• Ensure implementation of internal documentation, policies, guidelines and instructions into function
• Conduct training and create awareness to help functions understand how to handle data and apply policies
• Assist in negotiations of Data Processing Agreements and be responsible for identifying high risk data processors in need of more in-depth due diligence procedure
• Develop and manage structures and processes to assist peers within the Privacy team.
• Support the Data Protection Officer in the development and implementation of the Data Protection strategy and objectives for the organization
• Monitor, report and where appropriate investigate data protection incidents
• Flag any complex privacy-related queries
• Work across the business to ensure compliance with Data Protection guidelines and legislation
• Lead a systematic cross-business functional analysis to determine a file system structure
• Identified file systems are to have the appropriate data protection governance and regular reviews
• Develop and monitor and report on meaningful data protection Key Performance Indicators

Skills: Data Protection Compliance, Policy Implementation, Training Development, Risk Assessment, Data Agreements, Incident Monitoring, Cross-Functional Collaboration, Performance Indicators

• Develop the IFCO Group's data protection organisation, processes and systems, with a focus on Europe and, in the medium term, on the whole world
• Support the organisation in creating and updating the register of processing activities
• Support the implementation of data protection impact assessments (PIA, Art. 35 GDPR)
• Check and monitor the data processing procedures within the framework of audits
• Identify the data protection risk
• Responsible for the prevention, detection, response, monitoring and notification of data protection breaches
• Develop the data protection know-how in the organisation
• Introduce concepts for department-specific training and raise awareness of data protection regulations in the departments
• Lead creation and coordination of communication plans for impactful changes to Data Protection technologies/processes or services with business and technology partners
• Create custom training classes/materials in support of Data Protection technologies/processes or services.
• Lead, design, develop and govern HNB enterprise wide policies, standards and procedures for Data Protection technology/services.

Skills: Data Protection Organization, Register Support, Impact Assessments, Audit Monitoring, Risk Identification, Breach Response, Training Development, Policy Governance

• Serve as a point of contact within the business on all matters of data privacy and compliance with the GDPR, and global data privacy regulations.
• Supports the creation and revision of data protection policies, SOPs, and guidelines in all ProPharma Group’s sites for adherence to current applicable data protection laws
• Responsible for reviewing and advising on DP related agreements and contracts created and/or managed by the Legal Department, to ensure adherence to current applicable data protection laws
• Responsible for conducting Data Protection Impact Assessments (DPIAs) on all applicable changes identified.
• Supports the delivery of all training to employees across the business on Data Protection requirements.
• Build and maintain effective relationships with key stakeholders, particularly with those in the Legal, IT, HR, Quality and Client Services Departments. 
• Act as a point of contact for inquiries from internal key stakeholders providing them with appropriate guidance and advice
• Liaising with ProPharma Group’s Legal Team and external lawyers 
• Ensure that the Company’s IT systems and procedures comply with all relevant data privacy and protection law, regulations, and policies (including in relation to the retention and destruction of data).
• Act as a point of contact and SME for inquiries from external clients and sub-contractors on DP, discussing compliance with clients and their legal representation
• Responsible for maintaining an awareness of all applicable data protection legislation for key markets globally, including but not limited to GDPR and HIPAA.

Skills: Data Privacy Compliance, Policy Development, Agreement Review, Impact Assessments, Employee Training, Stakeholder Engagement, IT Compliance, Legislative Awareness

• Responsible for the implementation of data protection related regulatory requirements including but not limited to PIPL, Cyber Security Law and Data Security law
• Responsible for steering all data protection or related queries and requirements, including liaison with Group Data Protection Officer and Information Security Officer, external counsel
• Negotiate contracts with potential third-party certification agency and/or suppliers
• Review, draft and update appropriate external and customer documentation, agreements and contracts, within the terms of all in-scope group policies and internal local policies
• Responsible for managing and executing effective data protection and information security policies and periodically reviewing and updating data compliance policies
• Ensure that any legislative changes to data protection are communicated to the relevant audience.
• Leads and/or supports the investigation of any DP related deviations, including data leaks or data breaches, providing advice to internal stakeholders on responses to clients or employees.
• Responsible for responses to any Data Subject Access Requests (DSARs).
• Working with designated privacy law attorneys where necessary to help advise on local data privacy law issues.
• Reviewing, advising, and monitoring complex contracts and obligations
• Develop policies on data protection and procedures
• Respond to queries on data protection organisation wide

Skills: Regulatory Implementation, Data Protection Liaison, Contract Negotiation, Documentation Review, Policy Management, Legislative Communication, Investigation Support, Data Access Requests

• Identifying, prioritizing and protecting sensitive or high value business assets
• Collaborating with product teams (e.g., engineering, security, operations) to define compliance needs and roadmaps in a multi-product environment
• Managing privacy and security governance policy framework 
• Supporting a continuous improvement culture through establishing, monitoring, and reporting on policy governance metric targets
• Providing policy liaison support, including communication and interpretation of policy requirements
• Preparing product teams for independent third-party assessments against regulatory and compliance frameworks
• Partnering with external auditors to conduct compliance risk assessments
• Providing continuous compliance monitoring and reporting of controls and defining metrics to track compliance adherence
• Conducting security risk assessments and supporting formulation of corrective action plans.
• Communicating in an organized and knowledgeable manner in written and verbal formats, e.g. delivering clear requests for information and communicating potential conflicts
• Creating high-quality deliverables using appropriate business and technical language
• Collaborating with business and product teams, identifying and addressing business needs through building relationships, understanding the products and delivering clear requests for information and proposed solutions.

