Data Protection Specialist

at  World Food Programme

DEADLINE FOR APPLICATIONS

15 September 2024-23:59-GMT+01:00 Central European Time (Rome)
WFP celebrates and embraces diversity. It is committed to the principle of equal employment opportunity for all its employees and encourages qualified candidates to apply irrespective of race, colour, national origin, ethnic or social background, genetic information, gender, gender identity and/or expression, sexual orientation, religion or belief, HIV status or disability.
Are you interested in further developing your professional experience while contributing to ending global hunger? Are you passionate about helping those in need? Would you like to join a global organization investing in its people?
If so, an exciting & fulfilling career awaits you!!! Join our diverse and passionate team that works on varied and international projects directly contributing to saving & changing millions of lives around the globe.

SPECIFIC QUALIFICATIONS & EXPERIENCE REQUIRED:

Education

Advanced university degree in relevant discipline (including but not limited to law, computer science, information technology) or related field with relevant work experience.

• LLM or Master of Law on data protection, privacy, computer and communications law, compliance, international, digital or media law.
• Certifications such as CIPP/E/U and CIPM, CIPT desired.
• Knowledge of international security management systems industry standards (ISO 27001, ISO 27701, NIST…) desired.
• Qualification to practice law or admitted to practice by a recognized national or state bar or law society desired.

Required Experience

• At least 5 years of responsible professional experience in Data protection, Privacy and Information Security, in a law/ consultancy firm and/or large public/private sector organization on Data Protection.
• Proven experience in building and implementing global Privacy and Data Protection compliance programs, operations and/or risk management programs in large corporations.
• Experience in conducting PIAs, LIAS, maintaining records of processing activities, of incident response management and SARs mechanisms, drafting contracts, SOPs, policies and guidelines.
• Experience in one of the following: operational risk management, compliance, audit and implementation or management of control frameworks.
• Experience working in a global, large-scale, complex, and fast-paced environments.
• Experience in roles that demand accuracy and quality, prioritization and execution against timelines, managing a high volume of project milestones.

• Experience working autonomously with minimal supervision and as part of a team, well as to cooperate within a team, across different regions and time zones.

  Knowledge & Skills:

• In depth knowledge of Data protection, Privacy and Information Security regulations, international security standards and specific key legal issues;

• Solid understanding of information technologies and their impact in the protection of personal data (e.g. privacy by design and by default, AI, big data, biometric technologies, digital identities, blockchain, SNSs…);

• Ability to identify Data Protection related risks and gaps based on local legal environment, developments and projects;
• Ability to contribute to large cross-functional projects requiring innovative analysis, recommendations and approaches;
• Strong analytical interpersonal, communications and presentational skills;
• Excellent drafting skills with the ability to write concisely and synthetize information from a variety of legal and jurisprudential sources;
• Demonstrated negotiating, cultural sensitivity and diplomatic skills;
• Demonstrated problem solving skills; client focus and results oriented;
• Ability to work harmoniously with people of different national and cultural backgrounds;
• Ability to plan and organize work programme with pre-defined reporting lines;
• Effectiveness orientation and pro-activity;
• Strong sense of responsibility, confidentiality and accountability.

BACKGROUND AND PURPOSE OF THE ASSIGNMENT:

This position is located in the Global Privacy Office (GPO) of the World Food Programme Headquarters in Rome, Italy.
WFP is on a focused path towards digitally transforming how it operates and how it best serves those in need so that it can accelerate the goal of achieving zero hunger by 2030. Data Protection is at the core of these services to make sure we protect the people we serve.
Under the direct supervision of WFP’s Global Data Protection Officer (DPO), the Data Protection Specialist will provide strategic, technical, and operational support as part of the WFP Global Privacy Office and will play a central role in the successful shaping and implementation of a comprehensive Privacy Program across all division-wide organization.
As Data Protection Specialist, the incumbent will either support or lead multiple initiatives, where the development has already taken place; he/she will be expected to transform these initiatives into action, managing the day-to-day delivery by working with a broad range of colleagues, partners and other internal and external stakeholders.

MAIN ACCOUNTABILITIES/RESPONSIBILITIES:

Develop, implement and operationalize Data Protection and Privacy policies, governance mechanisms, procedures and tools to maximize program efficiency and comprehensive roll out across WFP different divisions and offices.
Review current WFP’s policy and governance framework in Personal Data Protection (e.g. policies, guidelines and toolkits) to adapt them to WFP’s Privacy strategy and operational needs.
Draft SOPs/ position papers/guidance as well as conduct legal research and documentation activities, with the objective of keeping abreast of key global Data Protection developments, trends and regulations on personal Data Protection and Privacy (e.g. biometrics, digital identities, blockchain, big data) and its impact on the humanitarian environment.
Provide consistent advice to HQ divisions, regional bureaus and field offices on a variety of issues in the context of Data Protection and Privacy, identifying needs and priorities arising out of the interpretation or application of WFP principles, policies, guidelines, relevant international standards, conventions and best practices on Personal Data Protection and Privacy.
Collaborate with cross-functional internal and external points of contact to effectively roll out the Data Protection and Privacy Program, ensure regulatory compliance and mitigate organizational risks.
Operationalize the different elements of WFP’s Data Protection and Privacy Program (e.g. privacy notices, PIAs, register of processing, LIAs, training and awareness campaigns, SARs and data breach response mechanisms).
Prepare and/or review Data Protection and Privacy agreements and contracts with public and private entities including participation in negotiation, to meet unique client needs.
Proactively contribute to continuously improve systems, tools, processes and templates to shape them to WFP’s operational needs.
Develop reporting mechanisms to allow monitoring of Data Protection and Privacy activities and identify related risks and gaps and support remediation.
Document, track and report relevant program metrics and milestones on the implementation of the Privacy Program.
Prepare reports, memoranda, talking points and correspondence on data protection issues as required.
Effectively communicate needs and insights to different levels of cross-functional audiences.
Conduct training and awareness activities as required.
Coordinate and draft responses to audit findings and evaluation requirements.
Perform any other related duties, as required.