isecjobs.com

Data Protection and Privacy Officer

Copenhagen (HQ), Denmark

⚠️ We'll shut down after Aug 1st - try foo🦍 for all jobs in tech ⚠️

Full Time EUR 62K - 116K * est.
Company logo

UNHCR

UNHCR, the UN Refugee Agency, is a global organization dedicated to saving lives and protecting the rights of refugees, forcibly displaced communities and stateless people.

View all jobs at UNHCR

Apply now Apply later

Hardship Level

H (no hardship)

Family Type

Family

Family Type

Family

Residential location (if applicable)

Grade

PR3

Staff Member / Affiliate Type

Professional

Reason

Regular > Regular Assignment

Target Start Date

2025-10-01

Deadline for Applications

August 8, 2025

Standard Job Description

Data Protection and Privacy Officer


Organizational Setting and Work Relationships

UNHCR General Policy on Personal Data Protection and Privacy (GDPP) establishes a unified data protection and privacy framework for the Organization, and is applicable to processing of personal data of all categories of data subjects, including forcibly displaced and stateless persons, UNHCR workforce, partners, individual donors and others.

The Data Protection and Privacy Officer job is situated within UNHCR’s Data Protection Office reporting to the Chief Data Protection and Privacy Officer. The incumbent provides expert guidance, oversight, and support to UNHCR’s regional bureaux, country operations, and headquarters divisions on data protection standards and practices, including matters related to the collection, storage, access, and use of personal data.

The Data Protection and Privacy Officer provides timely and effective data protection advice to headquarters divisions and services, regional bureaux, country operations and key external partners, including people forced to flee and stateless persons. To achieve this, the incumbent will need to build and maintain effective partnerships with other sections and divisions within headquarters including the Legal Affairs Service (LAS) and the Chief Information Security Officer, as well as with UNHCR's regional bureaux and country operations. S/he may directly supervise staff in the professional and general service categories.

All UNHCR staff members are accountable to perform their duties as reflected in their job description. They do so within their delegated authorities, in line with the regulatory framework of UNHCR which includes the UN Charter, UN Staff Regulations and Rules, UNHCR Policies and Administrative Instructions as well as relevant accountability frameworks. In addition, staff members are required to discharge their responsibilities in a manner consistent with the core, functional, cross-functional and managerial competencies and UNHCR’s core values of professionalism, integrity and respect for diversity.

Duties

  • Guide and recommend actions to UNHCR's Personal Data Controllers and Data Protection Focal points in regional bureaux and country operations, and counterparts in states, partners and other relevant stakeholders, on a wide range of data protection issues, in accordance with UNHCR personal data protection and privacy framework.

  • Provide expert advice to country operations in monitoring the development of domestic data protection legal frameworks that may impact UNHCR operations and contribute to the development of situation- or country-specific guidance.

  • Advise and guide sections and divisions of headquarters on data protection requirements, in particular in the context of implementing enterprise systems (e.g. proGres, BIMS, etc.) and innovation projects with potential implications for the protection of data of people forced to flee and stateless persons.

  • Draft legal positions on data protection matters, in collaboration with Legal Affairs Service (LAS).

  • Develop advisories, formal opinions and interpretations on personal data protection and privacy to be adopted by Chief DPO.

  • Undertake expert review and clearance of data sharing arrangements.  

  • Examine incidences of non-compliance with UNHCR’s personal data protection and privacy framework and relay these to the appropriate oversight mechanism(s).

  • Consolidate and promote best practices across UNHCR by sharing these examples in data protection groups, training fora.

  • Develop and provide training to UNHCR staff and partners on UNHCR's data protection frameworks, as well as its Operational Guidelines.

  • Maintain inventories of information provided by Data Controllers and Data Protection Focal Points, including Data Transfer Agreements, specific instances of data sharing with third parties, Data Protection Impact Assessments, data breach notifications, and complaints by data subjects.

  • Draft internal and external reports with concluding observations on the Organization’s compliance with its personal data protection and privacy framework.

  • Stay updated on data protection trends, laws, and industry standards.

  • Foster a positive and inclusive work environment and create an environment of trust, respect, and open communication.

  • Support the identification and management of risks and seek to seize opportunities impacting objectives in the area of responsibility. Ensure decision making in risk based in the functional area of work. Raise risks, issues and concerns to a supervisor or to relevant functional colleague(s).

  • Perform other related duties as required.

