Senior IT Lawyer

Spektrum supports apex purchasers (NATO, UN, EU and National Government and Defence) and their Tier 1 supplier ecosystem with a wide range of specialist services. We provide our clients with professional services, specialised aerospace and defence sales, delivery, and operational subject matter expertise. We are looking for personnel to join our team and support key client projects.

Background:

eu-LISA is the European Union Agency for the Operational Management of Large-Scale IT Systems in the Area of Freedom, Security and Justice (eu-LISA) manages large-scale IT systems to support the implementation of asylum, border management and migration policies in the European Union (EU). The Agency is also a front-runner for the digitalisation efforts of the EU's Justice and Home Affairs domain, building a new information architecture and contributing to the development of a new security ecosystem. Since the Agency's beginnings in 2012, eu-LISA has become the digital engine of the Schengen Area. With its activities and tasks, the Agency adds value to the EU Member States by supporting their efforts towards justice, security and freedom.

Role Duties and Responsibilities

• Legal advice and legal assistance in any area associated with the procurement, provision, delivery, maintenance, or effective use of information systems and their environments and IPR

Tasks in more detail:

• Implementing personal data management aspects in a complex IT environment;
• Ensure privacy by design and by default solutions for the large scale IT systems;
• Assist and/or perform records, compliance checks, risk screening, threshold and data protection impact assessments (DPIA);
• Assist in developing and maintaining DPIA methodology;
• Assist in providing training on DPIA methodology;
• Assist in handling data breaches in particular within the large scale IT systems from detection, response and final report;
• Assist in drafting data protection policies and procedures;
• Identify gaps and contribute to the development of project plans to close the gaps and meet data protection requirements set forth by applicable regulation applicable to the large scale IT systems and data protection Regulation (EU) 2018/1725.

Essential Skills and Experience

• Minimum 9 years of experience in IT law.
• Knowledge and proven skills regarding contract management and large-scale IT system projects;
• Good knowledge in Data Protection matters, including Privacy by Design;
• Good knowledge in Intellectual Property Rights
• Proven experience of at least 8 years as a Data Protection Practitioner;
• Proven experience of at least 8 years in implementing personal data management aspects in a complex IT environment;
• 6 year proven experience in conducting comprehensive Data Protection Impact Assessments (DPIA) in line with Article 35 of the Regulation 2016/679 (GDPR) or Article 39 of the Regulation (EU) 2018/1725 (EU DPR) - as a separate document produced independently from other documentation such as Security Risk Assessments, risk screening or threshold assessments ;
• 6 year proven experience in implementing privacy enhancing technologies;
• 3 year proven experience in handling data breaches, in particular within the large scale IT systems, in compliance with the applicable data protection regulations including assessment and mitigation measures to reduce the impact on data subjects.

Education

• University degree in law
• Degree or equivalent experience demonstrating focus on privacy engineering is particularly applicable.

Certifications

• Specific certification on how to carry out Data Protection Impact Assessments (DPIAs) – including, at least, 40 hours course and exam – is an asset and considered an advantage.
• Basic Privacy/Data Protection certification such as Certified Information Privacy Professional/Manager (CIPP/E or CIPM), EIPA – Data Protection Certification, University of Maastricht - Data Protection Certification, Practitioner Certificate in Data Protection from PDP Training (UK) - including ‘Conducting Data Protection Impact Assessments’ in the certification programme, any other equivalent certification in data protection and/or conducting data protection impact assessments officially recognised by any EU/EEA National Data Protection Authorities.

Working Location

• Strasbourg, France

Working Policy

• On Site

Travel

• Some travel to other NATO sites may be required

Contract Duration

• Jan 2024 – Dec 2024

Security Clearance

• Valid EU Confidential clearance