Result of ServiceThe consultant will support the development, implementation, and continuous improvement of cybersecurity operations and vulnerability management frameworks, ensuring alignment with international standards and organizational policies. Work LocationAmman - Jordan Expected durationup to 12 months Duties and ResponsibilitiesThe Consultant will work closely with program teams, IT staff, and field offices to: - Analyze and document data flows and systems used in Education and Health programs. - Identify gaps and risks in current data processing practices. - Recommend technical and organizational measures to ensure compliance with UNRWA’s Data Protection Policy. - Support the integration of data protection principles into program operations and digital platforms. Specific Outputs/Tasks include but not limited to: • Systems and Data Mapping - Conduct a comprehensive mapping of digital systems and data flows within Education and Health programs. - Document types of personal and sensitive data collected, processed, stored, and shared. - Identify third-party systems or integrations and assess associated data protection risks. • Gap Analysis and Risk Assessment - Perform gap analyses against UNRWA’s Data Protection Policy and international standards. - Conduct Data Protection Impact Assessments (DPIAs) for high-risk processing activities. - Identify vulnerabilities and recommend mitigation strategies. • Policy Implementation Support - Translate policy requirements into practical guidance for program and IT teams. - Develop templates, checklists, and SOPs to support compliance. - Advise on privacy-by-design and data minimization strategies. • Capacity Building and Awareness - Deliver tailored training sessions and awareness materials for Education and Health staff. - Build capacity for field-level personnel to manage data responsibly and securely. • Reporting and Coordination - Prepare reports and presentations for internal stakeholders and donors (e.g., KfW). - Coordinate with legal, ethics, and program teams to ensure integrated approaches. - Participate in relevant inter-agency or donor coordination platforms as needed. Qualifications/special skills• Advanced university degree (Master’s or equivalent) in Information Technology, Law, Data Protection, Public Health Informatics, or related field. A first-level university degree in combination with two additional years of qualifying experience may be accepted in lieu of the advanced university degree. • A minimum of five (5) years of progressively responsible experience in information security, or data protection including at least two (2) years of active leading data protection assessment • Unless currently serving as an international staff member in the UN Common System, candidates must have a minimum of two continuous years of relevant international experience gained outside UNRWA and outside the country(s) of citizenship. • Certification in data protection/privacy (e.g., CIPP/E, CIPM, CDPO) is an asset. • Excellent oral and written communications skill in English. Arabic language is an advantage • Experience working in a complex international environment or multilateral organization is desirable. • Expert knowledge of Microsoft Data Protection/Compliance technologies (Purview, DLP, IRM). • Experience working in a complex international environment or multilateral organization is desirable. • Experience with industry-standard security tools (e.g., SIEM, vulnerability scanners, EDR) is required. • Experience with scripting or automation (e.g., Python, PowerShell, Bash) is an advantage. • Expert knowledge of implementing Microsoft Security technologies (Sentinel, Defender products). • Previous experience with implementing MITRE ATT&CK framework in the Security Operations and implementing Threat Intelligence programs. Languages● Fluent in spoken and written English. ● Fluency in spoken and written Arabic is a plus. Additional InformationCONDITIONS OF SERVICE • The selected candidate will receive a monthly remuneration that is equivalent to P3 Step 1 amounting to $7,924.25 for every fully completed month. • The duration of the Contract is up to 12 months, and the possibility of extension is subject to the availability of funds and continuing need and satisfactory performance. • The selected candidate will report to the Chief Digital Risk Officer and Senior Project manager. No FeeTHE UNITED NATIONS DOES NOT CHARGE A FEE AT ANY STAGE OF THE RECRUITMENT PROCESS (APPLICATION, INTERVIEW MEETING, PROCESSING, OR TRAINING). THE UNITED NATIONS DOES NOT CONCERN ITSELF WITH INFORMATION ON APPLICANTS’ BANK ACCOUNTS.