Minimum Qualifications

Years of Experience / Degree Level

For P3/NOC - 6 years relevant experience with Undergraduate degree; or 5 years relevant experience with Graduate degree; or 4 years relevant experience with Doctorate degree

Field(s) of Education

Law;                                                  Human Rights;                   International Law;

Political Science;                              Social Science;                   or other relevant field.

Certificates and/or Licenses

ECPC-HA Professional DPO in Humanitarian Action;

Certified Information Privacy Practitioner (CIPP);

Certified Information Privacy Manager (CIPM);

(Certificates and Licenses marked with an asterisk* are essential)

Relevant Job Experience

Essential

Experience working on data protection and/or privacy issues in the humanitarian or other sectors. Demonstrated experience with data sharing scenarios and agreements, data protection impact assessments, and development of data protection guidance.  Experience in the process of embedding data protection requirements into development of systems or processes. Experience in presenting/discussing data protection matters in data protection conferences/forums. Field experience. Experience in planning, programming, strategic planning, project development, budgeting and resource mobilization. Demonstrated experience in leadership position(s) in the context of partnership building and consensual decision-making. Experience in working with partners, including host and donor governments, humanitarian, and development partners.

Desirable

Experience with and solid understanding of new technologies, including the use of mass communication (SMS) services, cash-based interventions, cloud technologies, and data analytics/big data. Familiarity with the main EDPB/EDPS Guidelines and Opinions on the territorial scope of the GDPR and other matters relevant to UNHCR. Familiarity with the ongoing discussions at CoE level, on CoE 108+ and IOs. Experience in process re-engineering (process redesign, process transformation, or change management) and technical expertise in registration, identity or biometric management systems. Experience with the national and international statistical systems.

Functional Skills

*LE-Legal advisory for operations and divisions related to data protection

*LE-Assessment and application of principles of data protection law

LE-Data protection implications assessment for policies and operations

LE-Data protection laws and mechanisms at the national or regional level (e.g. EU GDPR)

LE-Drafting & development of data protection policies & guidelines based on best practices

MG-Policy Compliance Monitoring

DM-Data security management

(Functional Skills marked with an asterisk* are essential)

Language Requirements

For International Professional and Field Service jobs: Knowledge of English and UN working language of the duty station if not English.

For National Professional jobs: Knowledge of English and UN working language of the duty station if not English and local language.

For General Service jobs: Knowledge of English and/or UN working language of the duty station if not English.

Competency Requirements

All jobs at UNHCR require six core competencies and may also require managerial competencies and/or cross-functional competencies. The six core competencies are listed below.

Core Competencies

Accountability

Communication

Organizational Awareness

Teamwork & Collaboration

Commitment to Continuous Learning

Client & Result Orientation

Managerial Competencies

Empowering and Building Trust

Judgement and Decision Making

Managing Resources

Cross-Functional Competencies

Analytical Thinking

Stakeholder Management

Policy Development and Research

All UNHCR workforce members must individually and collectively, contribute towards a working environment where each person feels safe, and empowered to perform their duties. This includes by demonstrating no tolerance for sexual exploitation and abuse, harassment including sexual harassment, sexism, gender inequality, discrimination, and abuse of power.

As individuals and as managers, all must be proactive in preventing and responding to inappropriate conduct, support ongoing dialogue on these matters and speaking up and seeking guidance and support from relevant UNHCR resources when these issues arise.

This is a Standard Job Description for all UNHCR jobs with this job title and grade level. The Operational Context may contain additional essential and/or desirable qualifications relating to the specific operation and/or position. Any such requirements are incorporated by reference in this Job Description and will be considered for the screening, shortlisting and selection of candidates.

Desired Candidate Profile

The desired candidate would have demonstrated experience working on data protection issues in humanitarian, government or business sphere and should hold at least one relevant certification in data protection including data sharing arrangements, data protection impact assessments, and development of data protection related guidance. The candidate should be able to work effectively in a multicultural environment, communicate technical concepts clearly to diverse audiences, and contribute proactively as part of a team. Knowledge of the UNHCR mandate is required and experience in protection or humanitarian work will be considered an asset. Should be willing to move to Copenhagen, Denmark. Knowledge of French, Spanish or Arabic will be an advantage.

