Cybersecurity Officer

**Purpose of the Position**:
The High Level Committee on Management (HLCM) of the UN formally adopted the Principles on Personal Data Protection and Privacy at its 36th Meeting on 11 October 2018. These principles set out a basic framework for processing “personal data”, defined as information relating to an identified or identifiable natural person, by or on behalf of the United Nations System Organizations in carrying out their mandated activities.

UNICC has developed and established a supporting framework to support UN Partners in implementing Privacy Framework or Management System. The incumbent of the position will act as a Data Protection and Privacy Specialist and will work on internal Privacy framework implementation as well as providing data protection related services to UNICC Partners. The position will be responsible for consulting on privacy matters, development, implementation, maintenance and execution of policy and procedural documentation in support of UNICC or UNICC Partners’ Privacy Programmes. This person will also coordinate with multiple business areas including GRC, Finance, Legal, HR, IT Operations, etc. to ensure privacy requirements are effectively implemented and monitored for effectiveness.

**Objectives of the Programme**:
The objective of the Centre is to provide trusted ICT services and digital business solutions to its Clients and Partner Organizations.

**Main duties and responsibilities**

The incumbent will work under the direct supervision and guidance of the Head, Data Protection & Privacy (CSGD) within the Cybersecurity Division (CS) and in close collaboration with the Management and Strategy Division (MS). The incumbent could be requested to do any other tasks of similar level in related fields.
- Develop and maintaining privacy related notices, policies, standards, guidelines and processes
- Conduct assessments, review results and work with stakeholders to mitigate privacy risks across the organization
- Collaborate with compliance and security professionals on projects related to compliance with global data protection and privacy laws
- Assist in developing and administering privacy training and awareness campaigns for various groups within the company
- Establish and manage tools and develop run books for managing and tracking compliance with UNICC’s global privacy obligations such as privacy impact assessments, technical implementation of privacy by design and default, and operational workflows
- Coordinate internal and external audits of our privacy systems and procedures
- Lead Data Protection and Privacy Impact assessments (PIA)
- Provide ongoing management, content development and oversight of the privacy program, including training, risk management, exception handling and process improvement
- Lead other tasks related to Cybersecurity governance when
- Provide other ad hoc support either within your team or in other teams as required - this includes the participation in special projects or support to service delivery for short period of time on a part-time or full-time basis upon request from the senior management

**Recruitment Profile**

**Experience and Skills required**:
**Essential**:

- At least seven (7) years of demonstrated experience in Cybersecurity, Governance, Risk, Compliance (GRC) and Privacy/Data Protection domains
- Strong knowledge of privacy and data protection frameworks such as GDPR, ePrivacy, etc.
- Successful track record in establishing Information Security Management System (ISMS) based on ISO 27001:2013
- Proven experience with the implementation of Privacy Information Management Systems (PIMS) such as ISO 27701:2018
- Proven experience conducting privacy reviews, control assessments and privacy impact assessments
- Strong knowledge in privacy engineering techniques including privacy by design and default techniques
- Customer facing experience and oral communication skills
- Ability to effectively write documentation & reports for diverse audience
- Creativity/ability to find innovative solutions
- Willingness to learn on the job
- Ability to manage and resolute conflicts

**Desirable**:

- Project management skills and ability to manage multiple projects under strict timelines

**Education**:
**Essential**:

- First university degree in computer science, information systems, mathematics, statistics or related field
- Professional security management certification, such as a Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Cloud Security Professional (CCSP), ISO 27001 lead implementer/auditor, or other similar credentials

**Desirable**:

- Specialisation courses or degree in law

**Languages**:

- **English**: Expert knowledge is required
- Knowledge of another official United Nations language is an advantage

**UNICC Global Competencies**:

- **Teamwork**:Develops and promotes effective relationships with colleagues and team members. Deals constructively with confl