Data Protection Officer (GMG/SEG 3)

JOB PURPOSE:

The incumbent is responsible for monitoring compliance and data practices to ensure the Ministry and its functionaries comply with the applicable legislative requirements under the Data Protection Act (2020) in the processing of the personal and sensitive data of its staff, third parties providers or any other individuals (referred to as data subjects). 

STRATEGIC OBJECTIVES OF THE DATA PROTECTION FUNCTION

• To improve the Ministry’s compliance ratings in relation to existing guidelines, legislations and internal controls; 
• To monitor the implementation by the Ministry on agreed recommendations arising from audit activities; 
• To ensure the Ministry meets its obligations under the Data Protection Act, 2020;
• To contribute to the achievement of the strategic objectives of the Ministry in respect to Data Protection 

KEY OUTPUTS

• External regulations (Data Protection Act) and internal controls adhered to 
• Data Protection framework and strategy developed and implemented 
• Data protection impact assessments conducted 
• Breaches identified and notifications prepared 
• Reports prepared and submitted 
• Continuous monitoring conducted 
• Adherence/compliance with standards monitored 
• Governance and accountability mechanisms evaluated and recommendations made
• Research and analysis conducted and findings documented 
• Continuous improvement strategies developed and implemented 
• Advice and recommendations provided 
• Sensitization sessions conducted. 

PERFORMANCE STANDARDS

• Personal data processed in compliance with established data protection standards;
• Data protection framework developed and implemented in accordance with established standards and guidelines; 
• Monitoring and Evaluation framework developed and implemented in accordance with established guidelines; 
• Technical reports, reviews and analyses completed within agreed timeframe; 
• Quality, soundness and timeliness of advice, reviews and reports containing findings, assessment and recommendations; 
• Breaches and infractions are detected and communicated to the Permanent Secretary within the agreed timeframe; 
• Sensitization sessions conducted in accordance with established guidelines and framework;
• Confidentiality, integrity and sensitivity are displayed in the execution of duties at all times.

JOB DUTIES & RESPONSIBILITIES

TECHNICAL/ PROFESSIONAL RESPONSIBILITIES: 

• Implement measures and a privacy governance framework to manage data use in compliance with the DPA, including developing templates for data collection, and assisting with data mapping.
• Ensures that the Ministry of National Security (MNS) processes personal data in compliance with the data protection standards and the Data Protection Act and good practice; 
• Consults with the Office of the Information Commissioner (OIC) to resolve any doubt about how the provisions of the Data Protection Act and any Regulations made thereunder are to be applied;
• Ensures that any contravention of the data protection standards or any provisions of the Data Protection Act by the MNS is dealt with in accordance with the provisions of the Data Protection Act;
• Notifies in writing, the Data Controller of any contravention of the data protection standards or any provisions of the Data Protection Act; 
• Reports any contravention by MNS of the data protection standards or any provisions of the Data Protection Act to the OIC, if the contravention is not rectified within reasonable time after the notification; 
• Assists data subjects in the exercise of their rights under the Data Protection Act, in relation to the MNS; 
• Develops internal policies and procedures related to the processing of personal data;
• Makes recommendations for the appropriate organisational and technical measures to ensure the security of personal data; 
• Serves as the primary contact for the OIC on issues relating to the processing of data, and to consult, where appropriate, with regard to any other matter; 
• Develops and implements Standard Operating Procedures (SOPs) for addressing all complaints pertaining to the Ministry’s privacy policies and procedures; 
• Provides advice/information to the Ministry and its employees on their obligations under the Data Protection Act and state data protection provisions; 
• Manages and conducts ongoing reviews of the Ministry’s Data Protection Framework;
• Disseminates current information on policies, procedures and legislation for the Ministry’s staff to be aware as well as to promote the quality culture; 
• Develops and implements approved certification mechanisms to exhibit compliance;
• Monitors and evaluates recommendations implemented for addressing weakness and deficiencies in relation to the processing of personal data; 
• Prepares reports and presentations on analysis and findings; 
• Conducts a data protection Impact Assessment in respect of all personal data in the custody or control of the Ministry; 
• Sensitizes staff on the components of the Data Protection Act, Regulations and policies;
• Collaborates with the Ministry’s ICT Services Branch in the maintenance of a data security incident management plan to ensure timely remediation of incidents including impact assessments, security breach response, complaints, claims or notifications and responding to subject access requests;
• Collaborates with the relevant officers from the Internal Audit Unit, Legal Services Unit and other key stakeholders to monitor, implement and analyse compliance programmes; 
• Monitors to ensure that the Ministry’s ICT systems and procedures conform with the relevant data privacy and protection law, regulation and policy; 
• Participates in the collection of data, analysis and reports on key performance measures;
• Provides responses to comments and queries from data subjects in relation to the processing of personal data; 
• Monitors changes to local privacy laws and makes recommendations where necessary.

