Group Legal Counsel, Corporate Secretary & Data Protection Officer

The Group Legal Counsel, Corporate Secretary & Data Protection Officer (DPO) is a senior executive role responsible for providing comprehensive legal advisory services, corporate governance oversight, and institution-wide leadership for data protection and privacy compliance.

The University of the Commonwealth Caribbean invites applications from suitably qualified and experienced persons to fill the position of: 

Group Legal Counsel, Corporate Secretary & Data Protection Officer

JOB SUMMARY:

The Group Legal Counsel, Corporate Secretary & Data Protection Officer (DPO) is a senior executive role responsible for providing comprehensive legal advisory services, corporate governance oversight, and institution-wide leadership for data protection and privacy compliance across the UCC Group and its subsidiaries.

The incumbent ensures full compliance with all applicable laws and regulations, including but not limited to the Data Protection Act, Cyber Crime Act, corporate, commercial, employment, and regulatory requirements. The role safeguards the legal, reputational, and data integrity interests of the University while supporting strategic decision-making, operational efficiency, and institutional accountability.

KEY RESPONSIBILITIES AND ACCOUNTABILITIES:

A. LEGAL ADVISORY & REPRESENTATION

Provide a full range of legal support and advisory services to the UCC Group and its subsidiaries. Initiate, manage, and oversee legal proceedings, including preparation of pleadings, briefs, submissions, and defenses. Prepare and review contracts, MOUs, notices, memoranda, circulars, correspondence, and legal instruments. Review procurement, maintenance, partnership, grant, and international collaboration contracts for compliance with University and Government of Jamaica requirements. Provide ongoing advice on statutory and regulatory compliance affecting institutional operations. Conduct legal research and advise executive leadership on legal risk, policy implications, and regulatory developments. Support dispute resolution, negotiations, and settlements where required. See addendum with Terms of Reference pg4

B. CORPORATE GOVERNANCE & SECRETARIAT FUNCTIONS

Serve as Corporate Secretary to the UCC Group and its subsidiaries. Ensure compliance with corporate governance frameworks, statutory filings, and board requirements. Prepare, review, and maintain official governance documents, including minutes of Council, Board, and Committee meetings. Support policy development, review, and amendment across the institution. Ensure institutional records and official documents are compliant, complete, and properly archived.

C. DATA PROTECTION & PRIVACY OVERSIGHT (DATA PROTECTION OFFICER FUNCTIONS)

Act as the designated Data Protection Officer for the UCC Group. Ensure institutional compliance with the Data Protection Act, Cyber Crime Act, and all applicable data privacy regulations and standards. Maintain the University’s Data Protection Governance Framework, policies, and action plans with periodic reviews in accordance with the UCC strategic objectives and with legal requirements. Advise the Group Executive Chairman, President, executive leadership and management team on data protection obligations, risks, and compliance strategies. Serve as the primary liaison with the Office of the Information Commissioner and other regulatory authorities. Conduct and oversee Data Protection Impact Assessments (DPIAs) for new projects, systems, and initiatives. Monitor and manage day-to-day data protection compliance across all campuses and departments. Investigate and manage data breaches, incidents, and remediation actions. Create a committee and collaborate with Human Resource, IT, Registry, Marketing & Communications, and other departments on secure data handling practices to enforce standards for document production, archiving, and digitization, including governance and academic records schedules in accordance with legal and regulatory requirements.

D. TRAINING, AWARENESS & MONITORING

Design and deliver data protection, privacy, and legal compliance training for staff, students, and stakeholders as necessary. Promote a culture of compliance, accountability, and ethical data handling across the institution. Conduct periodic legal and data privacy audits and compliance reviews. Prepare reports and provide updates to executive leadership and governing bodies on legal and data protection matters.

QUALIFICATIONS & EXPERIENCE

• Bachelor of Laws (LL.B.) and Certificate of Legal Education (CLE).
• Master’s degree in law, Information Security, Compliance, Audit, or related field is an asset. 
• Minimum of five (5) years’ experience as a practicing attorney in corporate, commercial, Business/Contract and Tort, Conveyancing Law and regulatory law.
• Minimum of three (3) years’ experience in data protection, compliance, records management, or information governance.
• Data Protection or Privacy certification (e.g., CIPP, CIPM, CIPT) is highly desirable.

CORE COMPETENCIES

• High ethical standards, integrity, and professional judgment.
• Strong knowledge of corporate governance, regulatory compliance, and data protection law.
• Excellent analytical, research, negotiation, and problem-solving skills.
• Good knowledge of commercial, business and contract law principles, and commercial practices. 
• Working experience in conveyancing law and practice. 
• Knowledge of civil and criminal law procedures. 
• Strong judgment, negotiating, and problem-solving skills 
• Keen appreciation for corporate management, investment, regulatory and development processes. 
• Excellent legal research and analytical skills. 
• Exceptional oral and written communications skills. 
• The ability to work effectively with, and command the confidence and respect of, internal and external stakeholders. 
• Exceptional written and oral communication skills.
• Ability to manage sensitive and confidential information.
• Strong organizational, leadership, and stakeholder management capabilities.

Only shortlisted candidates will be contacted.