Data Protection and Privacy Specialist (P-4), OED, New York at UN Children’s Fund

UNICEF works in some of the world’s toughest places, to reach the world’s most disadvantaged children. To save their lives. To defend their rights. To help them fulfill their potential.

Across 190 countries and territories, we work for every child, everywhere, every day, to build a better world for everyone.

And we never give up.

For every child, commitment

UNICEF’s child safeguarding policy (2016) is a clear statement of commitment to child safeguarding throughout our work, and the ongoing global efforts to safeguard children with the aim to uphold their safety and wellbeing everywhere, including in the workplace and in all business interactions. Since the introduction of the policy, approximately 29 individual UNICEF policies and standards addressing key safeguarding priorities of UNICEF and its partners have been identified. Key gaps exist, including those identified by our partners such as the need for comprehensive standards of conduct and training; and comprehensive and contextual risk assessments.

To serve this need, a Child Safeguarding Unit has been created under the Deputy Executive Director (Management). The Unit will formulate the framework for which to carry out this work, including working with Divisions to issue and update appropriate Procedures and Guidance. While several administrative issuances exist that address child safeguarding concerns, there are evident gaps, one of which beingthe lack of a data privacy and protection policy to safeguard sensitive information.

Under the management of the Senior Adviser (Child Safeguarding) and the overall direction of the Deputy Executive Director (Management), the new role of Data Protection and Privacy Specialist will be responsible for building and managing UNICEF’s privacy management programme, with particular attention to child safeguarding risks.

Recommendations of the Data Protection and Privacy Specialist can be a crucial factor in UNICEF’s policy setting and decision-making.

Advice or decisions on policy or incidents that reflect poor judgment or inaccurate information can compromise efficacy of UNICEF’s privacy management programme, child safeguarding regimes and broader operations.

Data protection incidents can result in:

• harm to UNICEF’s reputation, and consequent loss of donor revenue, through disclosure of sensitive information of beneficiaries, partners and staff; • security breaches causing operational disruptions, direct financial losses, potential legal liability and compromised security of beneficiaries; • compromised security of beneficiaries.

How can you make a difference?

In consultation with relevant stakeholders, the Data Protection and Privacy Specialist is responsible for conducting privacy risk assessments, leading the development of internal data protection and privacy policies and external privacy statements, serving as a focal point for internal and external inquiries concerning UNICEF’s data protection and privacy policies, and serving as a focal point for breaches of UNICEF’s data protection and privacy policies.

A summary of key functions/accountabilities:

1: Coordination of development of data protection policy: Under the supervision of the Senior Adviser (Child Safeguarding), identify the regulatory requirements of existing UNICEF policy and international best practices; coordinate a global data privacy risk assessment, with attention to child safeguarding concerns; provide technical and legal advice in the drafting of new or updated regulatory instruments. 2: Advise on data protection modalities: Develop proposals for and contribute to the design of technical, operational or administrative modalities to implement the data protection policy (training, changes to supply or partner agreements, privacy statements, consent forms, technological solutions, etc.) 3: Monitor and advise on data protection incidents:Ensure that business units, technology teams and third parties (service providers) follow UNICEF’s privacy management program, meet privacy policy requirements and address privacy concerns; collaborate with and assist business units and technology areas to develop corrective action plans for identified privacy compliance issues; work closely with UNICEF’s Chief Information Security Officer in matters relating to data breaches. 4: Custodianship of data protection and privacy regime: under the oversight of the Deputy Executive Director (Management), and supervision of the Senior Adviser (Child Safeguarding), serve as UNICEF’s focal point on data protection and privacy issues and Secretary for associated relevant coordinating and policy bodies. 5: Reporting: serve as a focal point for reports on data protection/privacy issues to oversight bodies.

To qualify as an advocate for every child you will have…


  • An advanced university degree in business or public administration, law, finance, accounting, or computer/information science, is required. A first-level university degree in combination with additional 2 years of qualifying experience may be accepted in lieu of an advanced degree.
  • A formal accreditation is desirable in one or more of the areas addressed by the following certifications: Certified Information Privacy Professional (CIPP), Certified Information Privacy Management (CIPM), Certified Information Privacy Technologist (CIPT); Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM) and Certified Information Systems Auditor (CISA).
  • A minimum of eight years progressively responsible professional experience in law, information security, risk management, auditing and/or compliance is required.
  • At least three years professional experience focused on data protection or privacy is required.
  • Experience working for a large international corporation or international organization is required.
  • Experience implementing data privacy policies addressing multiple kinds of organizational or corporate relations is desirable (e.g. business-to-consumer and business-to-business contexts; donor, partner, staff and beneficiary-oriented policies in an aid organization).
  • A good working knowledge of multiple domestic and international privacy laws, regulations and industry best practices is required.
  • Familiarity and experience with legal issues or risks in enterprise, cloud or multi-jurisdictional platforms is an asset.
  • Experience or familiarity with governance, risk and compliance tools and how they can be used to support privacy-related activities is desirable. Experience in auditing frameworks and international standards is desirable.
  • Experience within the UN system is desirable.
  • Experience addressing data protection or privacy concerns involving children is an asset.
  • Ability to work in a multi-cultural environment is essential.
  • Fluency in English is required. Knowledge of another UN language is desirable (particularly French, Spanish or Arabic).


For every Child, you demonstrate…

Core competencies


  • Communication – II
  • Working with people – II
  • Drive for results – II


Functional Competencies


  • Leading & supervising – I
  • Formulating strategies and concepts – II
  • Analyzing – Ill
  • Technical Expertise – Ill
  • Planning and Organizing – Ill
  • Creating and Innovating – II


View our competency framework at

UNICEF is committed to diversity and inclusion within its workforce, and encourages all candidates, irrespective of gender, nationality, religious and ethnic backgrounds, including persons living with disabilities, to apply to become a part of the organization.


Mobility is a condition of international professional employment with UNICEF and an underlying premise of the international civil service.


UNICEF is committed to diversity and inclusion within its workforce, and encourages qualified female and male candidates from all national, religious and ethnic backgrounds, including persons living with disabilities, to apply to become a part of our organization. To apply, click on the following link

Closing date: 12 Jul 2018