MANAGEMENT RESPONSIBILITIES 

• Supports the development of the Strategic Business, Operational and Individual Work Plans, and Annual Budget to reflect the Branch’s strategic priority areas; 
• Participates in the preparation of the Quarterly and Annual Performance Reports;
• Serves as the Deputy Chair of the Data Privacy/ Information Governance Committee (Working Group); 
• Maintains effective working relations with external and internal clients. 

AUTHORITY

• Recommend security procedures and maintenance for Data Protection 
• Report breaches to the OIC 
• Develop and review data protection policies 
• Maintain risk and breach register 
• Take remedial action for breaches 
• Conduct training and sensitization relating to data protection 
• Data Protection Security Audits
• Take disciplinary action in accordance with the policies and procedures. 
• Recommends appropriate standards 
• Recommends improvements in corporate governance framework 
• Recommends changes to regulatory framework 
• Access to highly personal confidential and sensitive data/information 

MINIMUM REQUIRED QUALIFICATION AND EXPERIENCE

• Bachelors’ Degree in Computer Science, Law, Business Administration or equivalent qualification from a recognized tertiary institution 
• Certification in Data Protection and/or Privacy Certification such as CIPP, CIPT, ISEB.
• Exposure to legal training and ISO/IEC 27001, Information Security 
• Sound knowledge of the Data Protection Act and other applicable data protection policies.
• One (1) year related work experience 

SPECIFIC KNOWLEDGE SKILLS AND ABILITIES

• Sound knowledge of the data protection law and practices 
• Good knowledge of auditing techniques and practices 
• Good knowledge of risk management techniques and strategies 
• Good knowledge and understanding of GOJ policies and programmes and the machinery of government 
• Sound knowledge of applicable laws, policies, regulation and procedures 
• Good critical reasoning, quantitative and qualitative analysis skills 
• Knowledge of change management principles and practices 
• Strong environmental scanning, analysis and interpretive skills 
• Strong negotiating and persuasive presentation skills 
• Proficiency in the use of the relevant computer applications 

COMPETENCIES

• Leadership – Possess good leadership skills in achieving stated objectives 
• Planning and Organizing – Excellent planning and organization skills 
• Problem Solving & Analysis - Logical problem solving and analytical skills. 
• Communication - Possess excellent written and oral communication skills. 
• Initiative & Judgment - Ability to exercise initiative and sound judgment. 
• Integrity/Ethics - Possess and exercise high integrity and ethical standards.
• Interpersonal Skills/ Stakeholder Engagement skills – Coordinates with a diverse set of stakeholders while maintaining a level of independence 
• Innovation and creativity – Ability to come up with new ideas/new way of thinking
• Priority Management – ability to manage multiple projects at once 
• Teamwork - Be a team player. 

SPECIAL CONDITIONS ASSOCIATED WITH THE JOB

• Typical working condition; 
• Meeting critical deadlines for completion of tasks; 
• May be required to work beyond the normal working hours; 
• May be required to work on weekends and public holidays; 
• May be required to travel island-wide and overseas; 

Thank you for expressing an interest in joining the Ministry of National Security’s (MNS) team. Please note that while we appreciate all applications, only shortlisted candidates will be contacted. 

The Ministry wishes to assure applicants that your personal data will only be used for the purposes of recruitment and selection exercise related to career opportunities within the Ministry