Data Protection Officer

The Data Protection Officer is responsible for the organization's Data Protection and Privacy Program including but not limited to daily operations of the program, development, implementation, and maintenance of policies and procedures, monitoring operational compliance, investigation, and tracking of incidents and breaches.

Responsibilities:

• Builds a strategic and comprehensive privacy program that defines, develops, maintains, and implements policies and processes that enable consistent, effective privacy practices which minimize risk and ensure the confidentiality of protected customer information, paper and/or electronic, across all media types. Ensures privacy forms, policies, standards, and procedures are up-to-date.
• Works with organization senior management, security, and corporate compliance officers to establish governance for the privacy program.
• Serves in a leadership role for privacy compliance
• Collaborate with the information security officer to ensure alignment between security and privacy compliance programs including policies, practices, and investigations, and act as a liaison to the information systems department.
• Establishes, with the information security officer, an ongoing process to track, investigate and report inappropriate access and disclosure of protected customer information. Monitor patterns of inappropriate access and/or disclosure of protected customer information.
• Performs or oversees initial and periodic information privacy risk assessment/analysis, mitigation, and remediation.
• Conducts related ongoing compliance monitoring activities in coordination with the organization's other compliance and operational assessment functions.
• Takes a lead role, to ensure the organization has and maintains appropriate privacy and confidentiality consent, authorization forms, and information notices and materials reflecting current organization and legal practices and requirements.
• Oversees develops and delivers initial and ongoing privacy training to the workforce.
• Participates in the development, implementation, and ongoing compliance monitoring of all business associates and business associate agreements, to ensure all privacy concerns, requirements, and responsibilities are addressed.
• Manages all required breach determination and notification processes under HIPAA and applicable State breach rules and requirements.
• Establishes and administers a process for investigating and acting on privacy and security complaints
• Performs required breach risk assessment, documentation, and mitigation. Works with Human Resources to ensure consistent application of sanctions for privacy violations
• Initiates, facilitates and promotes activities to foster information privacy awareness within the organization and related entities.
• Maintains current knowledge of applicable federal and state privacy laws and accreditation standards.
• Works with organization administration, legal counsel, and other related parties to represent the organization's information privacy interests with external parties (state or local government bodies) who undertake to adopt or amend privacy legislation, regulation, or standard.
• Serves as an information privacy resource to the organization regarding the release of information and to all departments for all privacy-related issues.

Qualifications:

• Baccalaureate degree in information management
• Knowledge and experience in state and federal information privacy laws, including but not limited to HIPAA, GDPR, California Consumer Privacy Act
• Demonstrated organization, facilitation, written and oral communication, and presentation skills.

Additional Requirements:

• Demonstrated skills in collaboration, teamwork, and problem-solving to achieve goals
• Demonstrated skills in verbal communication and listening
• Demonstrated skills in providing excellent service to customers
• Excellent writing skills
• A high level of integrity and trust
• Extensive familiarity with relevant legislation and standards for the protection of customer information and customer privacy
• Operational, and or financial skills.

Philippines specific requirements:

You shall, among others:

• Monitor the PIC’s or PIP’s compliance with the DPA, its IRR, issuances by the NPC, and other applicable laws and policies. You may:
• Collect information to identify the processing operations, activities, measures, projects, programs, or systems of the PIC or PIP, and maintain a record thereof;
• Analyze and check the compliance of processing activities, including the issuance of security clearances to and compliance by third-party service providers;
• Inform, advise, and issue recommendations to the PIC or PIP; ascertain renewal of accreditations or certifications necessary to maintain the required standards in personal data processing; and advise the PIP or PIP as regards the necessity of executing a Data Sharing Agreement with third parties, and ensure its compliance with the law;
• Ensure the conduct of Privacy Impact Assessments relative to activities, measures, projects, programs, or systems of the PIC or PIP; advise the PIC or PIP regarding complaints and/or the exercise by data subjects of their rights (e.g., requests for information, clarifications, rectification or deletion of personal data);
• Ensure proper data breach and security incident management by the PIC or PIP, including the latter’s preparation and submission to the NPC of reports and other documentation concerning security incidents or data breaches within the prescribed period;
• Inform and cultivate awareness on privacy and data protection within your organization, including all relevant laws, rules and regulations, and issuances of the NPC;
• Advocate for the development, review, and/or revision of policies, guidelines, projects, and/or programs of the PIC or PIP relating to privacy and data protection, by adopting a privacy by design approach;
• Serve as the contact person of the PIC or PIP vis-à-vis data subjects, the NPC, and other authorities in all matters concerning data privacy or security issues or concerns and the PIC or PIP;
• Cooperate, coordinate and seek the advice of the NPC regarding matters concerning data privacy and security; and
• Perform other duties and tasks that may be assigned by the PIC or PIP that will further the interest of data privacy and security and uphold the rights of the data subjects.
• Except for items (a) to (c), a COP shall perform all other functions of a DPO. Where appropriate, he or she shall also assist the supervising DPO in the performance of the latter’s functions.
• You must have due regard for the risks associated with the processing operations of the PIC or PIP, considering the nature, scope, context, and purposes of the processing. Accordingly, he or she must prioritize his or her activities and focus his or her efforts on issues that present higher data protection risks.

The position we are offering is a full-time, onsite role located at the Business Center, 18 Philexcel, Clark Freeport Zone, Pampanga.