Current vacancies

About UNICEF

If you are a committed, creative professional and are passionate about making a lasting difference for children, the world's leading children's rights organization would like to hear from you. For 70 years, UNICEF has been working on the ground in 190 countries and territories to promote children's survival, protection and development. The world's largest provider of vaccines fordeveloping countries, UNICEF supports child health and nutrition, good water and sanitation, quality basic education for all boys and girls, and the protection of children from violence, exploitation, and AIDS. UNICEF is funded entirely by the voluntary contributions of individuals, businesses, foundations and governments. UNICEF has over 12,000 staff in more than 145 countries.

Consultancy Title: Data Protection Consultancy (Data Protection Impact Assessments)

Division/Duty Station: Chief Data Office in the Division of Data, Analytics, Planning and Monitoring

Duration: 15 December 2025 – 31 December 2026

Home/ Office Based: Remote

BACKGROUND

Purpose of Activity/ Assignment:

UNICEF has issued a Policy for Personal Data Protection in 2020 (the “Policy”) which applies to any personal data processing by or on behalf of UNICEF. This involves the data of the children who UNICEF serves, its staff, its individual donors, and others. The goal of the policy is to ensure that UNICEF uses personal data in line with individual’s rights and freedoms and without exposing them to inappropriate risks.  

 The Chief Data Office (CDO) is tasked to support offices and divisions with the implementation of the Policy. For that purpose, it is centrally developing a data protection programme, including a robust data protection impact assessment (DPIA) framework, a set of tools, guidance, central records and training/awareness measures, to enable the organization to process personal data in compliance with the Policy and in respect of individuals’ rights to privacy. In addition, it is committed to promoting the responsible use of other sensitive data for children in line with the “Responsible Data for Children” principles and toolkit.  

 The Data Governance and Strategy unit (DGSU) in the CDO creates and supports implementation of safeguards to minimize risks and potential harms to children, UNICEF staff, beneficiaries, and donors associated with data and digital technology, ensuring a responsible and safe digital and data transformation. The DGSU implements robust governance of all forms of data at UNICEF, enabling the organization to leverage relevant data for better decision-making and outcomes for children. The DGSU supports country offices working with national partners in advancing data governance in national dialogue and policy making.  

In order to fully support the roll-out of the UNICEF data protection programme, in particular the DPIA framework for high-risk processing activities demonstrating appropriate measures to ensure compliance with the Policy, UNICEF CDO needs to hire a data protection and privacy expert with strong experience on conducting data protection impact assessments and in general the intersection of data protection, information security, and technology to support the DGSU team.

The Data Protection and Privacy Lead will supervise the consultancy assignment.

Scope of Work:

This assignment will contribute to the following outcomes:  

1. Facilitate the implementation of data protection impact assessments by divisions and offices.   
2. Enable offices and divisions to conduct a data mapping as part of the DPIA process which may be fed into their record of processing activities to track compliance and manage high risks.  
3. Allow for the early identification and mitigation of data protection risks, preventing potential risks from materializing and causing harm to data subjects or the Organization. 
4. Ensure privacy-by-design is embedded in digital systems and processes from initial stage of programme / system development.  
5. Support offices and divisions to ensure that DPIAs are stored, managed and regularly reviewed in central register, including using relevant digital tools if available.

The consultant is expected to support the implementation of the DPIA framework globally, based on the tools, procedures and guidance developed as part of the data protection programme by UNICEF CDO Data Governance and Strategy unit in consultation with ICTD Information Security and other Divisions and Offices as needed

Terms of Reference / Key Deliverables:

Work Assignment Overview/Deliverables and Outputs/Delivery deadline

Task 1 – Identify processing activities that result in high risks to data subjects and/or UNICEF

Work with the Data Protection and Privacy Team, ICTD and relevant divisions/offices in identifying high risk processing activities through the Global Cyber Resiliency Initiative (GCRI) data and Records of Processing Activities (ROPA) exercise.

The GCRI has analyzed the compliance of all digital systems in UNICEF with IT rules and regulations and also assessed to what extent they process personal data and for what purpose.

The Consultant will be expected to review the GCRI data and identify digitally enabled activities and systems that are high risks to data subjects and/or UNICEF and also to review the ROPA completed by offices and divisions and identify processing activities that are high risks to data subjects and/ or UNICEF

1. 1. Conduct consultations with at least five (5) relevant stakeholders to obtain the necessary information regarding systems and processing activities
   2. Based on the existing GCRI data, contact relevant stakeholders in at least five (5) offices and divisions and support them in conducting DPIAs on the high-risk processing activities that were identified.
   3. Support at least 3 (three) offices and 3 (three) divisions in the creation of data flow maps to map the data flows of the high-risk systems and/or processing activities, and to document it as part of the DPIA documentation

Mar 31, 2026

Task 2 – Identify and assess the potential risks and impact of the systems and/or processing activities on data subjects and/or the Organization:

• Assess the adherence of the systems and/or processing activities to the principles outlined in the UNICEF Policy on Personal Data Protection
• Consult Data Protection Champions and relevant stakeholders to identify threats, vulnerabilities and risks of the high-risk systems and/or processing activities
• Evaluate the risks against risk criteria in accordance with the DPIA procedure in terms of likelihood and severity of impact

- Report documenting the assessments in the DPIA template produced

May 31, 2026

Task 3 – Propose and outline measures to mitigate identified risks ensuring compliance with the Policy

Work with Data Protection Champions and relevant stakeholders on identifying mitigating measures in connection with the risks identified

- Produce a Report documenting the proposed recommendations in the DPIA template that will include:

• description of technical, operational and organizational controls to reduce or eliminate the data protection and privacy risks identified, with a view to enhance data security and protect personal data.
• Inputs through consultations, from the relevant offices and divisions on possible mitigating measures to reduce or eliminate the risks

