- Ensure ongoing compliance with the organizations policies and procedures, legal,
regulatory, and contractual requirements - Ensures the ongoing integration of security and data protection with business
strategies and privacy requirements - Works closely with operational and support units for ongoing optimal application
of technology functionality to protect PHI, including the identity management
program - Discover data sets and reviewing data sources to identify any gaps in coverage that
require additional data collection efforts - Responsible for implementing, managing, and enforcing information security
derivatives within regulatory mandates to protect PHI and PII - Conducts privacy impact analysis to assess the probability of risks occurring and
the impact on the organization - Developing and implementing data security policies to protect sensitive data from
unauthorized access or use - Establishing data standards for organization’s database environment, including
defining fields and creating rules for data entry and retrieval - Reviewing use of data by organization departments to ensure compliance with
privacy laws and regulations. - Creating reports on data trends across departments within the organization to
help identify opportunities for improvement or changes in strategy - Collaborating with business managers to ensure that data quality is maintained
over time - Manage policies on acceptable methods for reporting results and presenting
findings to stakeholders - Working with IT staff to maintain databases by adding new data or updating
existing data sets - Manage a database management plan for large scale data analysis projects
- Performs related duties as assigned by supervisor
- Monitor and ensure DLP compliance and follow-up with the stakeholders
- Identify critical privacy risks and recommend corrective steps to address the risks
- Provide expert advice and educate employees on important data compliance
requirements - Evaluate the existing data protection framework to identify areas of no or partial
compliance and rectify any issues - Devise training plans and provide data protection advice to staff members
- Inform and advise the data controller or data processor on all matters related to
data protection - Promote a culture of data protection and compliance across all units of the
organization - Implementing measures and a privacy governance framework to manage data use
in compliance with the local privacy laws including developing templates for data
collection, assisting with data mapping, and vendor management reviews - Working with key internal stakeholders in the review of projects and related data
to ensure compliance with local data privacy laws, and where necessary, complete
and advise on privacy impact assessments - Managing and conducting ongoing reviews of organizations privacy governance
framework - Monitoring changes to local privacy laws and making recommendations to the
Data Privacy / Information Governance program - Developing and delivering privacy training to various business functions
- Conduct data privacy audits
- Collaborating with the Information Security function(s) to raise employee
awareness of data privacy and security issues and providing training on the subject
matter
Experience/Qualifications:
- Bachelor’s degree in computer science or Similar, plus substantial continued
education and training in the field - 8-12 years of experience in data privacy, protection compliance or related field and
expertise in international and local cybersecurity laws and frameworks, data
protection and privacy laws, and practices - Must have knowledge of cloud environment preferably Azure
- Preferred to hold CIPP and CDPSE, or other equivalent certification
- Strong understanding of key Compliance, security and framework models and
standards such as ISO 2700X, 27701, 27018, NIST, CIS benchmarks etc. - Preferable have worked in Health Care Sector, Advanced Microsoft Office product
expertise. - Technical knowledge in any unified data governance solution preferably Microsoft
Purview - Technical knowledge and hands on experience in data protection, data privacy and
data discovery tools
