Data Protection Officer

Organisation
Firearm Licensing Authority
Reference
VAC-63243
Contract Type
Full-Time
Industries
Information & Communication Technology
Location
Kingston
Salary & Benefits
$4,266,270 - $5,737,658 per annum
Date Posted
03/07/2026
Expiry Date
24/07/2026
The incumbent advises the Firearm Licensing Authority on data protection and privacy compliance, oversees regulatory obligations and impact assessments, and supports the implementation of privacy programs through expert legal and technical guidance.

 

JOB PURPOSE

Under the general direction of the Chief Executive Officer, the incumbent is required to:

  • Advise and provide guidance to the Firearm Licensing Authority (FLA) on a range of privacy, data protection and technology related regulatory and compliance matters.
  • Monitor internal compliance, inform and advise the FLA on data protection obligations, provide advice regarding Data Protection Impact Assessments (DPIAs) and act as a contact point for data subjects and the Office of the Information Commissioner.
  • Support the success of the FLA through assisting with the introduction and the implementation of its privacy programme. Both legal knowledge and technical fluency are highly desired as this role will work closely with staff across all areas of the portfolio.

 

KEY OUTPUTS

  • The FLA's Data Protection Policy and Guidelines are implemented and adhered to throughout the organisation.
  • Staff informed and educated on their data protection obligations and correct data use and compliance.
  • Data compliance audits conducted.
  • Mechanisms implemented to monitor FLA’s ongoing ability to remain data compliant.
  • Liaison between the FLA and Office of the Information Commissioner (OIC) maintained.
  • Records of data processing activities maintained.
  • Records are managed based on data protection standards.
  • Breaches of the Data Protection Act are addressed.
  • Queries handled.
  • Reports submitted.

 

KEY AREAS OF RESPONSIBILITY

  • Ensures that the FLA processes personal data in compliance with the data protection standards and in compliance with the Act and good practice.
  • Provides overall management for the research, development, and implementation of Data Protection policies and procedures for the Authority.
  • Research, designs, and implements Data Protection Governance Frameworks and strategies to manage the use of personal data in compliance with the requisite standards and guidelines
  • Consults with the OIC to resolve any doubt about how the provisions of the Act and any regulations made under it are to be applied.
  • Ensure that any contravention of the data protection standards or any provisions of the Act by the FLA is dealt with.
  • Co-ordinates the efforts of the FLA in the implementation of essential elements of the applicable data protection regulation, such as the principles of data processing, data subjects' rights, data protection by design and by default, records of processing activities, security of processing, and notification and communication of data breaches.
  • Manages systems that ensure appropriate assignment of responsibilities in relation to the management of data and information and the processing and protection of personal data.
  • Provides strategic legal and regulatory guidance to senior management, departments and regional offices on privacy and data protection issues, law and trends.
  • Performs or oversees initial and periodic privacy impact assessment, risk analyses, mitigation and remediation.
  • Ensures that data controllers and data subjects are informed about their data protection rights, obligations and responsibilities and raises awareness about them.
  • Oversee the maintenance of records required to demonstrate data protection compliance.
  • Supports a programme of awareness-raising and training to deliver compliance and to foster a data privacy culture.
  • Gives advice and recommendations to the FLA about the interpretation or application of the data protection rules.
  • Handles queries or complaints on request by the FLA, the data controller, other person(s), or on their own initiative.
  • Cooperates with the OIC (responding to requests about investigations, complaint handling, inspections conducted by the OIC, etc.).
  • Draws the organisation's attention to any failure to comply with the applicable data protection rules and Policy.
  • Supports the data incident response and data breach notification procedures.
  • Prepares and submits routine and special reports, as required.
  • Providesexpert advice and educates employees on important data compliance requirements.
  • Drafts new and amend existing internal data protection policies, guidelines, and procedures, in consultation with key stakeholders.
  • Delivers training across the Authority to staff members who are involved in data handling or processing.
  • Participates in meetings, seminars, workshops and conferences as required.
  • Performs any other related duties that may be assigned from time to time.

 

PERFORMANCE STANDARDS

  • Sound and timely advice provided.
  • Queries/information requests processed in agreed standards and timeframes.
  • Records of all data processing activities are maintained in accordance with established standards.
  • The extent to which confidentiality, integrity and sensitivity are displayed in the execution of duties.
  • The Authority's Data Protection Policy is implemented and adhered to throughout the organisation.
  • Guidelines and Policy for all members of staff are created and adhered to.
  • Staff are educated and informed of their data protection obligations and correct data use and compliance in the required timeline.
  • Legislative advice on all matters relating to the Data Protection and privacy provided is grounded in legal research and delivered in a timely manner.
  • Data compliance audits are conducted regularly to maximize data safety, ensure compliance, and address potential issues.
  • Mechanisms to ensure that the FLA remains data compliant are implemented monitored consistently.
  • The FLA's monitoring, evaluation and reporting framework is well supported.
  • Cabinet Submissions, policy recommendations and briefs or position papers on technical matters are appropriately prepared and submitted within the required timeframe;
  • Reports are comprehensive, accurate and submitted within the required timeframe.
  • Systems and standards are developed in a timely manner and adequate controls and tracking systems are in place to monitor their effectiveness;
  • Operational policies and procedures are documented, kept current and accessible to all who are required to be apprised;
  • Confidentiality, integrity, and professionalism displayed in the delivery of duties and interaction with staff.
  • Mutual respect is always displayed in the work environment.