Aug 31, 2026

Task 4 – Prepare, [finalize] and maintain DPIA reports documenting the assessments, findings, mitigation measures, including the implementation of agreed measures

Ensure that all aspects of the DPIA process are documented comprehensively following the DPIA procedures and template

• Produce 5 comprehensive DPIA reports of complex digital activities (involving several digital tools or complex digital platforms), or 8 DPIAs in case of less complex activities (in consultation with DGSU) based on the assessments, findings, and consultations with the relevant offices and divisions prepared
• Produce a brief detailing the guidance provided to the relevant offices and divisions in finalizing the DPIA, [including assessing the residual risks versus benefits of the systems or processing activities]
• Create and update a centralized repository with  the DPIA reports produced
• Draft a framework to monitor the systems/data processing activities to ensure continued compliance with the Policy and the agreed mitigating measures established

Oct 30, 2026

Task 5 – Review the implementation of DPIA framework

- Draft a document listing recommendations on how to strengthen the DPIA framework based on expert review of the implementation of the DPIA framework

- Share all developed documentation following one round of review/consultation with CDO/DGS adjusted

Dec 15, 2026

Qualifications

Education: Advanced University degree in  Data protection and privacy law, data science, computer science or other related field  

Knowledge/Expertise/Skills required *: 

• Masters degree in Data protection and privacy law, data science, computer science or other related field  
• At least 4 years of working experience in privacy technology or personal data protection and privacy with a strong expertise in information security and technology in practice, and leading data protection impact assessments   
• Good understanding of national and international data protection laws, such as GDPR, and their technical implementation  
• Good understanding of privacy enhancing technology   
• Experience in leading, conducting and guiding non-technical staff on data protection impact assessments.  
• Good understanding of the challenges of artificial intelligence, big data and data protection and privacy and trends in reconciling them  
• Prior experience working with a multilateral or UN organization is desirable.  
• Competent in advanced Excel, Word, data analytics and data visualization, including digital data flow.  
• Native or near-native proficiency in English (oral and written) is required. Knowledge of another UN language is an asset.   
• Demonstrated strong writing and presentation skills. Strong analytical and interpersonal communication skills, attention to detail.  
• Ability to translate business needs into technical requirements and translate complex concepts in a simple manner for a non-technical audience is highly desirable.  
• Project management skills including task prioritization, workflow coordination, and results-driven strategies is desirable
• Excellent organizational skills and ability to prioritize and manage multiple tasks.  
• Strong writing and interpersonal communication skills.  

Requirements:

Completed profile in UNICEF's e-Recruitment system and

- Upload copy of academic credentials

- Financial proposal that will include/ reflect :

• • the costs per each deliverable and the total lump-sum for the whole assignment (in US$) to undertake the terms of reference.
  • travel costs and daily subsistence allowance, if internationally recruited or travel is required as per TOR.
  • Any other estimated costs: visa, health insurance, and living costs as applicable.
  • Indicate your availability

- Any emergent / unforeseen duty travel and related expenses will be covered by UNICEF.

- At the time the contract is awarded, the selected candidate must have in place current health insurance coverage.

- Payment of professional fees will be based on submission of agreed satisfactory deliverables. UNICEF reserves the right to withhold payment in case the deliverables submitted are not up to the required standard or in case of delays in submitting the deliverables on the part of the consultant.

U.S. Visa information:

With the exception of the US Citizens, G4 Visa and Green Card holders, should the selected candidate and his/her household members reside in the United States under a different visa, the consultant and his/her household members are required to change their visa status to G4, and the consultant’s household members (spouse) will require an Employment Authorization Card (EAD) to be able to work, even if he/she was authorized to work under the visa held prior to switching to G4.  

Only shortlisted candidates will be contacted and advance to the next stage of the selection process

For every Child, you demonstrate…

UNICEF’s core values of Commitment, Diversity and Integrity and core competencies in Communication, Working with People and Drive for Results. View our competency framework at: Here

UNICEF offers reasonable accommodation for consultants/individual contractors with disabilities. This may include, for example, accessible software, travel assistance for missions or personal attendants. We encourage you to disclose your disability during your application in case you need reasonable accommodation during the selection process and afterwards in your assignment. 

UNICEF has a zero-tolerance policy on conduct that is incompatible with the aims and objectives of the United Nations and UNICEF, including sexual exploitation and abuse, sexual harassment, abuse of authority and discrimination. UNICEF also adheres to strict child safeguarding principles. All selected candidates will be expected to adhere to these standards and principles and will therefore undergo rigorous reference and background checks. Background checks will include the verification of academic credential(s) and employment history. Selected candidates may be required to provide additional information to conduct a background check. 

Remarks:  

Individuals engaged under a consultancy will not be considered “staff members” under the Staff Regulations and Rules of the United Nations and UNICEF’s policies and procedures and will not be entitled to benefits provided therein (such as leave entitlements and medical insurance coverage). Their conditions of service will be governed by their contract and the General Conditions of Contracts for the Services of Consultants. Consultants are responsible for determining their tax liabilities and for the payment of any taxes and/or duties, in accordance with local or other applicable laws. 

The selected candidate is solely responsible to ensure that the visa (applicable) and health insurance required to perform the duties of the contract are valid for the entire period of the contract. Selected candidates are subject to confirmation of fully-vaccinated status against SARS-CoV-2 (Covid-19) with a World Health Organization (WHO)-endorsed vaccine, which must be met prior to taking up the assignment. It does not apply to consultants who will work remotely and are not expected to work on or visit UNICEF premises, programme delivery locations or directly interact with communities UNICEF works with, nor to travel to perform functions for UNICEF for the duration of their consultancy contracts.