United Nations - New York, NY
posted 5 days ago
New York, NY
Executive, Legislative, and Other General Government Support
About the position
The United Nations Office of Data Protection and Privacy (the 'Office') was established by the Secretary-General as an independent Secretariat unit. In accordance with Secretary-General's bulletin ST/SGB/2024/1, the functions of the Office include: providing support to the Secretariat to ensure the respect for data protection and privacy in the use and processing of personal data by the Secretariat, consistent with the United Nations mandates, including through the provision of effective oversight, coordination, and guidance on the implementation of the Secretariat data protection and privacy programme, in close collaboration with other relevant departments and offices of the Secretariat (the 'Data Protection and Privacy Programme'). The Data Protection and Privacy Officer will be responsible for performing data protection and privacy tasks in support of the work of the Office of Data Protection and Privacy and report to the Chief Data Protection and Privacy Officer.
Responsibilities
- Provide support to the Chief Data Protection and Privacy Officer to operationalize the Secretariat data protection and privacy programme and facilitate day-to-day implementation of data protection and privacy related activities.
- Review processing of relevant data and inform the Chief Data Protection and Privacy Officer and Head of Entity regarding data protection and privacy policy compliance.
- Support the development and maintenance of a centralized reporting mechanism for the purpose of receiving and recording requests for information from individuals concerning the processing of their personal data by the Organisation.
- Liaise with data focal points on a regular basis to strengthen collaboration and promote coherence and harmonisation of data protection and privacy across the UN System.
- Provide support to the Chief Data Protection and Privacy Officer and Head of Entity to ensure compliance with relevant regulations, rules, policies, and practices concerning the purposes, content, use, and means of data processing, including maintaining data inventories, managing data breaches, capacity development, and capturing lessons learned and knowledge sharing.
- Assess and monitor data protection and privacy risks in partnership with relevant offices and departments.
- Assist in monitoring activities and in meeting reporting obligations on matters related to data protection and privacy, including relevant bodies and committees.
- Proactively identify issues of general concern and provide recommendations to strengthen the relevant data protection and privacy regulations, rules, procedures, and policies in place.
- Support entities on data mapping exercises to determine the content, purposes, and means of the processing of data, as well as any mitigation measures, and maintaining a repository of data processing activities.
- Support entities on data impact assessments, identify safeguards such as technical and organisational measures to apply to mitigate any risks to the rights and interests of the data subjects and determine whether or not the data impact assessment has been correctly carried out and its conclusions are in compliance with relevant regulations, rules, policies and practices.
- Support the development of procedures for the management of data breaches, including notifications to data subjects, and work with OICT on data breach management within information systems.
- Support OICT, as needed, in developing data protection and privacy-by-design approaches, including in the setting of technical standards, as well as in the procurement of Privacy Enhancing Technologies (PETs), to ensure Secretariat-wide compliance with the Data Protection and Privacy Policy throughout the lifecycle of the data processing in information systems.
- Support activities aimed at building capacity of staff on data protection and privacy, including development of trainings for staff members and other personnel.
- Manage and coordinate the activities of the team, including hiring, training, assigning tasks and responsibilities, and ensuring that deadlines are met.
- Perform other duties as necessary.
Requirements
- Advanced university degree (Master's degree or equivalent degree) in law, business, public administration, computer science, information management, social sciences, or a related field.
- A first-level university degree in combination with qualifying experience may be accepted in lieu of the advanced university degree.
- A minimum of five years of progressively responsible experience demonstrating knowledge of widely recognised data protection and privacy principles, best practices, and methodologies is required.
- Experience demonstrating knowledge of governance, risk, and compliance tools to support data privacy programmes is desirable.
- Fluency in English is required. Knowledge of a second official UN language is desirable.
Nice-to-haves
- An internationally recognized active certification in information privacy management and technology is desirable.
Benefits
- The United Nations is committed to creating a diverse and inclusive environment of mutual respect.
- Reasonable accommodation may be provided to applicants with disabilities upon request, to support their participation in the recruitment process.