Skills: Asset Protection, Compliance Collaboration, Policy Management, Continuous Improvement, Policy Liaison, Risk Assessments, Compliance Monitoring, Effective Communication

• Working in privacy, regulatory compliance, ethics & compliance, internal audit, risk management, or similar field.
• Expertise and/or working knowledge of a specific regulatory area (e.g. privacy, ESG, anti-corruption, ethics, anti-money laundering, etc.).
• Experience in program, project, and/or product management at consulting firms or tech, media or entertainment companies.
• Strong knowledge of project planning and management methods and tools, including scoping, contracting, budgeting, staffing, etc.
• Professional certification such as CCEP, CIPM, CIPP, CIA, PMP or CAMS.
• Ability to maintain discretion and confidentiality, while staying focused in a pressured environment, working independently and within a team
• Ability to prioritise and coordinate workloads, to meet deadlines
• Receptive to feedback and demonstrates flexibility, curiosity, and an ability to learn
• Self-starter and prefer to work through ambiguous problems with an end goal in mind, using initiative to get there. 
  

Qualifications: BA in Legal Studies with 6 years of Experience

• IAPP or other officially recognized privacy certification.
• Experience designing and running international data protection programs.
• Detailed working knowledge of data protection requirements.
• Deep understanding of systems, data and processes.
• Capable and enthusiastic about developing, leading and promoting a culture of data privacy
• A proven ability to influence senior decision makers
• Ability to communicate effectively with data subjects, data protection authorities and other controllers and processors across national boundaries and cultures.
• Excellent organisational and administrative experience. 
  

Qualifications: BA in Public Policy with 3 years of Experience

• Experience in a regulatory compliance, risk compliance or legal advice role
• Experience in successful development, implementation and continuous improvement of risk management strategies, policies and frameworks across an organisation.
• Excellent communication skills and strong attention to detail.
• Self-starter attitude with a strong eagerness to drive the group's data protection agenda.
• Results oriented, proactive, responsible, pragmatic person with a passion for privacy and interest in technology
• Experience in privacy, security, or compliance disciplines
• Familiarity with control frameworks and regulatory/compliance requirements such as ISO27001, HIPAA, FISMA/FedRamp, EU Data Protection Directive, etc.
• Understanding of enterprise compliance governance and oversight processes (information security standards, laws and regulations, privacy and security, risk management, control protocols, methodologies, and practices)
• Ability to tailor communications based on audience
• Strong project management abilities, driving projects and deliverables, and measuring results

Qualifications: BA in Communication Studies with 5 years of Experience

• Working knowledge of global data protection legislation and privacy.
• Professional qualifications in information security or cyber security risk management and/or information security auditing, such as the CISSP, CAP or CDPSE from ISC2 or CISA from ISACA certification bodies.
• Deep understanding of information technologies and data privacy and security, particularly in relation to healthcare and life sciences industries.
• Familiarity with OneTrust Privacy Management Software 
• Experience with documenting, analyzing and improving business processes.
• Ability to build strong relationships with influencing skills to get things accomplished
• Ability to work with a range of business stakeholders to understand their business goals, their needs and ensure their activities are in line with policies and standards.
• Excellent project management skills and ability to drive actions to conclusion
• Ability to exercise excellent judgment and discretion in carrying out activities
• Excellent written and oral communication skills with a strong ability to manage internal and external stakeholder relationships.
• Attention to detail, accuracy, and strong organizational skills.

Qualifications: BA in Business Administration with 4 years of Experience

• Knowledge of basic information security standards, principles and practices
• Ability to assess risk and translate it to business relevant considerations and facts
• Ability to learn and apply new concepts quickly
• Proven analytical and problem solving ability
• Must be trustworthy in keeping sensitive data confidential
• Ability to learn and apply new concepts quickly
• Capacity to juggle multiple tasks in a fast-paced environment.
• Ability to work collaboratively with team members across multiple cultures across the world and maintain a positive working environment.
• Ability to work independently and autonomously as well as in cross-functional groups.
• Proven experience and knowledge of data protection compliance.
• Expert knowledge of the GDPR, Data Protection Act 2018, PECR and relevant legislation, regulation and guidance including that of the ICO.
• Experience working within the charitable or third sector 
• Experience in engaging with regulators or government bodies

Qualifications: BS in Information Technology with 3 years of Experience