Duty Station: Home-based, with availability for meetings during New York working hours.
Duration: 2 months (with possibility for extension),
Purpose of consultancy:
In consultation with relevant stakeholders, and reporting directly to the Director, Division of Management Services (DMS), and the Chief, Legal Unit (LU), the Personal Data Protection Consultant is responsible for organizing, coordinating and leading the development of a personal data protection and privacy strategy, leading the operationalization of the “to be developed” personal data protection and privacy policies, and serving as a focal point for internal inquiries concerning UNFPA’s personal data protection and privacy policies.
Scope of work
1. Finalize the drafting and issue of the new personal data protection policy; provide technical and legal advice in the process. UNFPA’s data protection policy will be based upon UNICEF’s with minimal adjustment for UNFPA mandate and business model.
2. An interdivisional working group (IDWG) will be established to contribute towards the policy and subsequent roll out. The consultant will co-chair meetings of this IDWG and plan and monitor their inputs
3. Operationalization of the data protection policy: In conjunction with the IDWG develop tools and other requirements for the global roll-out of the data protection policy (tools including risk assessment, training, changes to supply or partner agreements, privacy statements, consent forms, etc.).
4. Coordinate a mapping of the relevant data in UNFPA: Create a database of what kind of data and information UNFPA is currently possessing and processing, how it is stored, if it is classified, how it is shared and disposed of, and how this aligns with the new policy. Suggest remedies where such instances are outside the policy.
Deliverables:
Completion of policy and related documents
Preparation of IDWG work plan and updates
Meeting minutes and action plans
The consultant is expected to deliver relevant activities on timely basis, reliably and accurately throughout the consultancy period. Specific deadlines, reports/deliverables will be communicated accordingly.
Expected Travel: None
Education:
An appropriate advanced university degree required, with a major concentration in law or governance.
Knowledge and experience:
- A minimum of seven years progressively responsible professional experience in law, information security, risk management, auditing and/or compliance is required.
- At least three years of professional experience focused on data protection or privacy is required.
- Experience working for a large international corporation or international organization is required.
- Experience implementing data privacy policies is required
- Strong skills in knowledge and information management and mapping is required.
- A good working knowledge of multiple domestic and international privacy laws, regulations and industry best practices is required.
- Ability to work in a multicultural environment is desirable.
- Demonstrates openness to change, flexibility and ability to manage complexities is essential
- Results-oriented and able to respect deadlines is essential
- Familiarity and experience with legal issues or risks in enterprise, cloud or multi-jurisdictional platforms is an asset.
- Experience or familiarity with governance, risk and compliance tools and how they can be used to support privacy-related activities is desirable.
- Experience in auditing frameworks and international standards is desirable.
- Experience within the UN system is desirable.
Language Requirements:
Fluency in English is required.
How to Apply
Please send your application and a short letter of motivation with "Personal Data Protection Consultant" in the subject to Sabina Saeed at ssaeed@unfpa.org, by 31 August 2021