Consultance : Organisation pour la Sécurité et la Coopération en Europe (OSCE) recherche un(e) Spécialiste de la protection des données à Vienne, Australie.

 

 

 

 

 

 

Tasks and Responsibilities:

Under the direct supervision of Senior Information Security and Risk Management Officer and in close co-ordination with relevant Units at the OSCE Secretariat, Data Protection Specialist should advance data protection and privacy processes based on the OSCE Personal Data Protection Administrative Instruction No. 2/2022 as well as other relevant policies. To oversee and co-ordinate effective and consistent implementation of data protection and privacy processes including establishing as well as steering an effective Focal Point network in all Executive Structures, providing technical advice, designing training for the Focal Points and conducting regular monitoring of data subjects‘ information to ensure compliance with the established standards and rules. The incumbent will be asked to do the following:

  1. Acting as the OSCE Data Protection Specialist to co-ordinate effective and consistent implementation of the OSCE Personal Data Protection Administrative Instruction No.2/2022 (AI) according to international requirements, best practices and in compliance with the recent EU pillar assessment results on data privacy in consultation with key stakeholders;
  2. Steering the implementation of the OSCE data protection policy in co-ordination with all relevant stakeholders and conducting the relevant consultation processes, so that an effective implementation policy or guidelines, business processes/SOP’s are drafted and promulgated;
  3. Establishing and steering an effective Focal Point network in all OSCE Executive Structures;
  4. Assessing data protection risks within the Organization, especially in the area of Human Resources and Procurement, in close co-operation with the Information Security and Risk Management Unit;
  5. Benchmarking against best data protection practices in other International Organizations in order to develop business processes and SOPs including templates and co-ordinate the consultation process;
  6. Developing a methodology to follow when carrying out a Data Privacy Impact Assessment (DPIA), assessing and defining risk mitigation measures, reviewing DPIA conclusions and making recommendations; requesting and commissioning DPIA independently, when required and providing advice to the data controllers and processors on the methodology;
  7. Developing and implementing consent management processes throughout relevant areas. In situations where data is processed based on consent, a clear consent form/clause should be drafted;
  8. Reviewing and completing the existing Personal Data Inventory on the basis of a data mapping exercise;
  9. Supplementing Personal Data Inventory by the categories of data recipients, Data Processing Agreements (DPAs) concluded with them and references to international data transfers;
  10. Developing procedures to react to possible personal data breaches, including a procedure for complaints by data subjects, establishing a record of complaints in close co-operation with the Office of Legal Affairs;
  11. Making proposals for adequate provision of information that information on processing personal data is made available on the OSCE website as appropriate;
  12. Providing strategic policy and/or technical advice to OSCE Executive Structures on personal data protection matters;
  13. Co-ordinating a review of an appropriate OSCE Retention Schedule for personal sensitive data with benchmarking against other International Organizations’ best practices and other relevant stakeholders in close co-operation with OSCE Records Management;
  14. In collaboration with key stakeholders, initiating, designing and delivering training modules with the ultimate objective of building corporate technical knowledge and expertise on data protection;
  15. Providing any additional services upon request related to overseeing and co-ordinating effective and consistent implementation of the OSCE Personal Data Protection Administrative Instruction No.2/2022
  16. Performing other related tasks as assigned.

Necessary Qualifications:

  • First-level university degree in political science, business administration, law or international law or similar related fields;
  • A minimum of six years of experience in privacy and data protection disciplines;
  • Working knowledge of how to design and establish business processes, SOPs preferably related to data protection and privacy programmes including how to achieve business alignment, data governance, managing of data subject issues and data breaches;
  • Familiarity with privacy and security risk assessment and best practices, privacy certifications/seals and information security standards certifications;
  • Good drafting, reporting and presentation skills;
  • Professional fluency in English; knowledge of other OSCE languages is an asset;
  • Ability to integrate a gender perspective in data privacy policies and procedures.
  • Demonstrated gender awareness and sensitivity, and an ability to integrate a gender perspective into tasks and activities;
  • Ability and willingness to work as a member of team, with people of different cultural, and religious backgrounds, different gender, and diverse political views, while maintaining impartiality and objectivity;
  • Computer literate with practical experience using Microsoft applications;
  • Certifications such as CIPP/E/U, and/or CIPM, CIPT is desirable;
  • Knowledge on the most relevant risk management industry standards (ISO 31000, ISO 27001, NIST, CREST) is an asset.

Application process