 

REQUIRED COMPETENCIES

  • Oral communication
  • Written communication
  • Planning and Organizing Skills
  • Good Judgement and Decision-Making Skills
  • Customer and Quality-focused skills
  • Analytical and problem-solving skills
  • Compliance
  • Integrity
  • Adaptability
  • Initiative
  • Knowledge of modern business practices and office procedures
  • Understanding of research methods and techniques
  • Proficiency in the use of computer applications
  • Knowledge and understanding of the Data Protection Act
  • Experience in managing data incidences and breaches
  • Knowledge of cybersecurity risks and information security standards

Technical Competencies:

The successful candidate should be able to:

  • Manage the complete data lifecycle, including data provisioning, processing, storage, transmission, archival, and secure disposal.
  • Apply data governance, data quality, and data stewardship principles to ensure the integrity and reliability of organisational data.
  • Implement and manage data security controls, including encryption, authentication, and access management.
  • Monitor, identify, and respond to data security threats, vulnerabilities, and incidents throughout the data lifecycle.
  • Conduct IT security audits, risk assessments, and compliance reviews related to data protection and information security.
  • Utilise cyber security and digital forensics tools and techniques to support investigations and incident response.
  • Develop, implement, and maintain data management and information security policies, standards, and procedures in accordance with applicable laws, regulations, and industry best practices.
  • Analyse and interpret data using appropriate analytical, reporting, and compliance audit tools to support informed decision-making and regulatory compliance.
  • Demonstrate knowledge of relevant data protection, privacy, and information security legislation, standards, and regulatory frameworks.
  • Prepare technical reports, risk assessments, and compliance documentation with a high level of accuracy and professionalism.

Core Competencies:

The successful candidate should demonstrate the ability to:

  • Lead and conduct Privacy Impact Assessments (PIAs) to identify and address privacy risks associated with projects, systems, and business processes.
  • Develop, implement, and manage access control protocols to ensure appropriate access to information and systems.
  • Identify, assess, and mitigate privacy and data protection risks through effective risk management strategies and controls.
  • Collaborate effectively with senior IT and business leaders to embed privacy and data protection requirements into organisational initiatives and operations.
  • Provide expert guidance on the technical, legal, and regulatory requirements relating to data protection, privacy, and information security.
  • Interpret and apply relevant data protection legislation, regulations, standards, and best practices to support organisational compliance.
  • Develop and recommend practical privacy solutions that balance regulatory compliance with business objectives.
  • Prepare reports, recommendations, and compliance documentation to support decision-making and regulatory requirements.

 

MINIMUM REQUIRED QUALIFICATION AND EXPERIENCE

  • Bachelor of Law Degree Compliance, IT Security, Audit or similar background;
  • Minimum three (3) years' experience in law, audit and/or risk management, compliance, or equivalent experience.
  • Demonstrable experience, knowledge and/or in-depth understanding of data privacy legislation in particular General Data Protection Regulation (GDPR).
  • Experience or specialized training in records and information management systems.
  • At least one Data Protection and/or Privacy certification such as, CIPP, CIPT, ISEB, etc., (preferred).

 

ALL APPLICANTS WILL BE REQUIRED TO PASS A SECURITY BACKGROUND CHECK.

PLEASE NOTE THAT ONLY SHORTLISTED CANDIDATES WILL BE CONTACTED

  • Register and Apply
    Log In and Apply

    Please fill in the form, upload your CV to complete your application. You will also register during this process to enable you to log in track your application and setup Job Alerts.

    By submitting this form you agree to our terms of use
    Register & Apply

    You may also be interested in...

    Asst IT Officer - Cruise Ship
    Posted Today Posted by Princess Cruises
    The incumbent provides IT technical support, including system maintenance, security updates, hardware inventory management, and backup monitoring, to ensure optimal performance, security, and uptime across all company systems.
    Salary & Benefits: Town/City: Cruise Ship
    APM Crew Chief - Cruise Ship
    Posted Today Posted by Princess Cruises
    Our Automation Technicians or "Crew Chiefs" are natural, hands-on leaders who are able to motivate a team to excel in every facet of their role, able to build trust and have a highly organized and safety driven mindset.
    Salary & Benefits: Town/City: Cruise Ship
    Activity Staff - Cruise Ship
    Posted Today Posted by Princess Cruises
    The Activity Staff delivers engaging, personalized guest experiences by hosting events, promoting brands, and ensuring a safe, welcoming environment while maintaining equipment and supporting overall entertainment and service excellence goals.
    Salary & Benefits: Town/City: Cruise Ship
    Activity Manager - Cruise Ship
    Posted Today Posted by Princess Cruises
    The Activity Manager leads the entertainment team to deliver high-quality, safe guest experiences, overseeing program execution, operational efficiency, and regulatory compliance to ensure excellence across all onboard recreational areas.
    Salary & Benefits: Town/City: Cruise Ship
    Health Records Clerk (HTAC/HRT 1) - Black River Hospital - Black River
    The Health Records Clerk, under the supervision of the Health Records Administrator, is responsible for organizing, implementing, controlling, and maintaining the patient information system to provide optimum patient care.
    Salary & Benefits: $1,792,163 – $2,130,319 per annum Town/City: Black River