Data Privacy Risk Officer - STAAI PO

About The Position

Requirements

• Educational development, typically acquired through the completion of an advanced university degree in risk management, IT, or related field study; or a bachelor’s degree in risk management, IT, or related field study supplemented by a minimum of six years of relevant professional experience is required.
• Alternatively, a minimum of two years of experience in a related position at Grade A8, or equivalent, is required.
• Practical experience with ROPA management, privacy notices, and governance or compliance tools (e.g., GRC/eGRC platforms, OneTrust, etc.).
• Experience developing content for privacy training or awareness materials and supporting organizational change initiatives.
• Solid knowledge of privacy laws, regulations, and industry best practices, with the ability to apply them in the context of international organizations.
• Strong analytical and quantitative skills, including development and interpretation of metrics, dashboards, and analyses using Power BI, advanced Excel.
• Ability to synthesize complex and sensitive issues and produce clear, well‑structured written materials and presentations for management and governance audiences.
• Demonstrated ability to engage effectively with stakeholders at different levels across multidisciplinary teams and contribute to IMF‑wide initiatives.
• Highly detail‑oriented and organized, with the ability to exercise sound judgment, prioritize competing demands, and manage multiple tasks independently and under pressure.

Nice To Haves

• At least one professional certification in data privacy preferred (e.g., IAPP certifications such as CIPP/E, CIPM, CIPP/US, AIGP, or equivalent).

Responsibilities

• Develop, maintain and update the organization’s Records of Processing Activities (ROPAs), ensuring the organization’s ROPA library is accurate, complete, and aligned with applicable internal requirements.
• Manage the privacy notice lifecycle, including drafting, reviewing, updating, publishing, and archiving all privacy notices.
• Support operational processes related to data subject rights requests (e.g., access, correction), including intake tracking, coordination with stakeholders, and metrics.
• Respond to routine privacy related inquiries from staff and escalate issues as needed.
• Support privacy-related change management by developing, maintaining and delivering practical training, awareness, and outreach materials that promote privacy awareness and privacy by design across the organization.
• Measure the effectiveness of change management and training initiatives through defined metrics and feedback mechanisms.
• Manage and evolve the Data Privacy Champions Network, including onboarding, enablement, coordination, and ongoing engagement of privacy champions across the organization
• Maintain and administer the DPO’s privacy management platform (e.g., ROPA, risk assessments and registries, issues, and actions).
• Ensure data quality, appropriate user access, and effective reporting functionality.
• Develop and maintain privacy reports, dashboards, and metrics for management, governance bodies, and audit purposes, including tracking key indicators related to compliance, operational maturity, and training uptake.