Required languages (expected Overall ability is at least B2 level):

,

,

Desired languages

,

,

Operational context

Occupational Safety and Health Considerations:

To view occupational safety and health considerations for this duty station, please visit this link:

https://wwwnc.cdc.gov/travel

Nature of Position:

The Data Protection and Privacy Officer is a key member of the UNHCR Data Protection Office, supporting the implementation of the UNHCR General Policy on Personal Data Protection and Privacy. The position provides technical advice, guidance, and support to UNHCR operations, field offices, and HQ divisions on data protection and privacy matters relating to the processing of personal data of Forcibly Displaced and Stateless Persons, partners, vendors, donors, and UNHCR personnel. The position is based in the UNHCR Data Protection Office in Copenhagen, Denmark, and works under the supervision of the Chief Data Protection and Privacy Officer as part of a team of data protection professionals. The Data Protection Officer also collaborates closely with the network of Data Protection Focal Points in field operations and supports capacity-building, compliance monitoring, and incident response activities as required. 

Living and Working Conditions:

Additional Qualifications

Skills

DM-Data security management, LE-Assessment and application of principles of data protection law, LE-Data protection implications assessment for policies and operations, LE-Data protection laws and mechanisms at the national or regional level (e.g. EU GDPR), LE-Drafting & development of data protection policies & guidelines based on best practices, LE-Legal advisory for operations and divisions related to data protection, MG-Policy Compliance Monitoring

Education

Bachelor of Arts: Human Rights, Bachelor of Arts: International Law, Bachelor of Arts: Law, Bachelor of Arts: Political Science, Bachelor of Arts: Social Science

Certifications

Certified Information Privacy Manager (CIPM) - International Association of Privacy Professionals (IAPP), Certified Information Privacy Practitioner (CIPP) - International Association of Privacy Professionals (IAPP), ECPC-HA Professional DPO in Humanitarian Action - European Centre on Privacy and Cybersecurity (ECPC)

Work Experience

Competencies

Accountability, Analytical thinking, Client & results orientation, Commitment to continuous learning, Communication, Empowering & building trust, Judgement & decision making, Managing resource, Organizational awareness, Policy research & development, Stakeholder management, Teamwork & collaboration

UNHCR Salary Calculator

https://icsc.un.org/Home/SalaryScales

Compendium

Add. 2 to the Bi-Annual 2025 Compendium - Part B

Additional Information

Functional clearance

This position doesn't require a functional clearance
Apply now Apply later

* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰

Job stats:  0  0  0

Tags: Analytics Big Data Business Intelligence CIPP CISO Clearance Cloud Compliance Data Analytics GDPR Incident response iOS Monitoring Privacy

Perks/benefits: Career development Conferences Startup environment Team events

Region: Europe
Country: Denmark

More jobs like this

« Back to job search To the top ↑

Explore more career opportunities

Find even more open roles below ordered by popularity of job title or skills/products/technologies used.

Systems Engineer jobsInformation System Security Officer jobsSystems Administrator jobsSenior Security Analyst jobsSenior Cybersecurity Engineer jobsSenior Cloud Security Engineer jobsSecurity Operations Engineer jobsCyber Security Specialist jobsInformation System Security Officer (ISSO) jobsSenior Product Security Engineer jobsSecurity Consultant jobsInformation Security Manager jobsSenior Information Security Engineer jobsSenior Network Security Engineer jobsChief Information Security Officer jobsInformation Systems Security Engineer jobsSecurity Specialist jobsSenior Cyber Security Engineer jobsIT Security Engineer jobsSenior Software Engineer jobsSenior IT Auditor jobsSoftware Engineer jobsNetwork Engineer jobsCyber Threat Intelligence Analyst jobsCybersecurity Specialist jobs
TS/SCI jobsEDR jobsBash jobsJava jobsEncryption jobsSDLC jobsRMF jobsSplunk jobsTerraform jobsIDS jobsThreat detection jobsCompTIA jobsTop Secret jobsMalware jobsOWASP jobsDocker jobsITIL jobsIPS jobsSQL jobsForensics jobsActive Directory jobsGIAC jobsFinance jobsSOC 2 jobsClearance Required jobs
MITRE ATT&CK jobsOSCP jobsDoDD 8570 jobsIntrusion detection jobsTCP/IP jobsVPN jobsHIPAA jobsIndustrial jobsData Analytics jobsCRISC jobsSOAR jobsZero Trust jobsJavaScript jobsDNS jobsIT infrastructure jobsCCSP jobsNIST 800-53 jobsMachine Learning jobsKPIs jobsAnsible jobsBanking jobsSANS jobsSOX jobsJira jobsUNIX jobs