Data Protection Officer (GMG/SEG 2)

We invite all suitably qualified candidates to apply for the post of Data Protection Officer (GMG/SEG2) Salary Range: $4,266,270- $5,737,658 per annum

Job Purpose

The incumbent under the general supervision of the Chief Executive Officer (CEO), the Data Protection Officer (DPO) is to advise about protection and provide guidance to the Jamaica Special Economic Zone Authority (JSEZA)on a range of privacy, data and technology related regulatory and compliance matters. The DPO will support the success of the Authority through assisting with the introduction and the implementation of its privacy programme. Both legal knowledge and technical fluency are highly desired as this role will work closely with staff across all areas of the portfolio.

Strategic Focus

• The primary objective of the Executive Office is to provide visionary leadership to enable the Authority to improve its operations, build on the organization’s standard for excellence and provide strategic direction while embracing opportunities for new initiatives to accomplish the Authority’s business goals and strategic objectives. The Executive Office has responsibility for the overall management and operation of all aspects of the Authority.
• To effectively manage the Unit
• To determine and provide resources needed for the establishment, implementation, maintenance, and continual improvement of the quality management system.

Qualifications & Experience

• Bachelor of Law Degree, Compliance, IT Security, Audit or similar background.
• Minimum three (2) years’ experience in law, audit and/or risk management, compliance or equivalent experience.
• Demonstrable experience, knowledge and/or in-depth understanding of data privacy legislation (GDPR).
• Experience or specialized training in records and information management systems.
• At least one Data Protection and/or Privacy certification such as CIPP, CIPT, ISEB, etc. (preferred).

Job Specific Skills

• ICT literacy and excellent knowledge of Microsoft Office suite especially Microsoft Project.
• Excellent Facilitation Skills
• Previous experience in event management would be an asset
• Excellent command of written and spoken English
• Knowledge of computer office applications.
• Training in negotiating skills

Job Duties & Responsibilities

• Ensures that the Authority processes personal data in compliance with the data protection standards and in compliance with the Act and good practice.
• Provides overall management for the research, development and implementation of Data Protection policies and procedures for the Authority.
• Researches, designs and implements Data Protection Governance Frameworks and strategies to manage the use of personal data in compliance with the requisite standards and guidelines. Including the use of data protection tools/systems such as data mapping software or breach notification platforms.
• Consults with the OIC to resolve any doubt about how the provisions of the Act and any regulations made under it are to be applied.
• Ensures that any contravention of the data protection standards or any provisions of the Act by the Authority is dealt with.
• Coordinates the efforts of the Authority in the implementation of essential elements of the applicable data protection regulation, such as the principles of data processing, data subjects’ rights, data protection by design and by default, records of processing activities, security of processing, and notification and communication of data breaches.
• Manages systems that ensure appropriate assignment of responsibilities in relation to the management of data and information and the processing and protection of personal data.
• Provides strategic legal and regulatory guidance to senior management and other divisions on privacy and data protection issues, laws and trends.
• Performs or oversees initial and periodic privacy impact assessment, risk analyses, mitigation and remediation.
• Ensures that data controllers and data subjects are informed about their data protection rights, obligations and responsibilities and raises awareness about them.
• Oversees the maintenance of records required to demonstrate data protection compliance.
• Supports a programme of awareness-raising and training to deliver compliance and to foster a data privacy culture.
• Gives advice and recommendations to the Authority about the interpretation of application of the data protection rules.
• Handles queries or complaints on request by the Authority, the data controller, or other person(s), or on their own initiative.
• Cooperates with the OIC (responding to requests about investigations, complaint handling, inspections conducted by the OIC, etc.).
• Draws the organization’s attention to any failure to comply with the applicable data protection rules and Policy.
• Supports the data incident response and data breach notification procedures.
• Prepares and submits routine and special reports, as required.
• Provides expert advice and educates employees on important compliance requirements.
• Drafts new and amends existing internal data protection policies, guidelines, and procedures, in consultation with key stakeholders.
• Delivers training across all Divisions and Units to staff members who are involved in data handling or processing.
• Participates in meetings, seminars, workshops and conferences as required
• Performs any other related duties that may be assigned from time to time.

Control of Documented Information

• Maintain documented information required by the International Standard to support the Authority’s Quality Management System.
• Ensure documented information are available and suitable for use and is adequately protected.
• Committing to continual improvement and updating of the Quality Management Systems Policy
• Communicates the Quality Management Systems Policy and ensuring it is maintained as documented information, understood and applied within the Authority, whilst enabling its availability to relevant interested parties, as deemed appropriate.
• Ensuring the promotion of customer focus throughout the organization aligned with the Authority’s Quality Management Systems Policy.

Applications accompanied by résumés should be submitted no later than Friday, 13th June 2025 to:

Director Human Resource Development and Management

Special Economic Zone Authority

13 Waterloo Road

Kingston 10

Please note that only shortlisted applicants will be contacted.