Data Protection Specialist Consultant Lazio

Data Protection Specialist Consultant
Roma
Lazio, Lazio

and/or **expression, sexual orientation, religion or belief, HIV status, physical or mental disability.

**Job Title**:Data Protection Specialist

**Type of Contract**:Consultant

**Division: CG - **Chief of Staff / Global Privacy Office

**Duty Station (City, Country)**: Rome HQ, Italy

**Duration**:11 months

**BACKGROUND AND PURPOSE OF THE ASSIGNMENT**:

This position is located in the Global Privacy Office (GPO) of the World Food Programme Headquarters in Rome, Italy.

WFP is on a focused path towards digitally transforming how it operates and how it best serves those in need so that it can accelerate the goal of achieving zero hunger by 2030.

Data Protection is at the core of these services to make sure we protect the people we serve.

Under the direct supervision of WFP's Global Data Protection Officer (DPO), the Data Protection Specialist will provide strategic, technical, and operational support as part of the WFP Global Privacy Office and will play a central role in the successful shaping and implementation of a comprehensive Privacy Program across all division-wide organization.

As Data Protection Specialist, the incumbent will either support or lead multiple initiatives, where the development has already taken place; he/she will be expected to transform these initiatives into action, managing the day-to-day delivery by working with a broad range of colleagues, partners and other internal and external stakeholders.

**MAIN ACCOUNTABITLITIES / RESPONSIBILITIES**:

- Develop, implement and operationalize Data Protection and Privacy policies, governance mechanisms, procedures and tools to maximize program efficiency and comprehensive roll out across WFP different divisions and offices.

- Review current WFP's policy and governance framework in Personal Data Protection (e. g.

policies, guidelines and toolkits) to adapt them to WFP's Privacy strategy and operational needs.

- Draft SOPs/ position papers/guidance as well as conduct legal research and documentation activities, with the objective of keeping abreast of key global Data Protection developments, trends and regulations on personal Data Protection and Privacy (e. g.

biometrics, digital identities, blockchain, big data) and its impact on the humanitarian environment.

- Collaborate with cross-functional internal and external points of contact to effectively roll out the Data Protection and Privacy Program, ensure regulatory compliance and mitigate organizational risks.

- Operationalize the different elements of WFP's Data Protection and Privacy Program (e. g.

privacy notices, PIAs, register of processing, LIAs, training and awareness campaigns, SARs and data breach response mechanisms).

- Prepare and/or review Data Protection and Privacy agreements and contracts with public and private entities including participation in negotiation, to meet unique client needs.

- Proactively contribute to continuously improve systems, tools, processes and templates to shape them to WFP's operational needs.

- Develop reporting mechanisms to allow monitoring of Data Protection and Privacy activities and identify related risks and gaps and support remediation.

- Document, track and report relevant program metrics and milestones on the implementation of the Privacy Program.

- Prepare reports, memoranda, talking points and correspondence on data protection issues as required.

- Effectively communicate needs and insights to different levels of cross-functional audiences.

- Conduct training and awareness activities as required.

- Coordinate and draft responses to audit findings and evaluation requirements.

- Perform any other related duties, as required.

**QUALIFICATIONS AND EXPERIENCE REQUIRED**:

**Education**:

Advanced university degree in relevant discipline (including but not limited to law, computer science, information technology) or related field with relevant work experience.

LLM or Master of Law on data protection, privacy, computer and communications law, compliance, international, digital or media law.

Certifications such as CIPP/E/U and CIPM, CIPT desired.

Knowledge of international security management systems industry standards (ISO 27001, ISO 27701, NIST ) desired.

Qualification to practice law or admitted to practice by a recognized national or state bar or law society desired.

**Experience**:

At least 7 years of responsible professional experience in Data protection, Privacy and Information Security, in a law/ consultancy firm and/or large

public/private sector organization on Data Protection.

Proven experience in building and implementing global Privacy and Data Protection compliance programs, operations and/or risk management programs in large corporations.

Experience in conducting PIAs, LIAS, maintaining records of processing activities, of incident response management and SARs mechanisms, drafting contracts, SOPs, policies and guidelines.

Experience in one of the following: operational risk management, compliance, audit and implem