Cybersecurity Officer (Data Protection and Privacy) At International Computing Centre

The UNICC workforce consists of many diverse nationalities, cultures, languages, and opinions. UNICC seeks to sustain and strengthen this diversity by ensuring equal opportunity and an inclusive working environment for its entire workforce. Applications are encouraged from all qualified candidates without distinction on grounds of race, ethnicity, sex, national origin, age, religion, disability, sexual orientation and gender identity.

Purpose of the Position:

The High Level Committee on Management (HLCM) of the UN formally adopted the Principles on Personal Data Protection and Privacy at its 36th Meeting on 11 October 2018. These principles set out a basic framework for processing “personal data”, defined as information relating to an identified or identifiable natural person, by or on behalf of the United Nations System Organizations in carrying out their mandated activities.

UNICC has developed and established a supporting framework to support UN Partners in implementing Privacy Framework or Management System. The incumbent of the position will act as a Data Protection and Privacy Specialist and will work on internal Privacy framework implementation as well as providing data protection related services to UNICC Partners. The position will be responsible for consulting on privacy matters, development, implementation, maintenance and execution of policy and procedural documentation in support of UNICC or UNICC Partners’ Privacy Programmes. This person will also coordinate with multiple business areas including GRC, Finance, Legal, HR, IT Operations, etc. to ensure privacy requirements are effectively implemented and monitored for effectiveness.

Objectives of the Programme:

The objective of the Centre is to provide trusted ICT services and digital business solutions to its Clients and Partner Organizations.

Main duties and responsibilities

The incumbent will work under the direct supervision and guidance of the Head, Data Protection & Privacy (CSGD) within the Cybersecurity Division (CS) and in close collaboration with the Management and Strategy Division (MS). The incumbent could be requested to do any other tasks of similar level in related fields.

Develop and maintaining privacy related notices, policies, standards, guidelines and processes
Conduct assessments, review results and work with stakeholders to mitigate privacy risks across the organization
Provide deep technical privacy guidance, analysis, and feedback to business leaders, engineers, solutions and application architects. Help develop, implement and manage processes, internal controls relating to privacy frameworks and offer privacy support to various departments
Collaborate with compliance and security professionals on projects related to compliance with global data protection and privacy laws
Assist in developing and administering privacy training and awareness campaigns for various groups within the company
Establish and manage tools and develop run books for managing and tracking compliance with UNICC’s global privacy obligations such as privacy impact assessments, technical implementation of privacy by design and default, and operational workflows
Coordinate internal and external audits of our privacy systems and procedures
Lead Data Protection and Privacy Impact assessments (PIA)
Provide ongoing management, content development and oversight of the privacy program, including training, risk management, exception handling and process improvement
Lead other tasks related to Cybersecurity governance when
Provide other ad hoc support either within your team or in other teams as required – this includes the participation in special projects or support to service delivery for short period of time on a part-time or full-time basis upon request from the senior management

Recruitment Profile

Experience and Skills required:

Essential:

At least seven (7) years of demonstrated experience in Cybersecurity, Governance, Risk, Compliance (GRC) and Privacy/Data Protection domains
Strong knowledge of privacy and data protection frameworks such as GDPR, ePrivacy, etc.
Successful track record in establishing Information Security Management System (ISMS) based on ISO 27001:2013
Proven experience with the implementation of Privacy Information Management Systems (PIMS) such as ISO 27701:2018
Proven experience conducting privacy reviews, control assessments and privacy impact assessments
Strong knowledge in privacy engineering techniques including privacy by design and default techniques
Customer facing experience and oral communication skills
Ability to effectively write documentation & reports for diverse audience
Creativity/ability to find innovative solutions
Willingness to learn on the job
Ability to manage and resolute conflicts

Desirable:

Project management skills and ability to manage multiple projects under strict timelines

Education:

Essential:

First university degree in computer science, information systems, mathematics, statistics or related field
Professional security management certification, such as a Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Cloud Security Professional (CCSP), ISO 27001 lead implementer/auditor, or other similar credentials

Desirable:

Specialisation courses or degree in law

Languages:

English: Expert knowledge is required
Knowledge of another official United Nations language is an advantage

UNICC Global Competencies:

Teamwork: Develops and promotes effective relationships with colleagues and team members. Deals constructively with conflicts.
Communicating: Expresses oneself clearly in conversations and interactions with others; listens actively. Produces effective written communications. Ensures that information is shared.
Producing results: Produces and delivers quality results. Is action oriented and committed to achieving outcomes.
Moving forward in a changing environment: Is open to and proposes new approaches and ideas. Adapts and responds positively to change.
Promoting UNICC’s position: Positions UNICC as a leader in ICT services. Gains support for UNICC’s Coordinates plans and communicates in a way that attracts support from intended audiences.

Other Information

Compensation:

Annual Salary Estimation (net of tax at single rate):

Brindisi (Italy), including post adjustment (26,0% on March 2023): US$ 78,991.
Geneva, (Switzerland), including post adjustment (79,4% on March 2023): US$ 112,469.
New York, (USA), including post adjustment (80,5% on March 2023): US$ 113,159.
Rome (Italy), including post adjustment (32,0% on March 2023): US$ 82,753.
Valencia (Spain), including post adjustment (30,0% on March 2023): US$ 81,499.

UNICC also offers generous leave and absence allowances, flexible working hours, overtime compensation, teleworking, access to training, and depending on eligibility other benefits such as relocation grant, dependency allowance, language allowance, or education grant.

Closing date for applications:

Applications will be accepted until midnight (Geneva Time) on 14 April 2023.

Notes:

Technical and/or personality tests may be carried out as part of the selection process
Only short-listed candidates will be contacted
Though you may not be selected for this advertised position, the UNICC will keep your application in a roster if your profile is deemed to be of potential interest for the Centre. You may thus be solicited by our HR department to participate in an interview for another position

* For UNICC staff members who do not meet the minimum educational qualifications, please refer to the applicable WHO e-Manual Annex 6 – Guidelines on Standard Minimum Experience Exposure and Education Requirements

For applications to be valid, they must contain a motivation letter and the filled Personal History Form.