Senior Privacy Officer

Senior Privacy Officer

Applications are invited from suitably qualified professionals to resource the role of Senior Privacy Officer, Corporate Risk Managment Department.  Reporting to the Chief Risk Officer, Corporate Risk Management Department, the successful candidate will be responsible for:

1. Working with all departments and committees to ensure that BOJ implements and maintains appropriate privacy and consent mechanisms, information notices and other materials reflecting BOJ’s stance on data protection.
2. Networking and building relationships with data protection and information security officers outside the BOJ to gain insight into prevailing ‘good practice’.
3. Supporting the Chief Privacy Officer, in maintaining contact with the Office of the Information Commission and any other data protection authority.
4. Maintaining the record of all data processing activities across the Bank and conduct appropriate audit/reviews and report on compliance. 
5. Delivering training across all business units to staff members who are involved in data handling or processing.
6. Developing guidelines to support effective vetting and auditing of third-party vendors for compliance with the privacy policies and work closely with the Legal Department in monitoring the data protection impact of third party/business partner contracts;
7. Reviewing system-related information security plans to ensure alignment between security and data privacy practices.
8. Acting, as required, to address complaints concerning the organization’s privacy policies and procedures in coordination and collaboration with other similar functions and, when necessary, legal department.
9. Monitoring changes to local privacy laws and keep abreast of any regulatory or other changes relating to data protection that may affect the BOJ and as necessary:
   • • Inform management so that necessary action may be taken
     • Amend and/or implement new policies, procedures and processes.
     • Train staff
10. In consultant with key stakeholders, develop and maintain the Banks’s privacy policies and procedures.
11. Providing expert advice and education on important data compliance requirements and data subject access rights.
12. Supporting the development of strategic/operational plans for the collection, use and sharing of information and the implementation of tools and methodologies to ensure on-going compliance with applicable privacy obligations.
13. Working with business units across the Bank to ensure awareness of “best practices” on data privacy including developing data protection training materials and other communications to increase employee understanding of company privacy policies, data handling practices and procedures and legal obligations and promote a sound data privacy and protection culture within the Bank.
14. Preparing reports about the acceptability of data protection risks and in coordination with the organization’s other compliance and operational risk assessment functions, identifying mitigating safeguards against residual high risks and making recommendations for implementation by impacted business units.
15. Conducting Data Protection Impact Assessments (DPIA) on any high-risk processing projects and data processing activities that involve the processing of personal data. 

Qualifications and Experience

• A Bachelor of Laws or a Bachelor Degree in Information Security, Information Technology, Computer science or any other related field;
• Five years’ experience in data privacy, information security, legal, audit, risk management or privacy risk management function; and
• At least one data protection and/or privacy certification such as Certified Information Privacy Manager (CIPM) or Certified Information Privacy Professional (CIPP).

Key Functional and Behavioral Competencies

• Strong knowledge of local data privacy and data protection regulation, and a good understanding of other major privacy frameworks and evolving legislation worldwide.
• Sufficient knowledge of information technology and data management best practices.
• Familiarity with the IT infrastructure and cloud-based technologies used to store or personal data.
• Well-developed and professional interpersonal skills.
• Ability to interact effectively with people at all organisational levels.
• Ability to work unsupervised, exercise leadership, and influence change.
• Excellent writing and presentation skills.
• Strong project management skills, including the ability to manage time well, prioritize effectively, and handle multiple deadlines.
• Ability to handle confidential and sensitive information with the appropriate discretion.
• Keen eye for detail, with clarity in understanding of data protection requirements and ability to influence others to foster a culture of data protection;
• Ability to communicate effectively (both orally and written).

Interested persons who meet the above requirements should complete the application form with cover letter and full resume no later than  Tuesday, 29 August 2023.