ICT Data Privacy Expert

  • UEFA
  • Nyon, Switzerland
  • 09 Feb, 2024
Full time Communications & PR Computer Science Data Science Technology

Job Description

Job information

Division / Unit: Services / Information & Communication Technology
Contract type: Permanent
Start date: 01.04.2024 or as soon as possible
Location: Nyon

Key responsibilities

- Constantly reviewing the organisation’s record of processing activities (RoPA) using its data privacy management system and the associated trackers in place for suppliers;
- Owning the organisation’s data privacy management platform, including taking responsibility for the budget, the supplier, etc.;
- Assessing and investigating the organisation's data processing activities to identify any risks or gaps in compliance with data protection laws and regulations, as well as identifying systems, applications and business process owners;
- Working with the data privacy team to maintain and improve the organisation’s privacy programme across its entire life cycle, which includes:
Developing and reviewing policies and guidelines to ensure the organisation’s compliance with data protection laws and regulations;
Developing and delivering training sessions for employees on how to comply with data protection laws and regulations, particularly with regard to the handling and storage of personal data;
Developing and reviewing the incident management and response plan for handling any privacy incidents that may occur in the course of the organisation's operations;
Innovating and improving operational efficiency: streamlining compliance requests (e.g. requests to optimise data subjects);
- Partnering with all key business areas, in particular the ICT data architects and the IT security team, to ensure that data privacy issues are considered at the outset of all new projects, products and initiatives (i.e. privacy by design), in accordance with internal ICT processes;
- Contributing to and monitoring the implementation of appropriate technical and organisational security measures (TOMs);
- Monitoring existing ICT solutions and processes with regard to data privacy, proposing mitigations to the relevant service owners (both business and ICT) and advising on technological options available to assist stakeholders with data protection compliance;
- Establishing trusting relationships with service owners and being recognised as the go-to ICT person for data privacy matters;
- Handling enquiries and issues relating to data privacy practices, withdrawal of consent, the right to be forgotten and other rights of data subjects, in cooperation with the data privacy team;
- Staying informed and educating the management and staff on the importance of data privacy compliance to ensure accountability within the organisation;
- Managing consultants and temporary staff.


Experience required:
- From 4 to 6 years' experience in data protection compliance or a related field, in particular in data mapping and registration of processing activities
- From 4 to 6 years' experience in an IT role
- From 1 to 3 years' experience working with a data privacy management tool (e.g. OneTrust TM, TrustArc TM, Collibra TM)

- Masters in information technology
- CIPM and/or CIPT

- English / Advanced
- French / Intermediate

Additional requirements:
- OneTrust certification in data mapping or assessment automation modules would be an asset
- Expert knowledge of data privacy management tools (e.g. OneTrust)
- Advanced user of data catalogues and MDM tools
- Good knowledge of service life cycle management and methodologies (e.g. Agile, Waterfall, ITIL, SAFe
- Experience with governance risk compliance tools (e.g. OneTrust, ServiceNow)
- Detailed knowledge of the Swiss Federal Act on Data Protection (FADP), the EU ePrivacy Directive and the EU General Data Protection Regulation (GDPR)
- Experience working in a multi-cultural environment
- Ability to influence and work in a matrix organisation