Cybersecurity Consultant (Data Protection)

Position Description

The UNICC workforce consists of many diverse nationalities, cultures, languages, and opinions. UNICC seeks to sustain and strengthen this diversity by ensuring equal opportunity and an inclusive working environment for its entire workforce. Applications are encouraged from all qualified candidates without distinction on grounds of race, ethnicity, sex, national origin, age, religion, disability, sexual orientation and gender identity.

Background information:

The High Level Committee on Management (HLCM) of the UN formally adopted the Principles on Personal Data Protection and Privacy at its 36th Meeting on 11 October 2018.

These principles set out a basic framework for processing “personal data”, defined as information relating to an identified or identifiable natural person, by or on behalf of the United Nations System Organizations in carrying out their mandated activities.

UNICC has developed and established a supporting framework to support UN Partners in implementing Privacy Framework or Management System.

UNICC is currently looking for a Data Protection and Privacy Specialist. The Specialist will work on internal Privacy framework implementation as well as providing data protection related services to UNICC Partners.

The position will be responsible for consulting on privacy matters, development, implementation, maintenance and execution of policy and procedural documentation in support of UNICC or UNICC Partners’ Privacy Programmes. This person will also coordinate with multiple business areas including GRC, Finance, Legal, HR, IT Operations, etc. to ensure privacy requirements are effectively implemented and monitored for effectiveness.

Main duties and responsibilities:

The incumbent will work under the supervision of the Head, Cybersecurity Governance Unit (CSG) and will be provided guidance by the Cybersecurity Officer (Data Protection And Privacy), conducting the following duties and deliverables:

• Assist in the development and collaborate with the CSG unit in overseeing comprehensive privacy and cybersecurity programmes, ensuring alignment with ISO 27001 and ISO 27701 standards
• Perform monitoring on regulatory developments concerning privacy, data protection and artificial intelligence
• Draft, update, and enforce privacy and information security policies and procedures
• Provide advisory to the organization in establishing and maintaining compliance with international data protection frameworks such as ISO 27701 requirements
• Conduct regular privacy and cybersecurity risk assessments, focusing on data protection
• Implement privacy-enhancing and cybersecurity technologies, ensuring privacy by design and default in all IT projects
• Propose the development and conduct training programmes on data protection
• Establish and manage processes for responding to privacy and cybersecurity incidents, including breach detection, reporting, and response
• Maintain effective communication with internal and external stakeholders about privacy and data protection matters, reporting the status and effectiveness of the programmes to management
• Collaborate with other cybersecurity teams to integrate cybersecurity strategies with privacy practices
• Advise the CSG unit and other relevant teams on the necessary efforts to achieve and maintain ISO 27701 certification, and ensure the secure processing of personal and sensitive data
• Stay updated on global privacy laws, cybersecurity standards, and technological advancements, advising the organization on strategic implementations

Recruitment Profile

Experience and Skills required:

Essential:

• At least three (3) years of demonstrated experience in Cybersecurity, Governance, Risk, Compliance (GRC) and Privacy/Data Protection domains
• Strong knowledge of privacy and data protection laws and/or frameworks such as GDPR, EU ePrivacy directive, CCPA, HIPAA etc.
• Track record in establishing Information Security Management System (ISMS) based on ISO 27001:2013
• Proven experience with the implementation of Privacy Information Management Systems (PIMS) such as ISO 27701:2018
• Proven experience conducting privacy reviews, control assessments and privacy impact assessments
• Strong knowledge in privacy engineering techniques including privacy by design and default techniques
• Ability to effectively write documentation & reports for diverse audience
• Willingness to learn on the job
• Ability to manage and resolute conflicts

Desirable:

• Prior work experience in the UN system, or as a service provider to UN agencies
• Project management skills
• Ability to monitor and summarize regulatory developments in privacy, data protection and artificial intelligence

Education:

Essential:

• First university degree in Computer Science, Information Systems, Mathematics, Statistics or related field; or first university degree in Law
• Professional security management certification, such as a Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Cloud Security Professional (CCSP), ISO 27001 or 27701 lead implementer/auditor, IAPP Certified Information Privacy Manager or any related/similar certification. Privacy certifications (such as CDPSE/CIPP/CIPM/CIPT or similar) strongly preferred

Desirable:

• For Cybersecurity profiles, specialization courses or degree in Law; for legal profiles, specialization in the Cybersecurity domain
• Specialization degree in data protection

Languages:

• English: Expert knowledge is required

UNICC Global Competencies:

• Teamwork: Develops and promotes effective relationships with colleagues and team members. Deals constructively with conflicts.
• Communicating: Expresses oneself clearly in conversations and interactions with others; listens actively. Produces effective written communications. Ensures that information is shared.
• Respecting and promoting individual and cultural differences: Demonstrates the ability to work constructively with people of all backgrounds and orientations. Respects differences and ensures that all can contribute.
• Knowing and managing yourself: Manages ambiguity and pressure in a self-reflective way. Uses criticism as a development opportunity. Seeks opportunities for continuous learning and professional growth.
• Producing results: Produces and delivers quality results. Is action oriented and committed to achieving outcomes.
• Moving forward in a changing environment: Is open to and proposes new approaches and ideas. Adapts and responds positively to change.

Other Information

Compensation:

Fee will be based either on the National Officer salary scales or the Individual Consultancy band levels (for Headquarters)

• National Officer Salary Scale
• For headquarters, Individual Consultancy band levels will be used

Closing date for applications:

Applications will be accepted until midnight (Geneva Time) on 3 March 2024.

Notes:

• Technical and/or personality tests may be carried out as part of the selection process
• Only short-listed candidates will be contacted
• Though you may not be selected for this advertised position, the UNICC will keep your application in a roster if your profile is deemed to be of potential interest for the Centre. You may thus be solicited by our HR department to participate in an interview for another position

The UNICC workforce consists of many diverse nationalities, cultures, languages, and opinions. UNICC seeks to sustain and strengthen this diversity by ensuring equal opportunity and an inclusive working environment for its entire workforce. Applications are encouraged from all qualified candidates without distinction on grounds of race, ethnicity, sex, national origin, age, religion, disability, sexual orientation and gender identity.

For applications to be valid, they must contain a motivation letter and the filled Personal History Form.