Data Protection Specialist - Wien, Österreich - OSCE

OSCE

Geprüftes Unternehmen

Wien, Österreich

vor 1 Woche

Geschrieben von:

Anna Müller

beBee Recruiter

Beschreibung

Background:

This position is open for secondment only and participating States are kindly reminded that all costs in relation to an assignment at the Secretariat must be borne by their authorities.

Please note that this is a temporary assignment for the duration of 5 months 29 days.

The OSCE has a comprehensive approach to security that encompasses politico-military, economic and environmental, and human aspects.

It therefore addresses a wide range of security-related concerns, including arms control, confidence and security-building measures, human rights, combating human trafficking, national minorities, democratization, policing strategies, counter-terrorism and economic and environmental activities.

All 57 participating States enjoy equal status, and decisions are taken by consensus on a politically, but not legally binding basis.

The OSCE Secretariat in Vienna assists the Chairmanship in its activities, and provides operational and administrative support to the field operations, and, as appropriate, to other institutions.

The Department of Management and Finance (DMF) is responsible for managing the material and financial resources of the Organization.

The objective of DMF is to provide efficient and effective management of non-staff resources in support of OSCE programmatic activities.

It provides policy guidance on the management of OSCE financial and material resources and develops and maintains OSCE Financial Regulations and Rules and Financial Administrative Instructions.

DMF consists of Budget and Finance Services, General Services Section, Information and Communication Technology Section and the Information Security and Co-ordination Unit.

Tasks and Responsibilities:

Acting as the OSCE Data Protection Specialist to co-ordinate effective and consistent implementation of the OSCE Personal Data Protection Administrative Instruction No.

2/2022 (AI) according to international requirements, best practices and in compliance with the recent EU pillar assessment results on data privacy in consultation with key stakeholders;
Steering the implementation of the OSCE data protection policy in co-ordination with all relevant stakeholders and conducting the relevant consultation processes, so that an effective implementation policy or guidelines, business processes/SOP's are drafted and promulgated;
Establishing and steering an effective Focal Point network in all OSCE Executive Structures;
Assessing data protection risks within the Organization, especially in the area of Human Resources and Procurement, in close co-operation with the Information Security and Risk Management Unit;
Benchmarking against best data protection practices in other International Organizations in order to develop business processes and SOPs including templates and co-ordinate the consultation process;
Developing a methodology to follow when carrying out a Data Privacy Impact Assessment (DPIA), assessing and defining risk mitigation measures, reviewing DPIA conclusions and making recommendations; requesting and commissioning DPIA independently, when required and providing advice to the data controllers and processors on the methodology;
Developing and implementing consent management processes throughout relevant areas. In situations where data is processed based on consent, a clear consent form/clause should be drafted;
Reviewing and completing the existing Personal Data Inventory on the basis of a data mapping exercise;
Supplementing Personal Data Inventory by the categories of data recipients, Data Processing Agreements (DPAs) concluded with them and references to international data transfers;
Making proposals for adequate provision of information that information on processing personal data is made available on the OSCE website as appropriate;
Providing strategic policy and/or technical advice to OSCE Executive Structures on personal data protection matters;
Co-ordinating a review of an appropriate OSCE Retention Schedule for personal sensitive data with benchmarking against other International Organizations' best practices and other relevant stakeholders in close co-operation with OSCE Records Management;
In collaboration with key stakeholders, initiating, designing and delivering training modules with the ultimate objective of building corporate technical knowledge and expertise on data protection;

Providing any additional services upon request related to overseeing and co-ordinating effective and consistent implementation of the OSCE Personal Data Protection Administrative Instruction No.

2/2022
Performing other related tasks as assigned.

Necessary Qualifications:

First-level university degree in political science, business administration, law or international law or similar related fields;
A minimum of six years of experience in privacy and data protection disciplines;
Familiarity with privacy and security risk assessment and best practices, privacy certifications/seals and information security standards certific