Data Protection Officer (GMG/SEG 2)

JOB PURPOSE

Under the general direction of the Regional Director the incumbent will be responsible for monitoring the Western Regional Health Authority’s (WRHA) data practices, ensuring that all functions carried out by the organization are in accordance with the provisions of the Data Protection Act (2020). Additionally, the Data Protection Officer will serve as a primary point of contact for supervisory authorities such as the Office of the Information Commissioner (OIC) and individuals whose data is processed by the organization. 

CORE RESPONSIBILITIES:

• Designs and implements a comprehensive Data Privacy Governance Framework and strategies to effectively manage the use of personal data in accordance with the provisions of the Data Protection Act 
• Establishes and maintains appropriate systems and internal control mechanisms that align with the prescribed standards of the Data Protection Act 
• Ensures that the WRHA and its operational processes pertaining to data processing adhere to the established data protection standards and regulations 
• Implements strategies to enhance operational processes and ensures processes are in compliance with regulatory requirements and good practice 
• Designs and implements Data Protection policies and procedures within the WRHA 
• Assists data subjects in the exercise of their rights under the Data Protection Act, in relation to the WRHA 
• Assists WRHA with the development of internal policies and procedures related to the processing of personal data 
• Makes recommendations for the appropriate organizational and technical measures to ensure the security of personal data 
• Reviews and updates the Data Protection Plan regularly to ensure it aligns with any changes in laws, regulations and policies 
• Maintains a robust system to address and respond to queries and complaints 
• Sensitizes and trains staff on the components of relevant Acts, Regulations and Policies related to data 
• Informs data controllers and data subjects about their rights, obligations and responsibilities regarding data protection 
• Provides advice and recommendations to staff and the Regional Director regarding the interpretation and application of data protection rules 
• Collaborates with the Information and Communication Technology (ICT) Unit to ensure compliance with the Data Protection Act in the WRHA’s ICT System 
• Collaborates with the Information and Communication Technology (ICT) Unit to manage data security incidents and ensures timely resolution of issues such as security breaches, complaints or subject access requests 
• Provides legislative advice and guidance to the Regional Director regarding any gaps identified from the outcome of the Data Protection and Privacy Impact Assessment 
• Liaises with the Office of the Information Commissioner (OIC) to address data protection matters and clarifies or resolves any doubts regarding the application of the act’s provisions 
• Collaborates with the Enterprise Risk Management Unit, Internal Audit Division, Legal Services Division and other key stakeholders to monitor, implement and analyze compliance programmes 
• Prepares and submits routine and special reports, as required 
• Attends and participates in meetings, seminars, workshops and conferences, as required
• Performs any other related duties that may be assigned periodically 

REQUIRED COMPETENCIES:

• Data Protection Law & Practices 
• Auditing Techniques and Practices 
• Risk Management Techniques and Strategies 
• GoJ policies, programmes and the machinery of Government 
• Research and data analysis techniques 
• Knowledge of Health Systems 
• Legislation relating to Health Service and the operations of the RHA 
• Excellent written and oral communication skills 
• Knowledge of Project Management 
• Knowledge of Change Management 
• Excellent skills in teamwork and cooperation 
• Excellent integrity/ethics exercised in the performance of duties 
• Excellent use of Information, Communication and Technology (ICT) 

QUALIFICATION & EXPERIENCE:

• Undergraduate Degree in Information Security, Law, Computer Science, Information Technology, Data Privacy, or a related field 

PLUS 

• At least one (1) International Association of Privacy Professionals (IAPP Certifications):
  • Certified Information Privacy Professional (CIPP) 
  • Certified Information Privacy Manager (CIPM) 
  • Certified Information Privacy Technologist (CIPT) 

OR 

• At least one (1) ISACA certification in governance and risk management:
  • Certified in Risk and Information Systems Control (CRISC) 
  • Certified in Governance of Enterprise IT (CGEIT 
  • Certified Information Security Manager (CISM) 
• A minimum of two (2) years of working experience in a related capacity 

ONLY SHORTLISTED APPLICANTS WILL BE CONTACTED