic decisions. Takes an unbiased, rational approach with calculated risks. Applies innovation and creativity to problem-solving.

Expresses ideas or facts in a clear, concise and open manner. Communication indicates a consideration for the feelings and needs of others. Actively listens and proactively shares knowledge. Handles conflict effectively, by overcoming differences of opinion and finding common ground.

 

Education/Experience/Language requirements

Education Requirements:

• Bachelor’s degree in business administration, law, finance, accounting, computer science or a related discipline is required.
• An Advanced Degree is desirable and might substitute for some years of experience.

One or more of the following professional certifications would be considered an advantage.

• Certified Information Privacy Professional (CIPP)
• Certified Information Privacy Management (CIPM)
• Certified Information Privacy Technologist (CIPT)
• Certified Information Systems Security Professional (CISSP)
• Certified Information Security Manager (CISM)
• Certified Information Systems Auditor (CISA)

The following or any other relevant professional certifications are desirable.

• Project Management (PMI-PMP, Prince2)
• ISO/IEC 20000 IT Service Management
• Information Technology Infrastructure Library (ITIL)

Experience Requirements:

• With a Bachelor degree, a minimum of seven (7) years of experience in personal data protection and privacy, and/or security risk management, and/or auditing and compliance in a large international and/or corporate organisation is required.
  With an Advanced degree, a minimum of 5 years of the above-mentioned relevant experience is required.
• 2 to 3 years of legal experience, with a focus on privacy is desirable.

Language Requirements:

• Full working knowledge of English is required
• Knowledge of another official UN language (Spanish and/or French) is desirable

 

Contract type, level and duration

 

Contract type: Individual Contractor Agreement – ICA
Contract level: International ICA2- ICS10
Contract duration: Several, possible short-term full-time / part-time opportunities, subject to organisational requirements, availability of funds and satisfactory performance.

For more details about the ICA contractual modality, please follow this link:
https://www.unops.org/english/Opportunities/job-opportunities/what-we-offer/Pages/Individual-Contractor-Agreements.aspx

Additional Information

 

• Please note that UNOPS does not accept unsolicited resumes.
• Applications received after the closing date will not be considered.
• Please note that only shortlisted candidates will be contacted and advance to the next stage of the selection process, which involves various assessments.
• Please note that your remuneration will depend on different factors such as where you will be based, your experience and family composition, among others.
• UNOPS embraces diversity and is committed to equal employment opportunity. Our workforce consists of many diverse nationalities, cultures, languages, races, gender identities, sexual orientations, and abilities. UNOPS seeks to sustain and strengthen this diversity to ensure equal opportunities as well as an inclusive working environment for its entire workforce.
• Qualified women and candidates from groups which are underrepresented in the UNOPS workforce are encouraged to apply. These include in particular candidates from racialized and/or indigenous groups, members of minority gender identities and sexual orientations, and people with disabilities.
• We would like to ensure all candidates perform at their best during the assessment process. If you are shortlisted and require additional assistance to complete any assessment, including reasonable accommodation, please inform our human resources team when you receive an invitation.

Terms and Conditions

• For staff positions only, UNOPS reserves the right to appoint a candidate at a lower level than the advertised level of the post.
• For retainer contracts, you must complete a few Mandatory Courses (they take around 4 hours to complete) in your own time, before providing services to UNOPS. For more information on a retainer contract here.
• All UNOPS personnel are responsible for performing their duties in accordance with the UN Charter and UNOPS Policies and Instructions, as well as other relevant accountability frameworks. In addition, all personnel must demonstrate an understanding of the Sustainable Development Goals (SDGs) in a manner consistent with UN core values and the UN Common Agenda.
• It is the policy of UNOPS to conduct background checks on all potential personnel. Recruitment in UNOPS is contingent on the results of such checks.