Data Protection Senior Expert

at  European Molecular Biology Laboratory

Administration
EMBL Heidelberg
This position is located and carried out in the Data Protection Office (DPO) of the European Molecular Biology Laboratory in Heidelberg, Germany.
Under the supervision of EMBL’s DPO, the Data Protection Senior Expert will provide strategic, technical, and operational support as part of the DP Office and will play a central role in the successful shaping and implementation of a comprehensive DP Strategy throughout the organisation. As Data Protection Senior Expert, you will either support or lead multiple projects, or; you will be expected to continue transforming already existing framework into action, managing the day-to-day operations by supporting staff, internal stakeholders and external partners on all six sites of EMBL.
Your role

EDUCATION:

• Advanced university degree in relevant discipline (including but not limited to law, computer science, information technology) or related field with relevant work experience.
• LLM or Master of Law on data protection, privacy, computer and communications law, compliance, international, digital or media law is desired.
• Certifications such as CIPP/E/U and CIPM, CIPT is desired.
• Knowledge of international security management systems industry standards (ISO 27001, ISO 27701, NIST…) is desired.

EXPERIENCE:

• At least 5 years of responsible professional experience in Data protection, Privacy and Information Security, in a consultancy firm and/or large public/private sector organization.
• Proven experience in building and implementing global Privacy and Data Protection compliance programs, operations and/or risk management programs in large corporations.
• Experience in conducting DPIAs, maintaining records of processing activities, of incident response management, drafting contracts, SOPs, policies and guidelines.
• Experience in operational risk management.
• Experience working in a global, large-scale, complex, and fast-paced environments.
• Experience working autonomously and as part of a team, well as to cooperate within a team.

KNOWLEDGE AND SKILLS:

• In depth knowledge of Data protection, Privacy and Information Security regulations, international security standards and specific key legal issues;
• Solid understanding of information technologies and their impact in the protection of personal data (e.g. privacy by design and by default);
• Ability to identify Data Protection related risks and gaps based on local legal environment, developments and projects;
• Expert knowledge of data protection laws and practices in relevant fields (scientific research, life sciences, international organisations)
• Strong analytical interpersonal, communications and presentational skills;
• Demonstrated negotiating, cultural sensitivity and diplomatic skills;
• Demonstrated problem solving skills; client focus and results oriented;
• Effectiveness orientation and pro-activity;
• Strong sense of responsibility, confidentiality and accountability.

ENJOY LOTS OF BENEFITS

• Financial incentives: Income tax exemption, monthly family, child and non-resident allowances, annual salary review, a pension scheme, life insurance, long-term care, accident-at-work and unemployment insurances
• Flexible working arrangements
• Certified training and continued development of your professional and personal skills
• Private medical insurance for you and your immediate family
• Generous time off: 30 days annual leave per year
• Generous relocation package including installation grant (if applicable)
• Family benefits: On-site nursery, 10 days of child sick leave, generous parental leave and monthly family and child allowances
• Benefits for international newcomers: Visa exemption, education grant for private schooling, financial support to travel back to your home country every second year and a monthly non-resident allowance
  What’s it like to work at EMBL? Hear what some of our staff have to say on our YouTube channel http://s.embl.org/lifeatembl.
  What else you need to know
  We are Europe’s research laboratory for the life sciences – an intergovernmental organisation performing scientific research in disciplines including molecular biology, physics, chemistry and computer science. We are an international, innovative and interdisciplinary laboratory with more than 1900 employees from many nations, operating across six sites, in Heidelberg (HQ), Barcelona, Hinxton near Cambridge, Hamburg, Grenoble and Rome.
  Please note that appointments on fixed term contracts can be renewed up to 9 years in total, depending on circumstances at the time of the review.
  **Don’t meet every single requirement? We are dedicated to building a diverse, inclusive and authentic workplace, so if you’re excited about this role but your past experience doesn’t align perfectly with every qualification in the job description, we encourage you to apply nevertheless

• Providing support in developing, implementing and operationalizing data protection policies, procedures and tools to maximize efficiency and comprehensive roll out of the data protection strategy across EMBL’s departments and units.
• Review existing policies, guidelines and toolkits to adapt them to EMBL’s current data protection strategy and operational needs.
• Draft SOPs/ guidelines/guidance as well as conduct legal research and documentation activities.
• Provide consistent advice to all EMBL units on a variety of issues in the context of Data Protection, identifying needs and priorities arising out of the interpretation or application of principles of EMBL’s Internal Policy on data protection N°68, policies, guidelines, relevant international standards, and best practices on Data Protection.
• Collaborate with cross-functional internal and external points of contact to effectively roll out the Data Protection Strategy, ensure regulatory compliance and mitigate organisational risks.
• Implement the different elements of EMBL’s Data Protection Strategy (e.g. privacy notices, DPIAs, register of processing activities, training and awareness campaigns, data breach response mechanisms and data breach register).
• Adapt and adjust systems, tools, processes and templates.
• Document, track and report relevant program metrics and milestones on the implementation of the Data Protection Strategy.
• Prepare reports, talking points and correspondence on data protection issues as required.
• Conduct training and awareness activities as required.
  Closing date: 30 November 2024
  Contract duration: 3 years (renewable up to 9 years)
  Grading: 6 or 7; depending on experience and qualifications (monthly salary starting from 4.4k-5.3EUR after tax + other paid benefits)
  Reference number: HD02745
  You have