- Ensure ongoing compliance with the organizations policies and procedures, legal,
regulatory, and contractual requirements - Ensures the ongoing integration of security and data protection with business
strategies and privacy requirements - Works closely with operational and support units for ongoing optimal application of
technology functionality to protect PHI, including the identity management program - Discover data sets and reviewing data sources to identify any gaps in coverage that
require additional data collection efforts - Responsible for implementing, managing, and enforcing information security
derivatives within regulatory mandates to protect PHI and PII
• Conducts privacy impact analysis to assess the probability of risks occurring and the
impact on the organization - Develop and implement data security policies to protect sensitive data from
unauthorized access or use - Establishing data standards for organization’s database environment, including
defining fields and creating rules for data entry and retrieval - Reviewing use of data by organization departments to ensure compliance with
privacy laws and regulations - Creating reports on data trends across departments within the organization to help
identify opportunities for improvement or changes in strategy - Collaborating with business managers to ensure that data quality is maintained over
time - Developing policies on acceptable methods for reporting results and presenting
findings to stakeholders - Working with IT staff to maintain databases by adding new data or updating existing
data sets - Identify critical privacy risks and recommend corrective steps to address the risks
- Evaluate the existing data protection framework to identify areas of no or partial
compliance and rectify any issues - Promote a culture of data protection and compliance across all units of the
organization - Implementing measures and a privacy governance framework to manage data use in
compliance with the local privacy laws including developing templates for data
collection, assisting with data mapping, and vendor management reviews - Working with key internal stakeholders in the review of projects and related data to
ensure compliance with local data privacy laws, and where necessary, complete and
advise on privacy impact assessments
Experience/Qualifications:
- Bachelor’s degree in computer science or Similar, plus substantial continued
education and training in the field - 15+ years of experience in data privacy, protection compliance or related field and
expertise in international and local cybersecurity laws and frameworks, data
protection and privacy laws, and practices - Must have knowledge of cloud environment preferably Azure
- Preferred to hold CIPP and CDPSE, or other equivalent certification
- Strong understanding of key Compliance, security and framework models and
standards such as ISO 2700X, 27701, 27018, NIST, CIS benchmarks etc. - Preferable have worked in Health Care Sector, Advanced Microsoft Office product
expertise. - Technical knowledge in any unified data governance solution preferably Microsoft
Purview - Technical knowledge and hands on experience in data protection, data privacy and
data discovery tools
